# Flog Txt Version 1 # Analyzer Version: 4.6.0 # Analyzer Build Date: Jul 8 2022 06:26:21 # Log Creation Date: 05.08.2022 19:57:54.548 Process: id = "1" image_name = "3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe" page_root = "0x27c7f000" os_pid = "0x1120" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x7b4" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fa87" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 117 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 118 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 119 start_va = 0x50000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 120 start_va = 0x150000 end_va = 0x153fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 121 start_va = 0x160000 end_va = 0x161fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 122 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 123 start_va = 0x400000 end_va = 0x433fff monitored = 1 entry_point = 0x41e792 region_type = mapped_file name = "3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe") Region: id = 124 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 125 start_va = 0x7ff5fffd0000 end_va = 0x7ff5ffff2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffd0000" filename = "" Region: id = 126 start_va = 0x7ffa16770000 end_va = 0x7ffa16930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 265 start_va = 0x440000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 266 start_va = 0x7ff9ffb00000 end_va = 0x7ff9ffb67fff monitored = 1 entry_point = 0x7ff9ffb04970 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll") Region: id = 267 start_va = 0x7ffa15160000 end_va = 0x7ffa1520cfff monitored = 0 entry_point = 0x7ffa151781a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 268 start_va = 0x7ffa13130000 end_va = 0x7ffa13317fff monitored = 0 entry_point = 0x7ffa1315ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 269 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 270 start_va = 0x7ff5ffed0000 end_va = 0x7ff5fffcffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5ffed0000" filename = "" Region: id = 271 start_va = 0x440000 end_va = 0x4fdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 272 start_va = 0x580000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 273 start_va = 0x680000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 274 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 275 start_va = 0x7ffa11580000 end_va = 0x7ffa115f8fff monitored = 0 entry_point = 0x7ffa1159fb90 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 276 start_va = 0x7ff5ffe50000 end_va = 0x7ff5ffecdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Region: id = 277 start_va = 0x7ffa15090000 end_va = 0x7ffa15136fff monitored = 0 entry_point = 0x7ffa150a58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 278 start_va = 0x7ffa13cc0000 end_va = 0x7ffa13d5cfff monitored = 0 entry_point = 0x7ffa13cc78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 279 start_va = 0x680000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 280 start_va = 0x810000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 281 start_va = 0x7ffa14070000 end_va = 0x7ffa140cafff monitored = 0 entry_point = 0x7ffa140838b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 282 start_va = 0x170000 end_va = 0x176fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 283 start_va = 0x7ffa145c0000 end_va = 0x7ffa146dbfff monitored = 0 entry_point = 0x7ffa146002b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 284 start_va = 0x820000 end_va = 0x9bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 285 start_va = 0x180000 end_va = 0x186fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 286 start_va = 0x7ff9ffa60000 end_va = 0x7ff9ffafcfff monitored = 1 entry_point = 0x7ff9ffa61010 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll") Region: id = 287 start_va = 0x7ffa14ba0000 end_va = 0x7ffa14bf1fff monitored = 0 entry_point = 0x7ffa14baf530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 288 start_va = 0x7ffa14340000 end_va = 0x7ffa145bcfff monitored = 0 entry_point = 0x7ffa14414970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 289 start_va = 0x7ffa13320000 end_va = 0x7ffa13389fff monitored = 0 entry_point = 0x7ffa13356d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 290 start_va = 0x7ffa13ee0000 end_va = 0x7ffa14065fff monitored = 0 entry_point = 0x7ffa13f2ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 291 start_va = 0x7ffa13d80000 end_va = 0x7ffa13ed5fff monitored = 0 entry_point = 0x7ffa13d8a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 292 start_va = 0x190000 end_va = 0x1c8fff monitored = 0 entry_point = 0x1912f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 293 start_va = 0x820000 end_va = 0x9a7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000820000" filename = "" Region: id = 294 start_va = 0x9b0000 end_va = 0x9bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009b0000" filename = "" Region: id = 295 start_va = 0x7ffa141e0000 end_va = 0x7ffa1421afff monitored = 0 entry_point = 0x7ffa141e12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 296 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 297 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 298 start_va = 0x9c0000 end_va = 0xb40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009c0000" filename = "" Region: id = 299 start_va = 0xb50000 end_va = 0x1f4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b50000" filename = "" Region: id = 300 start_va = 0x1b0000 end_va = 0x1ddfff monitored = 1 entry_point = 0x1ce792 region_type = mapped_file name = "3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe") Region: id = 301 start_va = 0x7ffa12e10000 end_va = 0x7ffa12e1efff monitored = 0 entry_point = 0x7ffa12e13210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 302 start_va = 0x7ffa114c0000 end_va = 0x7ffa114c9fff monitored = 0 entry_point = 0x7ffa114c1350 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 303 start_va = 0x1f50000 end_va = 0x213ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f50000" filename = "" Region: id = 304 start_va = 0x7ff9fabb0000 end_va = 0x7ff9fb54ffff monitored = 1 entry_point = 0x7ff9faff1c20 region_type = mapped_file name = "mscorwks.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorwks.dll") Region: id = 305 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 306 start_va = 0x63f80000 end_va = 0x64048fff monitored = 0 entry_point = 0x63f82df0 region_type = mapped_file name = "msvcr80.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9193_none_88e4514b2faac6c7\\msvcr80.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9193_none_88e4514b2faac6c7\\msvcr80.dll") Region: id = 307 start_va = 0x1f50000 end_va = 0x20bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f50000" filename = "" Region: id = 308 start_va = 0x2130000 end_va = 0x213ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002130000" filename = "" Region: id = 309 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 310 start_va = 0x1d0000 end_va = 0x1d2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 311 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 312 start_va = 0x500000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 313 start_va = 0x7ff99b450000 end_va = 0x7ff99b45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b450000" filename = "" Region: id = 314 start_va = 0x7ff99b460000 end_va = 0x7ff99b46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b460000" filename = "" Region: id = 315 start_va = 0x7ff99b470000 end_va = 0x7ff99b50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b470000" filename = "" Region: id = 316 start_va = 0x7ff99b510000 end_va = 0x7ff99b51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b510000" filename = "" Region: id = 317 start_va = 0x7ff99b520000 end_va = 0x7ff99b58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b520000" filename = "" Region: id = 318 start_va = 0x1f50000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f50000" filename = "" Region: id = 319 start_va = 0x20b0000 end_va = 0x20bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020b0000" filename = "" Region: id = 320 start_va = 0x7ffa15210000 end_va = 0x7ffa1676efff monitored = 0 entry_point = 0x7ffa153711f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 321 start_va = 0x7ffa13390000 end_va = 0x7ffa133d2fff monitored = 0 entry_point = 0x7ffa133a4b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 322 start_va = 0x7ffa13520000 end_va = 0x7ffa13b63fff monitored = 0 entry_point = 0x7ffa136e64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 323 start_va = 0x7ffa12e80000 end_va = 0x7ffa12f34fff monitored = 0 entry_point = 0x7ffa12ec22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 324 start_va = 0x7ffa12dc0000 end_va = 0x7ffa12e0afff monitored = 0 entry_point = 0x7ffa12dc35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 325 start_va = 0x7ffa12d90000 end_va = 0x7ffa12da3fff monitored = 0 entry_point = 0x7ffa12d952e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 326 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 327 start_va = 0x2140000 end_va = 0x2476fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 328 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 329 start_va = 0x2480000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002480000" filename = "" Region: id = 330 start_va = 0x1a480000 end_va = 0x1ab4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a480000" filename = "" Region: id = 331 start_va = 0x1ab50000 end_va = 0x1ac57fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ab50000" filename = "" Region: id = 332 start_va = 0x1ac60000 end_va = 0x1ad5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ac60000" filename = "" Region: id = 333 start_va = 0x7ff9f9cd0000 end_va = 0x7ff9fabadfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\mscorlib\\00976757a0c560c95932437bdc9d474f\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\mscorlib\\00976757a0c560c95932437bdc9d474f\\mscorlib.ni.dll") Region: id = 334 start_va = 0x7ffa13b70000 end_va = 0x7ffa13cb2fff monitored = 0 entry_point = 0x7ffa13b98210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 335 start_va = 0x1ad60000 end_va = 0x1ae1ffff monitored = 0 entry_point = 0x1ad80da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 336 start_va = 0x1ad60000 end_va = 0x1ae3cfff monitored = 0 entry_point = 0x1adbe0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 337 start_va = 0x7ffa11710000 end_va = 0x7ffa117a5fff monitored = 0 entry_point = 0x7ffa11735570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 338 start_va = 0x1ad60000 end_va = 0x1aeaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad60000" filename = "" Region: id = 339 start_va = 0x7ff5ffe40000 end_va = 0x7ff5ffecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff5ffe40000" filename = "" Region: id = 340 start_va = 0x7ff5ffe30000 end_va = 0x7ff5ffe3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff5ffe30000" filename = "" Region: id = 341 start_va = 0x520000 end_va = 0x522fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "l_intl.nls" filename = "\\Windows\\System32\\l_intl.nls" (normalized: "c:\\windows\\system32\\l_intl.nls") Region: id = 342 start_va = 0x7ff99b590000 end_va = 0x7ff99b59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b590000" filename = "" Region: id = 343 start_va = 0x530000 end_va = 0x55dfff monitored = 1 entry_point = 0x54e792 region_type = mapped_file name = "3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe") Region: id = 344 start_va = 0x1aeb0000 end_va = 0x1b37dfff monitored = 0 entry_point = 0x1b32c76e region_type = mapped_file name = "system.windows.forms.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.windows.forms\\2.0.0.0__b77a5c561934e089\\system.windows.forms.dll") Region: id = 345 start_va = 0x7ff99b5a0000 end_va = 0x7ff99b60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b5a0000" filename = "" Region: id = 346 start_va = 0x7ff99b610000 end_va = 0x7ff99b61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b610000" filename = "" Region: id = 347 start_va = 0x7ff99b620000 end_va = 0x7ff99b62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b620000" filename = "" Region: id = 348 start_va = 0x7afd0000 end_va = 0x7b49dfff monitored = 0 entry_point = 0x7b44c76e region_type = mapped_file name = "system.windows.forms.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.windows.forms\\2.0.0.0__b77a5c561934e089\\system.windows.forms.dll") Region: id = 349 start_va = 0x7ff9f92a0000 end_va = 0x7ff9f9ccffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System\\21161602d61e696b127fa8412fba51a5\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system\\21161602d61e696b127fa8412fba51a5\\system.ni.dll") Region: id = 350 start_va = 0x1ad60000 end_va = 0x1adfbfff monitored = 0 entry_point = 0x1ade921e region_type = mapped_file name = "system.drawing.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Drawing\\2.0.0.0__b03f5f7f11d50a3a\\System.Drawing.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.drawing\\2.0.0.0__b03f5f7f11d50a3a\\system.drawing.dll") Region: id = 351 start_va = 0x1aea0000 end_va = 0x1aeaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001aea0000" filename = "" Region: id = 352 start_va = 0x7ff99b630000 end_va = 0x7ff99b64ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b630000" filename = "" Region: id = 353 start_va = 0x7ade0000 end_va = 0x7ae7bfff monitored = 0 entry_point = 0x7ae6921e region_type = mapped_file name = "system.drawing.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Drawing\\2.0.0.0__b03f5f7f11d50a3a\\System.Drawing.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.drawing\\2.0.0.0__b03f5f7f11d50a3a\\system.drawing.dll") Region: id = 354 start_va = 0x7ff99b650000 end_va = 0x7ff99b65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b650000" filename = "" Region: id = 355 start_va = 0x7ff99b660000 end_va = 0x7ff99b66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b660000" filename = "" Region: id = 356 start_va = 0x1b380000 end_va = 0x1b47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b380000" filename = "" Region: id = 357 start_va = 0x7ff9fbaa0000 end_va = 0x7ff9fbc22fff monitored = 1 entry_point = 0x7ff9fbb85f10 region_type = mapped_file name = "mscorjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorjit.dll") Region: id = 358 start_va = 0x530000 end_va = 0x530fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 359 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 360 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 361 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 362 start_va = 0x7ff99b670000 end_va = 0x7ff99b6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b670000" filename = "" Region: id = 363 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 364 start_va = 0x1b480000 end_va = 0x1b525fff monitored = 0 entry_point = 0x1b50e14e region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.visualbasic\\8.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 365 start_va = 0x7ff99b6b0000 end_va = 0x7ff99b6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b6b0000" filename = "" Region: id = 366 start_va = 0x5e430000 end_va = 0x5e4d5fff monitored = 0 entry_point = 0x5e4be14e region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.visualbasic\\8.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 367 start_va = 0x7ff99b6c0000 end_va = 0x7ff99b6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b6c0000" filename = "" Region: id = 368 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 369 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 370 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 371 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 372 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 373 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 374 start_va = 0x7d0000 end_va = 0x7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 375 start_va = 0x7e0000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 376 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 377 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 378 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 379 start_va = 0x2060000 end_va = 0x206ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 380 start_va = 0x2070000 end_va = 0x207ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 381 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 382 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 383 start_va = 0x7ff99b6d0000 end_va = 0x7ff99b6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b6d0000" filename = "" Region: id = 384 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 385 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 386 start_va = 0x7d0000 end_va = 0x7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 387 start_va = 0x7e0000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 388 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 389 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 390 start_va = 0x2060000 end_va = 0x206ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 391 start_va = 0x2070000 end_va = 0x207ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 392 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 393 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 394 start_va = 0x20a0000 end_va = 0x20affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020a0000" filename = "" Region: id = 395 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 396 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 397 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 398 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 399 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 400 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 401 start_va = 0x7d0000 end_va = 0x7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 402 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 403 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 404 start_va = 0x7d0000 end_va = 0x7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 405 start_va = 0x7e0000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 406 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 407 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 408 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 409 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 410 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 411 start_va = 0x7e0000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 412 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 413 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 414 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 415 start_va = 0x7e0000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 416 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 417 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 418 start_va = 0x7ff99b6e0000 end_va = 0x7ff99b6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b6e0000" filename = "" Region: id = 419 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 420 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 421 start_va = 0x7e0000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 422 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 423 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 424 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 425 start_va = 0x2060000 end_va = 0x206ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 426 start_va = 0x2070000 end_va = 0x207ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 427 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 428 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 429 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 430 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 431 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 432 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 433 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 434 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 435 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 436 start_va = 0x7d0000 end_va = 0x7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 437 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 438 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 439 start_va = 0x7d0000 end_va = 0x7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 440 start_va = 0x7e0000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 441 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 442 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 443 start_va = 0x2060000 end_va = 0x206ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 444 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 445 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 446 start_va = 0x7d0000 end_va = 0x7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 447 start_va = 0x7e0000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 448 start_va = 0x7d0000 end_va = 0x7e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007d0000" filename = "" Region: id = 449 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 450 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 451 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 452 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 453 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 454 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 455 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 456 start_va = 0x2060000 end_va = 0x206ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 457 start_va = 0x2070000 end_va = 0x207ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 458 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 459 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 460 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 461 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 462 start_va = 0x2060000 end_va = 0x206ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 463 start_va = 0x2070000 end_va = 0x207ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 464 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 465 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 466 start_va = 0x20a0000 end_va = 0x20affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020a0000" filename = "" Region: id = 467 start_va = 0x20c0000 end_va = 0x20cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020c0000" filename = "" Region: id = 468 start_va = 0x20d0000 end_va = 0x20dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020d0000" filename = "" Region: id = 469 start_va = 0x20e0000 end_va = 0x20effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020e0000" filename = "" Region: id = 470 start_va = 0x20f0000 end_va = 0x20fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020f0000" filename = "" Region: id = 471 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 472 start_va = 0x2110000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 473 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 474 start_va = 0x1ae00000 end_va = 0x1ae0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae00000" filename = "" Region: id = 475 start_va = 0x7ffa10610000 end_va = 0x7ffa10631fff monitored = 0 entry_point = 0x7ffa10611a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 476 start_va = 0x540000 end_va = 0x547fff monitored = 0 entry_point = 0x543fae region_type = mapped_file name = "accessibility.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Accessibility\\2.0.0.0__b03f5f7f11d50a3a\\Accessibility.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\accessibility\\2.0.0.0__b03f5f7f11d50a3a\\accessibility.dll") Region: id = 477 start_va = 0x7ff99b6f0000 end_va = 0x7ff99b6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b6f0000" filename = "" Region: id = 478 start_va = 0x60000000 end_va = 0x60007fff monitored = 0 entry_point = 0x60003fae region_type = mapped_file name = "accessibility.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Accessibility\\2.0.0.0__b03f5f7f11d50a3a\\Accessibility.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\accessibility\\2.0.0.0__b03f5f7f11d50a3a\\accessibility.dll") Region: id = 479 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 480 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 481 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 482 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 483 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 484 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 485 start_va = 0x2060000 end_va = 0x206ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 486 start_va = 0x790000 end_va = 0x790fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000790000" filename = "" Region: id = 487 start_va = 0x790000 end_va = 0x791fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000790000" filename = "" Region: id = 488 start_va = 0x7ff99b700000 end_va = 0x7ff99b70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b700000" filename = "" Region: id = 489 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 490 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 491 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 492 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 493 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 494 start_va = 0x2060000 end_va = 0x206ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 495 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 496 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 497 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 498 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 499 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 500 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 501 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 502 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 503 start_va = 0x2060000 end_va = 0x206ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 504 start_va = 0x2070000 end_va = 0x207ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 505 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 506 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 507 start_va = 0x7ffa14a40000 end_va = 0x7ffa14b99fff monitored = 0 entry_point = 0x7ffa14a838e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 508 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 509 start_va = 0x550000 end_va = 0x550fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 510 start_va = 0x1b530000 end_va = 0x1b5ebfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001b530000" filename = "" Region: id = 511 start_va = 0x550000 end_va = 0x553fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 512 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 513 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 514 start_va = 0x2060000 end_va = 0x206ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 515 start_va = 0x2070000 end_va = 0x207ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 516 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 517 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 518 start_va = 0x20a0000 end_va = 0x20affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020a0000" filename = "" Region: id = 519 start_va = 0x570000 end_va = 0x576fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 520 start_va = 0x7f0000 end_va = 0x7f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 521 start_va = 0x2060000 end_va = 0x2060fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002060000" filename = "" Region: id = 522 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 523 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 524 start_va = 0x20a0000 end_va = 0x20affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020a0000" filename = "" Region: id = 525 start_va = 0x20c0000 end_va = 0x20cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020c0000" filename = "" Region: id = 526 start_va = 0x20d0000 end_va = 0x20dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020d0000" filename = "" Region: id = 527 start_va = 0x20e0000 end_va = 0x20effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020e0000" filename = "" Region: id = 528 start_va = 0x20f0000 end_va = 0x20fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020f0000" filename = "" Region: id = 529 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 530 start_va = 0x2110000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 531 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 532 start_va = 0x1ae00000 end_va = 0x1ae0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae00000" filename = "" Region: id = 533 start_va = 0x800000 end_va = 0x804fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 534 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 535 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 536 start_va = 0x20a0000 end_va = 0x20affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020a0000" filename = "" Region: id = 537 start_va = 0x20c0000 end_va = 0x20cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020c0000" filename = "" Region: id = 538 start_va = 0x20d0000 end_va = 0x20dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020d0000" filename = "" Region: id = 539 start_va = 0x20e0000 end_va = 0x20effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020e0000" filename = "" Region: id = 540 start_va = 0x560000 end_va = 0x564fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 541 start_va = 0x7ff99b710000 end_va = 0x7ff99b71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b710000" filename = "" Region: id = 542 start_va = 0x7ff99b720000 end_va = 0x7ff99b72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b720000" filename = "" Region: id = 543 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 544 start_va = 0x20c0000 end_va = 0x20cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020c0000" filename = "" Region: id = 545 start_va = 0x7ff99b730000 end_va = 0x7ff99b73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b730000" filename = "" Region: id = 546 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 547 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 548 start_va = 0x20d0000 end_va = 0x20dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020d0000" filename = "" Region: id = 549 start_va = 0x20e0000 end_va = 0x20effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020e0000" filename = "" Region: id = 550 start_va = 0x20f0000 end_va = 0x20fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020f0000" filename = "" Region: id = 551 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 552 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 553 start_va = 0x20c0000 end_va = 0x20cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020c0000" filename = "" Region: id = 554 start_va = 0x20d0000 end_va = 0x20dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020d0000" filename = "" Region: id = 555 start_va = 0x20e0000 end_va = 0x20effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020e0000" filename = "" Region: id = 556 start_va = 0x20f0000 end_va = 0x20fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020f0000" filename = "" Region: id = 557 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 558 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 559 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 560 start_va = 0x7ff99b740000 end_va = 0x7ff99b74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b740000" filename = "" Region: id = 561 start_va = 0x7ffa12710000 end_va = 0x7ffa12726fff monitored = 0 entry_point = 0x7ffa127179d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 562 start_va = 0x7ffa123a0000 end_va = 0x7ffa123d3fff monitored = 0 entry_point = 0x7ffa123bae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 563 start_va = 0x7ffa12c20000 end_va = 0x7ffa12c48fff monitored = 0 entry_point = 0x7ffa12c34530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 564 start_va = 0x7ffa12830000 end_va = 0x7ffa1283afff monitored = 0 entry_point = 0x7ffa128319a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 565 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 566 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 567 start_va = 0x20a0000 end_va = 0x20affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020a0000" filename = "" Region: id = 568 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 569 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 570 start_va = 0x20a0000 end_va = 0x20affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020a0000" filename = "" Region: id = 571 start_va = 0x20d0000 end_va = 0x20dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020d0000" filename = "" Region: id = 572 start_va = 0x20e0000 end_va = 0x20effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020e0000" filename = "" Region: id = 573 start_va = 0x20f0000 end_va = 0x20fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020f0000" filename = "" Region: id = 574 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 575 start_va = 0x2110000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 576 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 577 start_va = 0x1ae00000 end_va = 0x1ae0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae00000" filename = "" Region: id = 578 start_va = 0x1ae10000 end_va = 0x1ae1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae10000" filename = "" Region: id = 579 start_va = 0x1ae20000 end_va = 0x1ae2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae20000" filename = "" Region: id = 580 start_va = 0x1ae30000 end_va = 0x1ae3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae30000" filename = "" Region: id = 581 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 582 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 583 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 584 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 585 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 586 start_va = 0x20a0000 end_va = 0x20affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020a0000" filename = "" Region: id = 587 start_va = 0x20d0000 end_va = 0x20dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020d0000" filename = "" Region: id = 588 start_va = 0x20e0000 end_va = 0x20effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020e0000" filename = "" Region: id = 589 start_va = 0x20f0000 end_va = 0x20fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020f0000" filename = "" Region: id = 590 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 591 start_va = 0x2110000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 592 start_va = 0x1ae00000 end_va = 0x1ae0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae00000" filename = "" Region: id = 593 start_va = 0x1ae10000 end_va = 0x1ae1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae10000" filename = "" Region: id = 594 start_va = 0x1ae20000 end_va = 0x1ae2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae20000" filename = "" Region: id = 595 start_va = 0x1ae30000 end_va = 0x1ae3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae30000" filename = "" Region: id = 596 start_va = 0x1ae40000 end_va = 0x1ae4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae40000" filename = "" Region: id = 597 start_va = 0x1ae50000 end_va = 0x1ae5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae50000" filename = "" Region: id = 598 start_va = 0x1ae60000 end_va = 0x1ae6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae60000" filename = "" Region: id = 599 start_va = 0x1ae70000 end_va = 0x1ae7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae70000" filename = "" Region: id = 600 start_va = 0x1ae80000 end_va = 0x1ae8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae80000" filename = "" Region: id = 601 start_va = 0x1ae90000 end_va = 0x1ae9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae90000" filename = "" Region: id = 602 start_va = 0x1b5f0000 end_va = 0x1b5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b5f0000" filename = "" Region: id = 603 start_va = 0x1b600000 end_va = 0x1b60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b600000" filename = "" Region: id = 604 start_va = 0x2070000 end_va = 0x207ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 605 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 606 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 607 start_va = 0x20a0000 end_va = 0x20affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020a0000" filename = "" Region: id = 608 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 609 start_va = 0x1b5f0000 end_va = 0x1b6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b5f0000" filename = "" Region: id = 610 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 611 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 612 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 613 start_va = 0x20a0000 end_va = 0x20affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020a0000" filename = "" Region: id = 614 start_va = 0x20d0000 end_va = 0x20dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020d0000" filename = "" Region: id = 615 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 616 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 617 start_va = 0x20a0000 end_va = 0x20affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020a0000" filename = "" Region: id = 618 start_va = 0x20d0000 end_va = 0x20dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020d0000" filename = "" Region: id = 619 start_va = 0x20e0000 end_va = 0x20effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020e0000" filename = "" Region: id = 620 start_va = 0x20f0000 end_va = 0x20fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020f0000" filename = "" Region: id = 621 start_va = 0x7ffa0ba30000 end_va = 0x7ffa0ba36fff monitored = 0 entry_point = 0x7ffa0ba312f0 region_type = mapped_file name = "shfolder.dll" filename = "\\Windows\\System32\\shfolder.dll" (normalized: "c:\\windows\\system32\\shfolder.dll") Region: id = 622 start_va = 0x2070000 end_va = 0x207ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 623 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 624 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 625 start_va = 0x7ffa12280000 end_va = 0x7ffa122b0fff monitored = 0 entry_point = 0x7ffa12287d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 626 start_va = 0x7ffa012c0000 end_va = 0x7ffa0135bfff monitored = 0 entry_point = 0x7ffa013196a0 region_type = mapped_file name = "efswrt.dll" filename = "\\Windows\\System32\\efswrt.dll" (normalized: "c:\\windows\\system32\\efswrt.dll") Region: id = 627 start_va = 0x7ffa147c0000 end_va = 0x7ffa14880fff monitored = 0 entry_point = 0x7ffa147e0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 628 start_va = 0x7ffa0eb30000 end_va = 0x7ffa0ec65fff monitored = 0 entry_point = 0x7ffa0eb5f350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 629 start_va = 0x7ffa07530000 end_va = 0x7ffa0757ffff monitored = 0 entry_point = 0x7ffa07532580 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\System32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll") Region: id = 630 start_va = 0x780000 end_va = 0x784fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sorttbls.nlp" filename = "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp" (normalized: "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp") Region: id = 631 start_va = 0x20c0000 end_va = 0x2100fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortkey.nlp" filename = "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp" (normalized: "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp") Region: id = 632 start_va = 0x7ff9ff990000 end_va = 0x7ff9ffa55fff monitored = 1 entry_point = 0x7ff9ff9b4570 region_type = mapped_file name = "diasymreader.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\diasymreader.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\diasymreader.dll") Region: id = 633 start_va = 0x20a0000 end_va = 0x20a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020a0000" filename = "" Region: id = 634 start_va = 0x1b6f0000 end_va = 0x1b7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b6f0000" filename = "" Region: id = 635 start_va = 0x2110000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 636 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 637 start_va = 0x1ae00000 end_va = 0x1ae0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae00000" filename = "" Region: id = 638 start_va = 0x1ae10000 end_va = 0x1ae1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae10000" filename = "" Region: id = 639 start_va = 0x1ae20000 end_va = 0x1ae2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae20000" filename = "" Region: id = 640 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 641 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 642 start_va = 0x1ae00000 end_va = 0x1ae0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae00000" filename = "" Region: id = 643 start_va = 0x1ae10000 end_va = 0x1ae1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae10000" filename = "" Region: id = 644 start_va = 0x1ae20000 end_va = 0x1ae2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae20000" filename = "" Region: id = 645 start_va = 0x7ffa0b990000 end_va = 0x7ffa0b999fff monitored = 1 entry_point = 0x7ffa0b994710 region_type = mapped_file name = "culture.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Culture.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\culture.dll") Region: id = 646 start_va = 0x7a0000 end_va = 0x7a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Region: id = 647 start_va = 0x1ae00000 end_va = 0x1ae53fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorrc.dll") Region: id = 648 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 649 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 650 start_va = 0x1ae60000 end_va = 0x1ae64fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001ae60000" filename = "" Region: id = 651 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 652 start_va = 0x1b7f0000 end_va = 0x1b8effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b7f0000" filename = "" Region: id = 653 start_va = 0x1b8f0000 end_va = 0x1b9effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8f0000" filename = "" Region: id = 654 start_va = 0x7ff99b750000 end_va = 0x7ff99b75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b750000" filename = "" Region: id = 655 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 656 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 657 start_va = 0x1ae70000 end_va = 0x1ae7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae70000" filename = "" Region: id = 658 start_va = 0x1ae80000 end_va = 0x1ae8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae80000" filename = "" Region: id = 659 start_va = 0x1ae90000 end_va = 0x1ae9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae90000" filename = "" Region: id = 660 start_va = 0x1b9f0000 end_va = 0x1b9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9f0000" filename = "" Region: id = 661 start_va = 0x1ba00000 end_va = 0x1ba0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ba00000" filename = "" Region: id = 662 start_va = 0x1ae70000 end_va = 0x1ae83fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001ae70000" filename = "" Region: id = 663 start_va = 0x1b9f0000 end_va = 0x1bacffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 664 start_va = 0x7ffa12a10000 end_va = 0x7ffa12a3cfff monitored = 0 entry_point = 0x7ffa12a29d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 665 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 666 start_va = 0x2070000 end_va = 0x2072fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002070000" filename = "" Region: id = 667 start_va = 0x7ff99b760000 end_va = 0x7ff99b76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b760000" filename = "" Region: id = 668 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 669 start_va = 0x1ae90000 end_va = 0x1ae9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae90000" filename = "" Region: id = 670 start_va = 0x1bad0000 end_va = 0x1badffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bad0000" filename = "" Region: id = 671 start_va = 0x1bae0000 end_va = 0x1baeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bae0000" filename = "" Region: id = 672 start_va = 0x1baf0000 end_va = 0x1bafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001baf0000" filename = "" Region: id = 673 start_va = 0x1bb00000 end_va = 0x1bb0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb00000" filename = "" Region: id = 674 start_va = 0x1bb10000 end_va = 0x1bb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb10000" filename = "" Region: id = 675 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 676 start_va = 0x1ae90000 end_va = 0x1ae9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae90000" filename = "" Region: id = 677 start_va = 0x1bad0000 end_va = 0x1badffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bad0000" filename = "" Region: id = 678 start_va = 0x1bae0000 end_va = 0x1baeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bae0000" filename = "" Region: id = 679 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 680 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 681 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 682 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 683 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 684 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 685 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 686 start_va = 0x7ff99b770000 end_va = 0x7ff99b77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b770000" filename = "" Region: id = 687 start_va = 0x1bad0000 end_va = 0x1bbcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bad0000" filename = "" Region: id = 688 start_va = 0x2110000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 689 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 690 start_va = 0x1ae90000 end_va = 0x1ae9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae90000" filename = "" Region: id = 691 start_va = 0x1bbd0000 end_va = 0x1bc3bfff monitored = 0 entry_point = 0x1bc2cd0e region_type = mapped_file name = "system.configuration.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.configuration.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.configuration\\2.0.0.0__b03f5f7f11d50a3a\\system.configuration.dll") Region: id = 692 start_va = 0x64890000 end_va = 0x648fbfff monitored = 0 entry_point = 0x648ecd0e region_type = mapped_file name = "system.configuration.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.configuration.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.configuration\\2.0.0.0__b03f5f7f11d50a3a\\system.configuration.dll") Region: id = 693 start_va = 0x7ff99b780000 end_va = 0x7ff99b78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b780000" filename = "" Region: id = 694 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 695 start_va = 0x1ae90000 end_va = 0x1ae9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae90000" filename = "" Region: id = 696 start_va = 0x1bc40000 end_va = 0x1bc4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc40000" filename = "" Region: id = 697 start_va = 0x1bc50000 end_va = 0x1bc5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc50000" filename = "" Region: id = 698 start_va = 0x1bc60000 end_va = 0x1bc6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc60000" filename = "" Region: id = 699 start_va = 0x1bc70000 end_va = 0x1bc7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc70000" filename = "" Region: id = 700 start_va = 0x1bc80000 end_va = 0x1bc8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc80000" filename = "" Region: id = 701 start_va = 0x1bc90000 end_va = 0x1bc9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc90000" filename = "" Region: id = 702 start_va = 0x1bca0000 end_va = 0x1bcaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bca0000" filename = "" Region: id = 703 start_va = 0x1bcb0000 end_va = 0x1bcbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bcb0000" filename = "" Region: id = 704 start_va = 0x1bcc0000 end_va = 0x1bccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bcc0000" filename = "" Region: id = 705 start_va = 0x1bcd0000 end_va = 0x1bcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bcd0000" filename = "" Region: id = 706 start_va = 0x1bce0000 end_va = 0x1bceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bce0000" filename = "" Region: id = 707 start_va = 0x1bcf0000 end_va = 0x1bcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bcf0000" filename = "" Region: id = 708 start_va = 0x1bd00000 end_va = 0x1bd0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd00000" filename = "" Region: id = 709 start_va = 0x1bd10000 end_va = 0x1bd1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd10000" filename = "" Region: id = 710 start_va = 0x1bd20000 end_va = 0x1bd2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd20000" filename = "" Region: id = 711 start_va = 0x1bd30000 end_va = 0x1bd3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd30000" filename = "" Region: id = 712 start_va = 0x1bd40000 end_va = 0x1bd4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd40000" filename = "" Region: id = 713 start_va = 0x1bd50000 end_va = 0x1bd5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd50000" filename = "" Region: id = 714 start_va = 0x1bd60000 end_va = 0x1bd6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd60000" filename = "" Region: id = 715 start_va = 0x1bd70000 end_va = 0x1bd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd70000" filename = "" Region: id = 716 start_va = 0x1bd80000 end_va = 0x1bd8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd80000" filename = "" Region: id = 717 start_va = 0x1bd90000 end_va = 0x1bd9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd90000" filename = "" Region: id = 718 start_va = 0x1bda0000 end_va = 0x1bdaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bda0000" filename = "" Region: id = 719 start_va = 0x1bdb0000 end_va = 0x1bdbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bdb0000" filename = "" Region: id = 720 start_va = 0x1bdc0000 end_va = 0x1bdcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bdc0000" filename = "" Region: id = 721 start_va = 0x1bdd0000 end_va = 0x1bddffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bdd0000" filename = "" Region: id = 722 start_va = 0x1bde0000 end_va = 0x1bdeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bde0000" filename = "" Region: id = 723 start_va = 0x1bdf0000 end_va = 0x1bdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bdf0000" filename = "" Region: id = 724 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 725 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 726 start_va = 0x2110000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 727 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 728 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 729 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 730 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 731 start_va = 0x1ae90000 end_va = 0x1ae9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae90000" filename = "" Region: id = 732 start_va = 0x1bc40000 end_va = 0x1bc4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc40000" filename = "" Region: id = 733 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 734 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 735 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 736 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 737 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 738 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 739 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 740 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 741 start_va = 0x1bd80000 end_va = 0x1bf79fff monitored = 0 entry_point = 0x1bf582be region_type = mapped_file name = "system.xml.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.XML.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.xml\\2.0.0.0__b77a5c561934e089\\system.xml.dll") Region: id = 742 start_va = 0x7ff99b790000 end_va = 0x7ff99b7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b790000" filename = "" Region: id = 743 start_va = 0x637a0000 end_va = 0x63999fff monitored = 0 entry_point = 0x639782be region_type = mapped_file name = "system.xml.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.XML.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.xml\\2.0.0.0__b77a5c561934e089\\system.xml.dll") Region: id = 744 start_va = 0x7ff99b7c0000 end_va = 0x7ff99b7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b7c0000" filename = "" Region: id = 745 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 746 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 747 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 748 start_va = 0x1ae90000 end_va = 0x1ae9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae90000" filename = "" Region: id = 749 start_va = 0x1bc40000 end_va = 0x1bc4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc40000" filename = "" Region: id = 750 start_va = 0x1bc50000 end_va = 0x1bc5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc50000" filename = "" Region: id = 751 start_va = 0x1bc60000 end_va = 0x1bc6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc60000" filename = "" Region: id = 752 start_va = 0x1bc70000 end_va = 0x1bc7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc70000" filename = "" Region: id = 753 start_va = 0x1bc80000 end_va = 0x1bc8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc80000" filename = "" Region: id = 754 start_va = 0x1bc90000 end_va = 0x1bc9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc90000" filename = "" Region: id = 755 start_va = 0x1bca0000 end_va = 0x1bcaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bca0000" filename = "" Region: id = 756 start_va = 0x1bcb0000 end_va = 0x1bcbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bcb0000" filename = "" Region: id = 757 start_va = 0x1bcc0000 end_va = 0x1bccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bcc0000" filename = "" Region: id = 758 start_va = 0x1bcd0000 end_va = 0x1bcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bcd0000" filename = "" Region: id = 759 start_va = 0x1bce0000 end_va = 0x1bceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bce0000" filename = "" Region: id = 760 start_va = 0x1bcf0000 end_va = 0x1bcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bcf0000" filename = "" Region: id = 761 start_va = 0x1bd00000 end_va = 0x1bd0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd00000" filename = "" Region: id = 762 start_va = 0x1bd10000 end_va = 0x1bd1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd10000" filename = "" Region: id = 763 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 764 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 765 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 766 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 767 start_va = 0x1bc40000 end_va = 0x1bc4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc40000" filename = "" Region: id = 768 start_va = 0x7ff99b7d0000 end_va = 0x7ff99b7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b7d0000" filename = "" Region: id = 769 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 770 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 771 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 772 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 773 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 774 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 775 start_va = 0x1bc40000 end_va = 0x1bc4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc40000" filename = "" Region: id = 776 start_va = 0x1bc50000 end_va = 0x1bc5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc50000" filename = "" Region: id = 777 start_va = 0x1bc60000 end_va = 0x1bc6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc60000" filename = "" Region: id = 778 start_va = 0x1bc70000 end_va = 0x1bc7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc70000" filename = "" Region: id = 779 start_va = 0x1bc80000 end_va = 0x1bc8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc80000" filename = "" Region: id = 780 start_va = 0x1bc40000 end_va = 0x1bd3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc40000" filename = "" Region: id = 781 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 782 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 783 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 784 start_va = 0x1bd40000 end_va = 0x1bd4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd40000" filename = "" Region: id = 785 start_va = 0x1bd50000 end_va = 0x1bd5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd50000" filename = "" Region: id = 786 start_va = 0x1bd60000 end_va = 0x1bd6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd60000" filename = "" Region: id = 787 start_va = 0x1bf80000 end_va = 0x1bf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf80000" filename = "" Region: id = 788 start_va = 0x1bf90000 end_va = 0x1bf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf90000" filename = "" Region: id = 789 start_va = 0x1bfa0000 end_va = 0x1bfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfa0000" filename = "" Region: id = 790 start_va = 0x1bfb0000 end_va = 0x1bfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfb0000" filename = "" Region: id = 791 start_va = 0x2110000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 792 start_va = 0x1bf90000 end_va = 0x1bf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf90000" filename = "" Region: id = 793 start_va = 0x1bfa0000 end_va = 0x1bfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfa0000" filename = "" Region: id = 794 start_va = 0x1bfb0000 end_va = 0x1bfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfb0000" filename = "" Region: id = 795 start_va = 0x1bfc0000 end_va = 0x1bfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfc0000" filename = "" Region: id = 796 start_va = 0x1bfd0000 end_va = 0x1bfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfd0000" filename = "" Region: id = 797 start_va = 0x1bfe0000 end_va = 0x1bfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfe0000" filename = "" Region: id = 798 start_va = 0x1bff0000 end_va = 0x1bffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bff0000" filename = "" Region: id = 799 start_va = 0x1c000000 end_va = 0x1c00ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c000000" filename = "" Region: id = 800 start_va = 0x7ffa142d0000 end_va = 0x7ffa142d7fff monitored = 0 entry_point = 0x7ffa142d10b0 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 801 start_va = 0x1c010000 end_va = 0x1c20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c010000" filename = "" Region: id = 802 start_va = 0x1c210000 end_va = 0x1c21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c210000" filename = "" Region: id = 803 start_va = 0x1c220000 end_va = 0x1c22ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c220000" filename = "" Region: id = 804 start_va = 0x1c230000 end_va = 0x1c23ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c230000" filename = "" Region: id = 805 start_va = 0x1c240000 end_va = 0x1c24ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c240000" filename = "" Region: id = 806 start_va = 0x1c250000 end_va = 0x1c25ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c250000" filename = "" Region: id = 807 start_va = 0x1c260000 end_va = 0x1c26ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c260000" filename = "" Region: id = 808 start_va = 0x1c270000 end_va = 0x1c27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c270000" filename = "" Region: id = 809 start_va = 0x1c280000 end_va = 0x1c28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c280000" filename = "" Region: id = 810 start_va = 0x1c290000 end_va = 0x1c29ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c290000" filename = "" Region: id = 811 start_va = 0x1c2a0000 end_va = 0x1c2affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c2a0000" filename = "" Region: id = 812 start_va = 0x1c2b0000 end_va = 0x1c2bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c2b0000" filename = "" Region: id = 813 start_va = 0x1c2c0000 end_va = 0x1c2cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c2c0000" filename = "" Region: id = 814 start_va = 0x1c2d0000 end_va = 0x1c2dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c2d0000" filename = "" Region: id = 815 start_va = 0x1c2e0000 end_va = 0x1c2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c2e0000" filename = "" Region: id = 816 start_va = 0x1c2f0000 end_va = 0x1c2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c2f0000" filename = "" Region: id = 817 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 818 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 819 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 820 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 821 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 822 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 823 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 824 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 825 start_va = 0x7ff99b7e0000 end_va = 0x7ff99b81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b7e0000" filename = "" Region: id = 826 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 827 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 828 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 829 start_va = 0x2110000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 830 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 831 start_va = 0x1ae90000 end_va = 0x1ae9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae90000" filename = "" Region: id = 832 start_va = 0x1bd40000 end_va = 0x1bd4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd40000" filename = "" Region: id = 833 start_va = 0x1bd50000 end_va = 0x1bd5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd50000" filename = "" Region: id = 834 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 835 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 836 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 837 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 838 start_va = 0x1ae90000 end_va = 0x1ae9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae90000" filename = "" Region: id = 839 start_va = 0x1bd40000 end_va = 0x1bd4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd40000" filename = "" Region: id = 840 start_va = 0x1bd50000 end_va = 0x1bd5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd50000" filename = "" Region: id = 841 start_va = 0x1bd60000 end_va = 0x1bd6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd60000" filename = "" Region: id = 842 start_va = 0x1bd70000 end_va = 0x1bd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd70000" filename = "" Region: id = 843 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 844 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 845 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 846 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 847 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 848 start_va = 0x1bd40000 end_va = 0x1bd4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd40000" filename = "" Region: id = 849 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 850 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 851 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 852 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 853 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 854 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 855 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 856 start_va = 0x1ae90000 end_va = 0x1ae9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae90000" filename = "" Region: id = 857 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 858 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 859 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 860 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 861 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 862 start_va = 0x1ae90000 end_va = 0x1ae9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae90000" filename = "" Region: id = 863 start_va = 0x1bd40000 end_va = 0x1bd4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd40000" filename = "" Region: id = 864 start_va = 0x1bd50000 end_va = 0x1bd5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd50000" filename = "" Region: id = 865 start_va = 0x1bd60000 end_va = 0x1bd6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd60000" filename = "" Region: id = 866 start_va = 0x1bd70000 end_va = 0x1bd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd70000" filename = "" Region: id = 867 start_va = 0x1bf80000 end_va = 0x1bf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf80000" filename = "" Region: id = 868 start_va = 0x1bf90000 end_va = 0x1bf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf90000" filename = "" Region: id = 869 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 870 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 871 start_va = 0x2110000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 872 start_va = 0x1ae90000 end_va = 0x1ae9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae90000" filename = "" Region: id = 873 start_va = 0x1bd40000 end_va = 0x1bd4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd40000" filename = "" Region: id = 874 start_va = 0x1bd60000 end_va = 0x1bd6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd60000" filename = "" Region: id = 875 start_va = 0x1bd70000 end_va = 0x1bd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd70000" filename = "" Region: id = 876 start_va = 0x1bf80000 end_va = 0x1bf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf80000" filename = "" Region: id = 877 start_va = 0x1bf90000 end_va = 0x1bf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf90000" filename = "" Region: id = 878 start_va = 0x1bfa0000 end_va = 0x1bfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfa0000" filename = "" Region: id = 879 start_va = 0x1bfb0000 end_va = 0x1bfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfb0000" filename = "" Region: id = 880 start_va = 0x1bfc0000 end_va = 0x1bfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfc0000" filename = "" Region: id = 881 start_va = 0x1bfd0000 end_va = 0x1bfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfd0000" filename = "" Region: id = 882 start_va = 0x1bfe0000 end_va = 0x1bfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfe0000" filename = "" Region: id = 883 start_va = 0x1bff0000 end_va = 0x1bffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bff0000" filename = "" Region: id = 884 start_va = 0x1c000000 end_va = 0x1c00ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c000000" filename = "" Region: id = 885 start_va = 0x1c210000 end_va = 0x1c21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c210000" filename = "" Region: id = 886 start_va = 0x1c220000 end_va = 0x1c22ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c220000" filename = "" Region: id = 887 start_va = 0x1c230000 end_va = 0x1c23ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c230000" filename = "" Region: id = 888 start_va = 0x1c240000 end_va = 0x1c24ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c240000" filename = "" Region: id = 889 start_va = 0x1c260000 end_va = 0x1c26ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c260000" filename = "" Region: id = 890 start_va = 0x1c270000 end_va = 0x1c27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c270000" filename = "" Region: id = 891 start_va = 0x1c280000 end_va = 0x1c28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c280000" filename = "" Region: id = 892 start_va = 0x1c290000 end_va = 0x1c29ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c290000" filename = "" Region: id = 893 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 894 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 895 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 896 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 897 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 898 start_va = 0x1ae90000 end_va = 0x1ae9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae90000" filename = "" Region: id = 899 start_va = 0x1bd40000 end_va = 0x1bd4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd40000" filename = "" Region: id = 900 start_va = 0x1bd50000 end_va = 0x1bd5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd50000" filename = "" Region: id = 901 start_va = 0x1bd60000 end_va = 0x1bd6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd60000" filename = "" Region: id = 902 start_va = 0x1bd70000 end_va = 0x1bd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd70000" filename = "" Region: id = 903 start_va = 0x1bf80000 end_va = 0x1bf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf80000" filename = "" Region: id = 904 start_va = 0x1bf90000 end_va = 0x1bf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf90000" filename = "" Region: id = 905 start_va = 0x1bfa0000 end_va = 0x1bfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfa0000" filename = "" Region: id = 906 start_va = 0x1bfb0000 end_va = 0x1bfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfb0000" filename = "" Region: id = 907 start_va = 0x1bfc0000 end_va = 0x1bfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfc0000" filename = "" Region: id = 908 start_va = 0x1bfd0000 end_va = 0x1bfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfd0000" filename = "" Region: id = 909 start_va = 0x1bfe0000 end_va = 0x1bfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfe0000" filename = "" Region: id = 910 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 911 start_va = 0x2110000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 912 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 913 start_va = 0x1bd40000 end_va = 0x1bd4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd40000" filename = "" Region: id = 914 start_va = 0x1bd50000 end_va = 0x1bd5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd50000" filename = "" Region: id = 915 start_va = 0x1bd60000 end_va = 0x1bd6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd60000" filename = "" Region: id = 916 start_va = 0x1bd70000 end_va = 0x1bd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd70000" filename = "" Region: id = 917 start_va = 0x1bf80000 end_va = 0x1bf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf80000" filename = "" Region: id = 918 start_va = 0x1bfa0000 end_va = 0x1bfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfa0000" filename = "" Region: id = 919 start_va = 0x1bfb0000 end_va = 0x1bfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfb0000" filename = "" Region: id = 920 start_va = 0x1bfc0000 end_va = 0x1bfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfc0000" filename = "" Region: id = 921 start_va = 0x1bfd0000 end_va = 0x1bfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfd0000" filename = "" Region: id = 922 start_va = 0x1bfe0000 end_va = 0x1bfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfe0000" filename = "" Region: id = 923 start_va = 0x1bff0000 end_va = 0x1bffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bff0000" filename = "" Region: id = 924 start_va = 0x1c000000 end_va = 0x1c00ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c000000" filename = "" Region: id = 925 start_va = 0x1c210000 end_va = 0x1c21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c210000" filename = "" Region: id = 926 start_va = 0x1c220000 end_va = 0x1c22ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c220000" filename = "" Region: id = 927 start_va = 0x1c230000 end_va = 0x1c23ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c230000" filename = "" Region: id = 928 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 929 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 930 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 931 start_va = 0x2110000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 932 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 933 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 934 start_va = 0x2110000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 935 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 936 start_va = 0x1ae90000 end_va = 0x1ae9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae90000" filename = "" Region: id = 937 start_va = 0x1bd40000 end_va = 0x1bd4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd40000" filename = "" Region: id = 938 start_va = 0x1bd50000 end_va = 0x1bd5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd50000" filename = "" Region: id = 939 start_va = 0x1bd60000 end_va = 0x1bd6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd60000" filename = "" Region: id = 940 start_va = 0x1bd70000 end_va = 0x1bd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd70000" filename = "" Region: id = 941 start_va = 0x1bf80000 end_va = 0x1bf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf80000" filename = "" Region: id = 942 start_va = 0x1bf90000 end_va = 0x1bf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf90000" filename = "" Region: id = 943 start_va = 0x1bfa0000 end_va = 0x1bfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfa0000" filename = "" Region: id = 944 start_va = 0x1bfc0000 end_va = 0x1bfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfc0000" filename = "" Region: id = 945 start_va = 0x1bff0000 end_va = 0x1bffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bff0000" filename = "" Region: id = 946 start_va = 0x1c000000 end_va = 0x1c00ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c000000" filename = "" Region: id = 947 start_va = 0x1c210000 end_va = 0x1c21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c210000" filename = "" Region: id = 948 start_va = 0x1c220000 end_va = 0x1c22ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c220000" filename = "" Region: id = 949 start_va = 0x1c230000 end_va = 0x1c23ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c230000" filename = "" Region: id = 950 start_va = 0x1c240000 end_va = 0x1c24ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c240000" filename = "" Region: id = 951 start_va = 0x1c250000 end_va = 0x1c25ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c250000" filename = "" Region: id = 952 start_va = 0x1c260000 end_va = 0x1c26ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c260000" filename = "" Region: id = 953 start_va = 0x1c270000 end_va = 0x1c27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c270000" filename = "" Region: id = 954 start_va = 0x1c280000 end_va = 0x1c28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c280000" filename = "" Region: id = 955 start_va = 0x1c290000 end_va = 0x1c29ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c290000" filename = "" Region: id = 956 start_va = 0x1c2a0000 end_va = 0x1c2affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c2a0000" filename = "" Region: id = 957 start_va = 0x1c2b0000 end_va = 0x1c2bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c2b0000" filename = "" Region: id = 958 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 959 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 960 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 961 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 962 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 963 start_va = 0x2110000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 964 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 965 start_va = 0x1ae90000 end_va = 0x1ae9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae90000" filename = "" Region: id = 966 start_va = 0x1bd40000 end_va = 0x1bd4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd40000" filename = "" Region: id = 967 start_va = 0x1bd50000 end_va = 0x1bd5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd50000" filename = "" Region: id = 968 start_va = 0x1bd60000 end_va = 0x1bd6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd60000" filename = "" Region: id = 969 start_va = 0x1bd70000 end_va = 0x1bd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd70000" filename = "" Region: id = 970 start_va = 0x1bf80000 end_va = 0x1bf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf80000" filename = "" Region: id = 971 start_va = 0x1bf90000 end_va = 0x1bf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf90000" filename = "" Region: id = 972 start_va = 0x1bfa0000 end_va = 0x1bfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfa0000" filename = "" Region: id = 973 start_va = 0x1bfc0000 end_va = 0x1bfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfc0000" filename = "" Region: id = 974 start_va = 0x1bfd0000 end_va = 0x1bfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfd0000" filename = "" Region: id = 975 start_va = 0x1bff0000 end_va = 0x1bffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bff0000" filename = "" Region: id = 976 start_va = 0x1c000000 end_va = 0x1c00ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c000000" filename = "" Region: id = 977 start_va = 0x7ff99b820000 end_va = 0x7ff99b82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b820000" filename = "" Region: id = 978 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 979 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 980 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 981 start_va = 0x2110000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 982 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 983 start_va = 0x1ae90000 end_va = 0x1ae9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae90000" filename = "" Region: id = 984 start_va = 0x1bd40000 end_va = 0x1bd4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd40000" filename = "" Region: id = 985 start_va = 0x1bd50000 end_va = 0x1bd5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd50000" filename = "" Region: id = 986 start_va = 0x1bd60000 end_va = 0x1bd6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd60000" filename = "" Region: id = 987 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 988 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 989 start_va = 0x2110000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 990 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 991 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 992 start_va = 0x2110000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 993 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 994 start_va = 0x1ae90000 end_va = 0x1ae9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae90000" filename = "" Region: id = 995 start_va = 0x1bd40000 end_va = 0x1bd4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd40000" filename = "" Region: id = 996 start_va = 0x1bd50000 end_va = 0x1bd5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd50000" filename = "" Region: id = 997 start_va = 0x1bd60000 end_va = 0x1bd6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd60000" filename = "" Region: id = 998 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 999 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 1000 start_va = 0x2110000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 1001 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 1002 start_va = 0x1bd40000 end_va = 0x1bd4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd40000" filename = "" Region: id = 1003 start_va = 0x1bd50000 end_va = 0x1bd5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd50000" filename = "" Region: id = 1004 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1005 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 1006 start_va = 0x2110000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 1007 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 1008 start_va = 0x1bd40000 end_va = 0x1bd4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd40000" filename = "" Region: id = 1009 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 1010 start_va = 0x2110000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 1011 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 1012 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1013 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 1014 start_va = 0x2110000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 1015 start_va = 0x1bd40000 end_va = 0x1bd4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd40000" filename = "" Region: id = 1016 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 1017 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 1018 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1019 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 1020 start_va = 0x7ffa146e0000 end_va = 0x7ffa1474afff monitored = 0 entry_point = 0x7ffa146f90c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1021 start_va = 0x7ffa12660000 end_va = 0x7ffa126bbfff monitored = 0 entry_point = 0x7ffa12676f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1022 start_va = 0x1bd40000 end_va = 0x1bd5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001bd40000" filename = "" Region: id = 1023 start_va = 0x7ffa11800000 end_va = 0x7ffa118a9fff monitored = 0 entry_point = 0x7ffa11827910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1024 start_va = 0x7ffa13d60000 end_va = 0x7ffa13d67fff monitored = 0 entry_point = 0x7ffa13d61ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1025 start_va = 0x7ffa0ac50000 end_va = 0x7ffa0ac59fff monitored = 0 entry_point = 0x7ffa0ac514c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1026 start_va = 0x7ffa0baf0000 end_va = 0x7ffa0bb27fff monitored = 0 entry_point = 0x7ffa0bb08cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1027 start_va = 0x7ffa0b640000 end_va = 0x7ffa0b6a6fff monitored = 0 entry_point = 0x7ffa0b6463e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1028 start_va = 0x1c230000 end_va = 0x1c32ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c230000" filename = "" Region: id = 1029 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1030 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 1031 start_va = 0x2110000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 1032 start_va = 0x1bd60000 end_va = 0x1bd6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd60000" filename = "" Region: id = 1033 start_va = 0x1bd70000 end_va = 0x1bd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd70000" filename = "" Region: id = 1034 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 1035 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 1036 start_va = 0x2110000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 1037 start_va = 0x1bd60000 end_va = 0x1bd6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd60000" filename = "" Region: id = 1038 start_va = 0x1bd70000 end_va = 0x1bd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd70000" filename = "" Region: id = 1039 start_va = 0x1bf80000 end_va = 0x1bf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf80000" filename = "" Region: id = 1040 start_va = 0x1bf90000 end_va = 0x1bf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf90000" filename = "" Region: id = 1041 start_va = 0x1bfa0000 end_va = 0x1bfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfa0000" filename = "" Region: id = 1042 start_va = 0x1bfb0000 end_va = 0x1bfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfb0000" filename = "" Region: id = 1043 start_va = 0x1bfc0000 end_va = 0x1bfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfc0000" filename = "" Region: id = 1044 start_va = 0x1bfd0000 end_va = 0x1bfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfd0000" filename = "" Region: id = 1045 start_va = 0x1bfe0000 end_va = 0x1bfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfe0000" filename = "" Region: id = 1046 start_va = 0x1bff0000 end_va = 0x1bffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bff0000" filename = "" Region: id = 1047 start_va = 0x1c000000 end_va = 0x1c00ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c000000" filename = "" Region: id = 1048 start_va = 0x1c210000 end_va = 0x1c21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c210000" filename = "" Region: id = 1049 start_va = 0x1c330000 end_va = 0x1c33ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c330000" filename = "" Region: id = 1050 start_va = 0x1c340000 end_va = 0x1c34ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c340000" filename = "" Region: id = 1051 start_va = 0x1c350000 end_va = 0x1c35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c350000" filename = "" Region: id = 1052 start_va = 0x1c360000 end_va = 0x1c36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c360000" filename = "" Region: id = 1053 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1054 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1055 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 1056 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 1057 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 1058 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 1059 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 1060 start_va = 0x2110000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 1061 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 1062 start_va = 0x1ae90000 end_va = 0x1ae9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae90000" filename = "" Region: id = 1063 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1064 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 1065 start_va = 0x1bd60000 end_va = 0x1bd6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd60000" filename = "" Region: id = 1066 start_va = 0x1bd70000 end_va = 0x1bd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd70000" filename = "" Region: id = 1067 start_va = 0x1bf80000 end_va = 0x1bf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf80000" filename = "" Region: id = 1068 start_va = 0x1bf90000 end_va = 0x1bf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf90000" filename = "" Region: id = 1069 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1070 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1071 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 1072 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 1073 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 1074 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 1075 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 1076 start_va = 0x2110000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 1077 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 1078 start_va = 0x1ae90000 end_va = 0x1ae9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae90000" filename = "" Region: id = 1079 start_va = 0x1bd60000 end_va = 0x1bd6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd60000" filename = "" Region: id = 1080 start_va = 0x560000 end_va = 0x56cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 1081 start_va = 0x7ff99b830000 end_va = 0x7ff99b83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b830000" filename = "" Region: id = 1082 start_va = 0x7ff99b840000 end_va = 0x7ff99b84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b840000" filename = "" Region: id = 1083 start_va = 0x7ff99b850000 end_va = 0x7ff99b85ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b850000" filename = "" Region: id = 1084 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1085 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 1086 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 1087 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 1088 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 1089 start_va = 0x2090000 end_va = 0x209cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002090000" filename = "" Region: id = 1090 start_va = 0x2110000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 1091 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 1092 start_va = 0x1ae90000 end_va = 0x1ae9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae90000" filename = "" Region: id = 1093 start_va = 0x1bd60000 end_va = 0x1bd6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd60000" filename = "" Region: id = 1094 start_va = 0x1bd70000 end_va = 0x1bd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd70000" filename = "" Region: id = 1095 start_va = 0x1bf80000 end_va = 0x1bf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf80000" filename = "" Region: id = 1096 start_va = 0x1bf90000 end_va = 0x1bf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf90000" filename = "" Region: id = 1097 start_va = 0x1bfa0000 end_va = 0x1bfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfa0000" filename = "" Region: id = 1098 start_va = 0x1bfb0000 end_va = 0x1bfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfb0000" filename = "" Region: id = 1099 start_va = 0x1bfc0000 end_va = 0x1bfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfc0000" filename = "" Region: id = 1100 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 1101 start_va = 0x1bd70000 end_va = 0x1bd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd70000" filename = "" Region: id = 1102 start_va = 0x1bfb0000 end_va = 0x1bfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfb0000" filename = "" Region: id = 1103 start_va = 0x1bfc0000 end_va = 0x1bfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfc0000" filename = "" Region: id = 1104 start_va = 0x1bfd0000 end_va = 0x1bfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfd0000" filename = "" Region: id = 1105 start_va = 0x1bfe0000 end_va = 0x1bfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfe0000" filename = "" Region: id = 1106 start_va = 0x1bff0000 end_va = 0x1bffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bff0000" filename = "" Region: id = 1107 start_va = 0x1c000000 end_va = 0x1c00ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c000000" filename = "" Region: id = 1108 start_va = 0x1c210000 end_va = 0x1c21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c210000" filename = "" Region: id = 1109 start_va = 0x1c220000 end_va = 0x1c22ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c220000" filename = "" Region: id = 1110 start_va = 0x1c330000 end_va = 0x1c33ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c330000" filename = "" Region: id = 1111 start_va = 0x1c340000 end_va = 0x1c34ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c340000" filename = "" Region: id = 1112 start_va = 0x1c350000 end_va = 0x1c35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c350000" filename = "" Region: id = 1113 start_va = 0x1c360000 end_va = 0x1c36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c360000" filename = "" Region: id = 1114 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 1115 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 1116 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 1117 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 1118 start_va = 0x2110000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 1119 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 1120 start_va = 0x1bd70000 end_va = 0x1bd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd70000" filename = "" Region: id = 1121 start_va = 0x1bf80000 end_va = 0x1bf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf80000" filename = "" Region: id = 1122 start_va = 0x1bf90000 end_va = 0x1bf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf90000" filename = "" Region: id = 1123 start_va = 0x1bfa0000 end_va = 0x1bfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfa0000" filename = "" Region: id = 1124 start_va = 0x1bfb0000 end_va = 0x1bfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfb0000" filename = "" Region: id = 1125 start_va = 0x1bfc0000 end_va = 0x1bfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfc0000" filename = "" Region: id = 1126 start_va = 0x1bfd0000 end_va = 0x1bfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfd0000" filename = "" Region: id = 1127 start_va = 0x1bfe0000 end_va = 0x1bfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfe0000" filename = "" Region: id = 1128 start_va = 0x7a0000 end_va = 0x7a5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Region: id = 1129 start_va = 0x7b0000 end_va = 0x7befff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007b0000" filename = "" Region: id = 1130 start_va = 0x7ff99b860000 end_va = 0x7ff99b86ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b860000" filename = "" Region: id = 1131 start_va = 0x2080000 end_va = 0x2089fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002080000" filename = "" Region: id = 1132 start_va = 0x7ff99b870000 end_va = 0x7ff99b87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b870000" filename = "" Region: id = 1133 start_va = 0x1bf80000 end_va = 0x1bfa8fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001bf80000" filename = "" Region: id = 1134 start_va = 0x7ff99b880000 end_va = 0x7ff99b88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b880000" filename = "" Region: id = 1135 start_va = 0x2110000 end_va = 0x211efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002110000" filename = "" Region: id = 1136 start_va = 0x1ae90000 end_va = 0x1ae9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae90000" filename = "" Region: id = 1137 start_va = 0x1bd70000 end_va = 0x1bd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd70000" filename = "" Region: id = 1138 start_va = 0x1bfb0000 end_va = 0x1bfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfb0000" filename = "" Region: id = 1139 start_va = 0x1bfc0000 end_va = 0x1bfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfc0000" filename = "" Region: id = 1140 start_va = 0x1bfd0000 end_va = 0x1bfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfd0000" filename = "" Region: id = 1141 start_va = 0x1c210000 end_va = 0x1c21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c210000" filename = "" Region: id = 1142 start_va = 0x1c330000 end_va = 0x1c33ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c330000" filename = "" Region: id = 1143 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 1144 start_va = 0x1bfb0000 end_va = 0x1bfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfb0000" filename = "" Region: id = 1145 start_va = 0x1bfc0000 end_va = 0x1bfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfc0000" filename = "" Region: id = 1146 start_va = 0x1bfd0000 end_va = 0x1bfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfd0000" filename = "" Region: id = 1147 start_va = 0x1bfe0000 end_va = 0x1bfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfe0000" filename = "" Region: id = 1148 start_va = 0x1c330000 end_va = 0x1c3b9fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001c330000" filename = "" Region: id = 1149 start_va = 0x7ff99b890000 end_va = 0x7ff99b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b890000" filename = "" Region: id = 1150 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 1151 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 1152 start_va = 0x1ae90000 end_va = 0x1ae9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae90000" filename = "" Region: id = 1153 start_va = 0x1bd60000 end_va = 0x1bd60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001bd60000" filename = "" Region: id = 1154 start_va = 0x1c3c0000 end_va = 0x1c4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c3c0000" filename = "" Region: id = 1155 start_va = 0x1bd60000 end_va = 0x1bd6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd60000" filename = "" Region: id = 1156 start_va = 0x1bd70000 end_va = 0x1bd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd70000" filename = "" Region: id = 1157 start_va = 0x1bfd0000 end_va = 0x1bfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfd0000" filename = "" Region: id = 1158 start_va = 0x1bfe0000 end_va = 0x1bfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfe0000" filename = "" Region: id = 1159 start_va = 0x1c000000 end_va = 0x1c00ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c000000" filename = "" Region: id = 1160 start_va = 0x1c210000 end_va = 0x1c21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c210000" filename = "" Region: id = 1161 start_va = 0x1c4c0000 end_va = 0x1c4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c4c0000" filename = "" Region: id = 1162 start_va = 0x1c4d0000 end_va = 0x1c4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c4d0000" filename = "" Region: id = 1163 start_va = 0x1c4e0000 end_va = 0x1c4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c4e0000" filename = "" Region: id = 1164 start_va = 0x1c4f0000 end_va = 0x1c4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c4f0000" filename = "" Region: id = 1165 start_va = 0x1c500000 end_va = 0x1c50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c500000" filename = "" Region: id = 1166 start_va = 0x1c510000 end_va = 0x1c51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c510000" filename = "" Region: id = 1167 start_va = 0x1c520000 end_va = 0x1c52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c520000" filename = "" Region: id = 1168 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 1169 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 1170 start_va = 0x1ae90000 end_va = 0x1ae9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae90000" filename = "" Region: id = 1171 start_va = 0x1bfb0000 end_va = 0x1bfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfb0000" filename = "" Region: id = 1172 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 1173 start_va = 0x1bfb0000 end_va = 0x1bfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfb0000" filename = "" Region: id = 1174 start_va = 0x1bfc0000 end_va = 0x1bfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfc0000" filename = "" Region: id = 1175 start_va = 0x1bfd0000 end_va = 0x1bfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfd0000" filename = "" Region: id = 1176 start_va = 0x1bfe0000 end_va = 0x1bfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfe0000" filename = "" Region: id = 1177 start_va = 0x1c000000 end_va = 0x1c00ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c000000" filename = "" Region: id = 1178 start_va = 0x1bff0000 end_va = 0x1bffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bff0000" filename = "" Region: id = 1179 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 1180 start_va = 0x1c210000 end_va = 0x1c21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c210000" filename = "" Region: id = 1181 start_va = 0x1c220000 end_va = 0x1c22ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c220000" filename = "" Region: id = 1182 start_va = 0x1c4c0000 end_va = 0x1c4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c4c0000" filename = "" Region: id = 1183 start_va = 0x1c4d0000 end_va = 0x1c4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c4d0000" filename = "" Region: id = 1184 start_va = 0x1c4e0000 end_va = 0x1c4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c4e0000" filename = "" Region: id = 1185 start_va = 0x1c4f0000 end_va = 0x1c4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c4f0000" filename = "" Region: id = 1186 start_va = 0x1c510000 end_va = 0x1c51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c510000" filename = "" Region: id = 1187 start_va = 0x1c530000 end_va = 0x1c53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c530000" filename = "" Region: id = 1188 start_va = 0x1c540000 end_va = 0x1c54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c540000" filename = "" Region: id = 1189 start_va = 0x1c550000 end_va = 0x1c55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c550000" filename = "" Region: id = 1190 start_va = 0x1c560000 end_va = 0x1c56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c560000" filename = "" Region: id = 1191 start_va = 0x1c570000 end_va = 0x1c57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c570000" filename = "" Region: id = 1192 start_va = 0x1c580000 end_va = 0x1c58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c580000" filename = "" Region: id = 1193 start_va = 0x1c590000 end_va = 0x1c59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c590000" filename = "" Region: id = 1194 start_va = 0x1c5a0000 end_va = 0x1c5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c5a0000" filename = "" Region: id = 1195 start_va = 0x1c5b0000 end_va = 0x1c5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c5b0000" filename = "" Region: id = 1196 start_va = 0x1c5c0000 end_va = 0x1c5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c5c0000" filename = "" Region: id = 1197 start_va = 0x1c5d0000 end_va = 0x1c5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c5d0000" filename = "" Region: id = 1198 start_va = 0x1c5e0000 end_va = 0x1c5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c5e0000" filename = "" Region: id = 1199 start_va = 0x1c5f0000 end_va = 0x1c5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c5f0000" filename = "" Region: id = 1200 start_va = 0x1c600000 end_va = 0x1c60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c600000" filename = "" Region: id = 1201 start_va = 0x1c610000 end_va = 0x1c61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c610000" filename = "" Region: id = 1202 start_va = 0x1bfc0000 end_va = 0x1bfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfc0000" filename = "" Region: id = 1203 start_va = 0x1c530000 end_va = 0x1c53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c530000" filename = "" Region: id = 1204 start_va = 0x1c550000 end_va = 0x1c55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c550000" filename = "" Region: id = 1205 start_va = 0x7ff99b8a0000 end_va = 0x7ff99b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff99b8a0000" filename = "" Region: id = 1206 start_va = 0x1bfc0000 end_va = 0x1bfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfc0000" filename = "" Region: id = 1207 start_va = 0x1bff0000 end_va = 0x1bffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bff0000" filename = "" Region: id = 1208 start_va = 0x1c560000 end_va = 0x1c56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c560000" filename = "" Region: id = 1209 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 1210 start_va = 0x1ae90000 end_va = 0x1ae9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae90000" filename = "" Region: id = 1211 start_va = 0x1bd60000 end_va = 0x1bd6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd60000" filename = "" Region: id = 1212 start_va = 0x1bd70000 end_va = 0x1bd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd70000" filename = "" Region: id = 1213 start_va = 0x1bfb0000 end_va = 0x1bfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfb0000" filename = "" Region: id = 1214 start_va = 0x1bfe0000 end_va = 0x1bfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfe0000" filename = "" Thread: id = 1 os_tid = 0x1128 [0092.952] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0094.649] GetVersionExW (in: lpVersionInformation=0x14e850*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14e850*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0094.655] GetVersionExW (in: lpVersionInformation=0x14e850*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14e850*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0094.686] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", nBufferLength=0x105, lpBuffer=0x14e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", lpFilePart=0x0) returned 0x1e [0094.770] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe", nBufferLength=0x105, lpBuffer=0x14e450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe", lpFilePart=0x0) returned 0x62 [0094.782] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe", nBufferLength=0x105, lpBuffer=0x14e390, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe", lpFilePart=0x0) returned 0x62 [0094.786] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", nBufferLength=0x105, lpBuffer=0x14e2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", lpFilePart=0x0) returned 0x1e [0094.793] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", nBufferLength=0x105, lpBuffer=0x14e490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", lpFilePart=0x0) returned 0x1e [0094.793] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", nBufferLength=0x105, lpBuffer=0x14e390, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", lpFilePart=0x0) returned 0x1e [0098.259] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc1e0 [0098.259] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc1e1 [0099.507] GetSystemMetrics (nIndex=75) returned 1 [0100.544] AdjustWindowRectEx (in: lpRect=0x14e2f0, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x14e2f0) returned 1 [0101.147] GetCurrentProcess () returned 0xffffffffffffffff [0101.150] GetCurrentThread () returned 0xfffffffffffffffe [0101.150] GetCurrentProcess () returned 0xffffffffffffffff [0101.211] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14e040, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x14e040*=0x260) returned 1 [0101.253] GetCurrentThreadId () returned 0x1128 [0101.923] lstrlenW (lpString="䅁") returned 1 [0102.152] GetModuleHandleW (lpModuleName="user32.dll") returned 0x7ffa13d80000 [0102.156] GetACP () returned 0x4e4 [0102.375] CoTaskMemAlloc (cb=0x10) returned 0x67c580 [0102.375] GetProcAddress (hModule=0x7ffa13d80000, lpProcName="DefWindowProcW") returned 0x7ffa16814a40 [0102.380] CoTaskMemFree (pv=0x67c580) [0102.400] GetStockObject (i=5) returned 0x1900015 [0102.742] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0102.766] CoTaskMemAlloc (cb=0x4c) returned 0x5b8170 [0102.766] RegisterClassW (lpWndClass=0x14dd70) returned 0xc14b [0102.767] CoTaskMemFree (pv=0x5b8170) [0102.767] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0102.781] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.378734a", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x50280 [0102.797] SetWindowLongPtrW (hWnd=0x50280, nIndex=-4, dwNewLong=0x7ffa16814a40) returned 0x2130a4c [0102.871] GetWindowLongPtrW (hWnd=0x50280, nIndex=-4) returned 0x7ffa16814a40 [0102.909] lstrlenW (lpString="䅁") returned 1 [0102.911] GetVersionExW (in: lpVersionInformation=0x14aaf0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14aaf0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0102.918] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cfb8 | out: phkResult=0x14cfb8*=0x268) returned 0x0 [0102.919] RegQueryValueExW (in: hKey=0x268, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x14cf3c, lpData=0x0, lpcbData=0x14cf38*=0x0 | out: lpType=0x14cf3c*=0x0, lpData=0x0, lpcbData=0x14cf38*=0x0) returned 0x2 [0102.920] RegQueryValueExW (in: hKey=0x268, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x14cf3c, lpData=0x0, lpcbData=0x14cf38*=0x0 | out: lpType=0x14cf3c*=0x0, lpData=0x0, lpcbData=0x14cf38*=0x0) returned 0x2 [0102.921] RegCloseKey (hKey=0x268) returned 0x0 [0102.950] SetWindowLongPtrW (hWnd=0x50280, nIndex=-4, dwNewLong=0x2130a9c) returned 0x7ffa16814a40 [0102.950] GetWindowLongPtrW (hWnd=0x50280, nIndex=-4) returned 0x2130a9c [0102.950] GetWindowLongPtrW (hWnd=0x50280, nIndex=-16) returned 0x6c10000 [0103.110] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc1da [0103.115] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x50280, Msg=0x24, wParam=0x0, lParam=0x14d750) returned 0x0 [0103.117] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc1db [0103.117] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x50280, Msg=0x81, wParam=0x0, lParam=0x14d6d0) returned 0x1 [0103.118] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x50280, Msg=0x83, wParam=0x0, lParam=0x14d770) returned 0x0 [0103.361] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x50280, Msg=0x1, wParam=0x0, lParam=0x14d6d0) returned 0x0 [0103.377] GetClientRect (in: hWnd=0x50280, lpRect=0x14cf00 | out: lpRect=0x14cf00) returned 1 [0103.379] GetWindowRect (in: hWnd=0x50280, lpRect=0x14cf00 | out: lpRect=0x14cf00) returned 1 [0103.726] GetParent (hWnd=0x50280) returned 0x0 [0103.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x14df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x64 [0103.767] IsAppThemed () returned 0x1 [0103.774] CoTaskMemAlloc (cb=0xca) returned 0x5dfe00 [0103.774] CreateActCtxA (pActCtx=0x14e3f8) returned 0x5de158 [0103.782] CoTaskMemFree (pv=0x5dfe00) [0103.814] GetCurrentActCtx (in: lphActCtx=0x14edf0 | out: lphActCtx=0x14edf0*=0x0) returned 1 [0103.818] ActivateActCtx (in: hActCtx=0x5de158, lpCookie=0x14ee30 | out: hActCtx=0x5de158, lpCookie=0x14ee30) returned 1 [0104.037] GetCurrentActCtx (in: lphActCtx=0x14e8a0 | out: lphActCtx=0x14e8a0*=0x5de158) returned 1 [0104.073] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0104.073] CreateWindowExW (dwExStyle=0x10000, lpClassName="WindowsForms10.Window.8.app.0.378734a", lpWindowName=0x0, dwStyle=0x22cf0000, X=-2147483648, Y=-2147483648, nWidth=300, nHeight=300, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0xb0292 [0104.640] SetWindowLongPtrW (hWnd=0xb0292, nIndex=-4, dwNewLong=0x7ffa16814a40) returned 0x2130a4c [0104.641] GetWindowLongPtrW (hWnd=0xb0292, nIndex=-4) returned 0x7ffa16814a40 [0104.641] SetWindowLongPtrW (hWnd=0xb0292, nIndex=-4, dwNewLong=0x2130aec) returned 0x7ffa16814a40 [0104.641] GetWindowLongPtrW (hWnd=0xb0292, nIndex=-4) returned 0x2130aec [0104.641] GetWindowLongPtrW (hWnd=0xb0292, nIndex=-16) returned 0x26cf0000 [0104.656] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x81, wParam=0x0, lParam=0x14ded0) returned 0x1 [0104.662] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x83, wParam=0x0, lParam=0x14df70) returned 0x0 [0104.668] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x1, wParam=0x0, lParam=0x14ded0) returned 0x0 [0104.668] GetClientRect (in: hWnd=0xb0292, lpRect=0x14d6c0 | out: lpRect=0x14d6c0) returned 1 [0104.668] GetWindowRect (in: hWnd=0xb0292, lpRect=0x14d6c0 | out: lpRect=0x14d6c0) returned 1 [0104.694] GetWindowTextLengthW (hWnd=0xb0292) returned 0 [0104.695] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0104.695] GetSystemMetrics (nIndex=42) returned 0 [0104.701] CoTaskMemAlloc (cb=0x6) returned 0x5ceb80 [0104.701] GetWindowTextW (in: hWnd=0xb0292, lpString=0x5ceb80, nMaxCount=1 | out: lpString="") returned 0 [0104.701] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0xd, wParam=0x1, lParam=0x5ceb80) returned 0x0 [0104.701] CoTaskMemFree (pv=0x5ceb80) [0104.904] GetProcessWindowStation () returned 0xcc [0104.906] GetUserObjectInformationA (in: hObj=0xcc, nIndex=1, pvInfo=0x24910f0, nLength=0xc, lpnLengthNeeded=0x14d3b0 | out: pvInfo=0x24910f0, lpnLengthNeeded=0x14d3b0) returned 1 [0104.908] SetConsoleCtrlHandler (HandlerRoutine=0x2130b7c, Add=1) returned 1 [0104.910] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0104.911] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0104.912] GetClassInfoW (in: hInstance=0x400000, lpClassName=".NET-BroadcastEventWindow.2.0.0.0.378734a.0", lpWndClass=0x2491178 | out: lpWndClass=0x2491178) returned 0 [0104.916] CoTaskMemAlloc (cb=0x58) returned 0x5b82f0 [0104.916] RegisterClassW (lpWndClass=0x14d2d0) returned 0xc1d9 [0104.917] CoTaskMemFree (pv=0x5b82f0) [0104.919] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.2.0.0.0.378734a.0", lpWindowName=".NET-BroadcastEventWindow.2.0.0.0.378734a.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x601e0 [0104.920] NtdllDefWindowProc_W (hWnd=0x601e0, Msg=0x81, wParam=0x0, lParam=0x14cac0) returned 0x1 [0104.921] NtdllDefWindowProc_W (hWnd=0x601e0, Msg=0x83, wParam=0x0, lParam=0x14cb70) returned 0x0 [0104.921] NtdllDefWindowProc_W (hWnd=0x601e0, Msg=0x1, wParam=0x0, lParam=0x14ca60) returned 0x0 [0104.922] NtdllDefWindowProc_W (hWnd=0x601e0, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0104.922] NtdllDefWindowProc_W (hWnd=0x601e0, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0105.058] GetStartupInfoW (in: lpStartupInfo=0x2491768 | out: lpStartupInfo=0x2491768*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0105.072] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x46, wParam=0x0, lParam=0x14df50) returned 0x0 [0105.073] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x83, wParam=0x1, lParam=0x14df20) returned 0x0 [0105.105] GetWindowPlacement (in: hWnd=0xb0292, lpwndpl=0x14d9a0 | out: lpwndpl=0x14d9a0) returned 1 [0105.109] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x47, wParam=0x0, lParam=0x14df50) returned 0x0 [0105.112] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x3, wParam=0x0, lParam=0x83008300) returned 0x0 [0105.112] GetClientRect (in: hWnd=0xb0292, lpRect=0x14cb30 | out: lpRect=0x14cb30) returned 1 [0105.112] GetWindowRect (in: hWnd=0xb0292, lpRect=0x14cb30 | out: lpRect=0x14cb30) returned 1 [0105.112] GetWindowTextLengthW (hWnd=0xb0292) returned 0 [0105.112] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0105.112] GetSystemMetrics (nIndex=42) returned 0 [0105.113] CoTaskMemAlloc (cb=0x6) returned 0x5ce9b0 [0105.113] GetWindowTextW (in: hWnd=0xb0292, lpString=0x5ce9b0, nMaxCount=1 | out: lpString="") returned 0 [0105.113] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0xd, wParam=0x1, lParam=0x5ce9b0) returned 0x0 [0105.113] CoTaskMemFree (pv=0x5ce9b0) [0105.132] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x5, wParam=0x1, lParam=0x0) returned 0x0 [0105.136] GetClientRect (in: hWnd=0xb0292, lpRect=0x14d730 | out: lpRect=0x14d730) returned 1 [0105.136] GetWindowRect (in: hWnd=0xb0292, lpRect=0x14d730 | out: lpRect=0x14d730) returned 1 [0105.147] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0105.147] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0105.147] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0105.150] GetParent (hWnd=0xb0292) returned 0x0 [0105.156] GetStockObject (i=5) returned 0x1900015 [0105.156] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0105.156] CoTaskMemAlloc (cb=0x4c) returned 0x5b82f0 [0105.156] RegisterClassW (lpWndClass=0x14e530) returned 0xc1e2 [0105.157] CoTaskMemFree (pv=0x5b82f0) [0105.157] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0105.157] CreateWindowExW (dwExStyle=0x80, lpClassName="WindowsForms10.Window.0.app.0.378734a", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x60258 [0105.157] SetWindowLongPtrW (hWnd=0x60258, nIndex=-4, dwNewLong=0x7ffa16814a40) returned 0x213079c [0105.158] GetWindowLongPtrW (hWnd=0x60258, nIndex=-4) returned 0x7ffa16814a40 [0105.158] SetWindowLongPtrW (hWnd=0x60258, nIndex=-4, dwNewLong=0x21307ec) returned 0x7ffa16814a40 [0105.158] GetWindowLongPtrW (hWnd=0x60258, nIndex=-4) returned 0x21307ec [0105.158] GetWindowLongPtrW (hWnd=0x60258, nIndex=-16) returned 0x4c00000 [0105.159] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60258, Msg=0x24, wParam=0x0, lParam=0x14df10) returned 0x0 [0105.159] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60258, Msg=0x81, wParam=0x0, lParam=0x14de90) returned 0x1 [0105.159] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60258, Msg=0x83, wParam=0x0, lParam=0x14df30) returned 0x0 [0105.160] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60258, Msg=0x1, wParam=0x0, lParam=0x14de90) returned 0x0 [0105.161] SetWindowLongPtrW (hWnd=0xb0292, nIndex=-8, dwNewLong=0x60258) returned 0x0 [0105.307] GetSystemMetrics (nIndex=11) returned 32 [0105.307] GetSystemMetrics (nIndex=12) returned 32 [0105.315] GetDC (hWnd=0x0) returned 0xa0100d0 [0105.352] GetDeviceCaps (hdc=0xa0100d0, index=12) returned 32 [0105.352] GetDeviceCaps (hdc=0xa0100d0, index=14) returned 1 [0105.354] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1 [0105.361] GetSystemMetrics (nIndex=49) returned 16 [0105.361] GetSystemMetrics (nIndex=50) returned 16 [0105.364] CreateIconFromResourceEx (presbits=0x2495980, dwResSize=0x468, fIcon=1, dwVer=0x30000, cxDesired=0, cyDesired=0, Flags=0x0) returned 0x70143 [0105.371] SendMessageW (hWnd=0xb0292, Msg=0x80, wParam=0x0, lParam=0x70143) returned 0x0 [0105.371] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x80, wParam=0x0, lParam=0x70143) returned 0x0 [0105.372] SendMessageW (hWnd=0xb0292, Msg=0x80, wParam=0x1, lParam=0xb036d) returned 0x0 [0105.372] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x80, wParam=0x1, lParam=0xb036d) returned 0x0 [0105.375] GetSystemMenu (hWnd=0xb0292, bRevert=0) returned 0x36008b [0105.402] GetWindowPlacement (in: hWnd=0xb0292, lpwndpl=0x14e740 | out: lpwndpl=0x14e740) returned 1 [0105.446] EnableMenuItem (hMenu=0x36008b, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0105.446] EnableMenuItem (hMenu=0x36008b, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0105.446] EnableMenuItem (hMenu=0x36008b, uIDEnableItem=0xf120, uEnable=0x0) returned 0 [0105.446] EnableMenuItem (hMenu=0x36008b, uIDEnableItem=0xf000, uEnable=0x1) returned 0 [0105.527] SetWindowLongPtrW (hWnd=0xb0292, nIndex=-8, dwNewLong=0x60258) returned 0x60258 [0105.553] SendMessageW (hWnd=0x60258, Msg=0x80, wParam=0x1, lParam=0xb036d) returned 0x0 [0105.553] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60258, Msg=0x80, wParam=0x1, lParam=0xb036d) returned 0x0 [0105.568] GetWindowLongPtrW (hWnd=0xb0292, nIndex=-16) returned 0x26cf0000 [0105.568] GetWindowTextLengthW (hWnd=0xb0292) returned 0 [0105.568] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0105.568] GetSystemMetrics (nIndex=42) returned 0 [0105.568] CoTaskMemAlloc (cb=0x6) returned 0x5cea00 [0105.568] GetWindowTextW (in: hWnd=0xb0292, lpString=0x5cea00, nMaxCount=1 | out: lpString="") returned 0 [0105.568] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0xd, wParam=0x1, lParam=0x5cea00) returned 0x0 [0105.568] CoTaskMemFree (pv=0x5cea00) [0105.568] GetWindowTextLengthW (hWnd=0xb0292) returned 0 [0105.569] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0105.569] GetSystemMetrics (nIndex=42) returned 0 [0105.569] CoTaskMemAlloc (cb=0x6) returned 0x5ceac0 [0105.569] GetWindowTextW (in: hWnd=0xb0292, lpString=0x5ceac0, nMaxCount=1 | out: lpString="") returned 0 [0105.569] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0xd, wParam=0x1, lParam=0x5ceac0) returned 0x0 [0105.569] CoTaskMemFree (pv=0x5ceac0) [0105.569] GetWindowLongPtrW (hWnd=0xb0292, nIndex=-16) returned 0x26cf0000 [0105.577] GetWindowLongPtrW (hWnd=0xb0292, nIndex=-20) returned 0x10100 [0105.580] SetWindowLongPtrW (hWnd=0xb0292, nIndex=-16, dwNewLong=0x22cf0000) returned 0x26cf0000 [0105.580] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x7c, wParam=0xfffffffffffffff0, lParam=0x14e760) returned 0x0 [0105.581] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x7d, wParam=0xfffffffffffffff0, lParam=0x14e760) returned 0x0 [0105.582] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x70143 [0105.594] SetWindowLongPtrW (hWnd=0xb0292, nIndex=-20, dwNewLong=0x10000) returned 0x10100 [0105.594] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x7c, wParam=0xffffffffffffffec, lParam=0x14e760) returned 0x0 [0105.598] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x7d, wParam=0xffffffffffffffec, lParam=0x14e760) returned 0x0 [0105.669] SetWindowPos (hWnd=0xb0292, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0105.669] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x46, wParam=0x0, lParam=0x14e810) returned 0x0 [0105.669] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x83, wParam=0x1, lParam=0x14e7e0) returned 0x0 [0105.671] GetWindowPlacement (in: hWnd=0xb0292, lpwndpl=0x14e260 | out: lpwndpl=0x14e260) returned 1 [0105.671] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x47, wParam=0x0, lParam=0x14e810) returned 0x0 [0105.671] GetClientRect (in: hWnd=0xb0292, lpRect=0x14dff0 | out: lpRect=0x14dff0) returned 1 [0105.671] GetWindowRect (in: hWnd=0xb0292, lpRect=0x14dff0 | out: lpRect=0x14dff0) returned 1 [0105.677] RedrawWindow (hWnd=0xb0292, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0105.684] GetSystemMenu (hWnd=0xb0292, bRevert=0) returned 0x36008b [0105.684] GetWindowPlacement (in: hWnd=0xb0292, lpwndpl=0x14e740 | out: lpwndpl=0x14e740) returned 1 [0105.684] EnableMenuItem (hMenu=0x36008b, uIDEnableItem=0xf020, uEnable=0x1) returned 1 [0105.684] EnableMenuItem (hMenu=0x36008b, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0105.684] EnableMenuItem (hMenu=0x36008b, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0105.684] EnableMenuItem (hMenu=0x36008b, uIDEnableItem=0xf120, uEnable=0x0) returned 0 [0105.684] EnableMenuItem (hMenu=0x36008b, uIDEnableItem=0xf000, uEnable=0x1) returned 1 [0105.686] ShowWindow (hWnd=0xb0292, nCmdShow=2) returned 0 [0105.686] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x46, wParam=0x0, lParam=0x14ea60) returned 0x0 [0105.702] GetWindowPlacement (in: hWnd=0xb0292, lpwndpl=0x14e4b0 | out: lpwndpl=0x14e4b0) returned 1 [0105.703] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x47, wParam=0x0, lParam=0x14ea60) returned 0x0 [0105.703] GetClientRect (in: hWnd=0xb0292, lpRect=0x14e240 | out: lpRect=0x14e240) returned 1 [0105.703] GetWindowRect (in: hWnd=0xb0292, lpRect=0x14e240 | out: lpRect=0x14e240) returned 1 [0105.716] GetWindowTextLengthW (hWnd=0xb0292) returned 0 [0105.716] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0105.716] GetSystemMetrics (nIndex=42) returned 0 [0105.716] CoTaskMemAlloc (cb=0x6) returned 0x5cea90 [0105.716] GetWindowTextW (in: hWnd=0xb0292, lpString=0x5cea90, nMaxCount=1 | out: lpString="") returned 0 [0105.716] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0xd, wParam=0x1, lParam=0x5cea90) returned 0x0 [0105.716] CoTaskMemFree (pv=0x5cea90) [0105.720] SendMessageW (hWnd=0xb0292, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0105.722] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0105.791] GetWindowThreadProcessId (in: hWnd=0xb0292, lpdwProcessId=0x14e210 | out: lpdwProcessId=0x14e210) returned 0x1128 [0105.791] GetCurrentThreadId () returned 0x1128 [0105.799] RegisterClipboardFormatW (lpszFormat="WindowsForms12_ThreadCallbackMessage") returned 0xc1e3 [0105.802] PostMessageW (hWnd=0xb0292, Msg=0xc1e3, wParam=0x0, lParam=0x0) returned 1 [0105.896] OleInitialize (pvReserved=0x0) returned 0x0 [0105.904] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x14ebb0 | out: lplpMessageFilter=0x14ebb0*=0x0) returned 0x0 [0105.972] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 1 [0105.981] IsWindowUnicode (hWnd=0xb0292) returned 1 [0105.984] GetMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14ea90) returned 1 [0106.004] TranslateMessage (lpMsg=0x14eaa0) returned 0 [0106.006] DispatchMessageW (lpMsg=0x14eaa0) returned 0x0 [0106.006] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0 [0106.006] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 1 [0106.006] IsWindowUnicode (hWnd=0x60258) returned 1 [0106.006] GetMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14ea90) returned 1 [0106.007] TranslateMessage (lpMsg=0x14eaa0) returned 0 [0106.007] DispatchMessageW (lpMsg=0x14eaa0) returned 0x0 [0106.007] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60258, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0 [0106.011] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 1 [0106.011] IsWindowUnicode (hWnd=0xb0292) returned 1 [0106.012] GetMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14ea90) returned 1 [0106.012] TranslateMessage (lpMsg=0x14eaa0) returned 0 [0106.012] DispatchMessageW (lpMsg=0x14eaa0) returned 0x1 [0106.037] GetFocus () returned 0x0 [0106.038] ShowWindow (hWnd=0xb0292, nCmdShow=0) returned 1 [0106.038] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0 [0106.038] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x46, wParam=0x0, lParam=0x14d660) returned 0x0 [0106.041] GetWindowPlacement (in: hWnd=0xb0292, lpwndpl=0x14d0b0 | out: lpwndpl=0x14d0b0) returned 1 [0106.041] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x47, wParam=0x0, lParam=0x14d660) returned 0x0 [0106.041] GetClientRect (in: hWnd=0xb0292, lpRect=0x14ce40 | out: lpRect=0x14ce40) returned 1 [0106.041] GetWindowRect (in: hWnd=0xb0292, lpRect=0x14ce40 | out: lpRect=0x14ce40) returned 1 [0106.042] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x5, wParam=0x1, lParam=0x0) returned 0x0 [0106.042] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x3, wParam=0x0, lParam=0xffffffff83008300) returned 0x0 [0106.042] GetClientRect (in: hWnd=0xb0292, lpRect=0x14cf10 | out: lpRect=0x14cf10) returned 1 [0106.042] GetWindowRect (in: hWnd=0xb0292, lpRect=0x14cf10 | out: lpRect=0x14cf10) returned 1 [0106.083] CoTaskMemAlloc (cb=0x20c) returned 0x5de370 [0106.083] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x5de370, nSize=0x104 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe")) returned 0x62 [0106.084] CoTaskMemFree (pv=0x5de370) [0106.085] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop", nBufferLength=0x105, lpBuffer=0x14d340, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop", lpFilePart=0x0) returned 0x1d [0106.085] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop", nBufferLength=0x105, lpBuffer=0x14d480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop", lpFilePart=0x0) returned 0x1d [0106.086] SetCurrentDirectoryW (lpPathName="C:\\Users\\RDhJ0CNFevzX\\Desktop" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop")) returned 1 [0106.170] FindResourceExA (hModule=0x0, lpType=0xa, lpName=0x1, wLanguage=0x0) returned 0x422048 [0106.172] LoadResource (hModule=0x0, hResInfo=0x422048) returned 0x422058 [0106.173] SizeofResource (hModule=0x0, hResInfo=0x422048) returned 0x10808 [0106.174] LockResource (hResData=0x422058) returned 0x422058 [0106.220] GetVersionExW (in: lpVersionInformation=0x14d4f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14d4f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0106.250] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x14d780 | out: pfEnabled=0x14d780) returned 0x0 [0106.881] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe", nBufferLength=0x105, lpBuffer=0x14bfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe", lpFilePart=0x0) returned 0x62 [0106.940] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe", nBufferLength=0x105, lpBuffer=0x14bf40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe", lpFilePart=0x0) returned 0x62 [0107.081] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="Global\\{48fc9f6c-a1d6-42de-93fe-7ff2a24a16fa}") returned 0x2c8 [0107.107] CoTaskMemAlloc (cb=0x21) returned 0x1b381bd0 [0107.108] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Cryptography", ulOptions=0x0, samDesired=0x20119, phkResult=0x14d728 | out: phkResult=0x14d728*=0x2cc) returned 0x0 [0107.108] CoTaskMemFree (pv=0x1b381bd0) [0107.114] CoTaskMemAlloc (cb=0xd) returned 0x1b38e7b0 [0107.114] RegQueryValueExA (in: hKey=0x2cc, lpValueName="MachineGuid", lpReserved=0x0, lpType=0x14d6ec, lpData=0x0, lpcbData=0x14d6e8*=0x0 | out: lpType=0x14d6ec*=0x1, lpData=0x0, lpcbData=0x14d6e8*=0x25) returned 0x0 [0107.114] CoTaskMemFree (pv=0x1b38e7b0) [0107.114] CoTaskMemFree (pv=0x0) [0107.114] CoTaskMemAlloc (cb=0xd) returned 0x1b38e170 [0107.114] CoTaskMemAlloc (cb=0x29) returned 0x5c33a0 [0107.114] RegQueryValueExA (in: hKey=0x2cc, lpValueName="MachineGuid", lpReserved=0x0, lpType=0x14d6ec, lpData=0x5c33a0, lpcbData=0x14d6e8*=0x25 | out: lpType=0x14d6ec*=0x1, lpData="03845cb8-7441-4a2f-8c0f-c90408af5778", lpcbData=0x14d6e8*=0x25) returned 0x0 [0107.114] CoTaskMemFree (pv=0x1b38e170) [0107.114] CoTaskMemFree (pv=0x5c33a0) [0107.116] RegCloseKey (hKey=0x2cc) returned 0x0 [0107.119] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d6f8 | out: phkResult=0x14d6f8*=0x2cc) returned 0x0 [0107.120] RegQueryValueExW (in: hKey=0x2cc, lpValueName="EnableLUA", lpReserved=0x0, lpType=0x14d67c, lpData=0x0, lpcbData=0x14d678*=0x0 | out: lpType=0x14d67c*=0x4, lpData=0x0, lpcbData=0x14d678*=0x4) returned 0x0 [0107.121] RegQueryValueExW (in: hKey=0x2cc, lpValueName="EnableLUA", lpReserved=0x0, lpType=0x14d680, lpData=0x14d67c, lpcbData=0x14d678*=0x4 | out: lpType=0x14d680*=0x4, lpData=0x14d67c*=0x1, lpcbData=0x14d678*=0x4) returned 0x0 [0107.166] GetVersionExW (in: lpVersionInformation=0x14d5d0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14d5d0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0107.168] GetCurrentProcess () returned 0xffffffffffffffff [0107.169] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14d668 | out: TokenHandle=0x14d668*=0x2d0) returned 1 [0107.172] GetTokenInformation (in: TokenHandle=0x2d0, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14d588 | out: TokenInformation=0x0, ReturnLength=0x14d588) returned 0 [0107.172] GetTokenInformation (in: TokenHandle=0x2d0, TokenInformationClass=0x8, TokenInformation=0x5ce8b0, TokenInformationLength=0x4, ReturnLength=0x14d588 | out: TokenInformation=0x5ce8b0, ReturnLength=0x14d588) returned 1 [0107.174] DuplicateTokenEx (in: hExistingToken=0x2d0, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x14d6e8 | out: phNewToken=0x14d6e8*=0x2d4) returned 1 [0107.174] GetTokenInformation (in: TokenHandle=0x2d0, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14d588 | out: TokenInformation=0x0, ReturnLength=0x14d588) returned 0 [0107.174] GetTokenInformation (in: TokenHandle=0x2d0, TokenInformationClass=0x8, TokenInformation=0x5ce940, TokenInformationLength=0x4, ReturnLength=0x14d588 | out: TokenInformation=0x5ce940, ReturnLength=0x14d588) returned 1 [0107.174] CheckTokenMembership (in: TokenHandle=0x2d4, SidToCheck=0x250e6d0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x14d6f8 | out: IsMember=0x14d6f8) returned 1 [0107.174] CloseHandle (hObject=0x2d4) returned 1 [0107.183] GetCurrentProcess () returned 0xffffffffffffffff [0107.298] CoTaskMemAlloc (cb=0x20c) returned 0x5de370 [0107.298] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5de370 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0107.299] CoTaskMemFree (pv=0x5de370) [0107.299] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x14d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0107.301] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778", nBufferLength=0x105, lpBuffer=0x14d360, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778", lpFilePart=0x0) returned 0x4a [0107.301] SetErrorMode (uMode=0x1) returned 0x0 [0107.302] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778"), fInfoLevelId=0x0, lpFileInformation=0x14d480 | out: lpFileInformation=0x14d480*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0107.303] SetErrorMode (uMode=0x0) returned 0x1 [0107.303] SetErrorMode (uMode=0x1) returned 0x0 [0107.303] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming"), fInfoLevelId=0x0, lpFileInformation=0x14d480 | out: lpFileInformation=0x14d480*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x7db6d8fb, ftLastAccessTime.dwHighDateTime=0x1d8a741, ftLastWriteTime.dwLowDateTime=0x7db6d8fb, ftLastWriteTime.dwHighDateTime=0x1d8a741, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0107.303] SetErrorMode (uMode=0x0) returned 0x1 [0107.303] SetErrorMode (uMode=0x1) returned 0x0 [0107.303] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), fInfoLevelId=0x0, lpFileInformation=0x14d480 | out: lpFileInformation=0x14d480*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0107.304] SetErrorMode (uMode=0x0) returned 0x1 [0107.304] SetErrorMode (uMode=0x1) returned 0x0 [0107.304] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX" (normalized: "c:\\users\\rdhj0cnfevzx"), fInfoLevelId=0x0, lpFileInformation=0x14d480 | out: lpFileInformation=0x14d480*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ce179de, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x84ac775d, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84ac775d, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0107.304] SetErrorMode (uMode=0x0) returned 0x1 [0107.304] SetErrorMode (uMode=0x1) returned 0x0 [0107.304] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x14d480 | out: lpFileInformation=0x14d480*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x3ce179de, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3ce179de, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0107.305] SetErrorMode (uMode=0x0) returned 0x1 [0107.305] CreateDirectoryW (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778"), lpSecurityAttributes=0x0) returned 1 [0107.323] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\run.dat", nBufferLength=0x105, lpBuffer=0x14d350, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\run.dat", lpFilePart=0x0) returned 0x52 [0107.323] SetErrorMode (uMode=0x1) returned 0x0 [0107.324] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\run.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\run.dat"), fInfoLevelId=0x0, lpFileInformation=0x14d560 | out: lpFileInformation=0x14d560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0107.324] SetErrorMode (uMode=0x0) returned 0x1 [0107.334] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\run.dat", nBufferLength=0x105, lpBuffer=0x14d080, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\run.dat", lpFilePart=0x0) returned 0x52 [0107.334] SetErrorMode (uMode=0x1) returned 0x0 [0107.336] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\run.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\run.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d4 [0107.338] GetFileType (hFile=0x2d4) returned 0x1 [0107.338] SetErrorMode (uMode=0x0) returned 0x1 [0107.338] GetFileType (hFile=0x2d4) returned 0x1 [0107.341] WriteFile (in: hFile=0x2d4, lpBuffer=0x2511238*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x14d558, lpOverlapped=0x0 | out: lpBuffer=0x2511238*, lpNumberOfBytesWritten=0x14d558*=0x8, lpOverlapped=0x0) returned 1 [0107.343] CloseHandle (hObject=0x2d4) returned 1 [0107.404] CoTaskMemAlloc (cb=0x20c) returned 0x5de590 [0107.404] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x5de590 | out: pszPath="C:\\Program Files") returned 0x0 [0107.406] CoTaskMemFree (pv=0x5de590) [0107.406] GetFullPathNameW (in: lpFileName="C:\\Program Files", nBufferLength=0x105, lpBuffer=0x14d310, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files", lpFilePart=0x0) returned 0x10 [0107.421] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\Exceptions\\1.2.2.0", nBufferLength=0x105, lpBuffer=0x14d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\Exceptions\\1.2.2.0", lpFilePart=0x0) returned 0x5d [0107.421] SetErrorMode (uMode=0x1) returned 0x0 [0107.421] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\Exceptions\\1.2.2.0" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\exceptions\\1.2.2.0"), fInfoLevelId=0x0, lpFileInformation=0x14d640 | out: lpFileInformation=0x14d640*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0107.421] SetErrorMode (uMode=0x0) returned 0x1 [0107.598] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service", nBufferLength=0x105, lpBuffer=0x14d430, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service", lpFilePart=0x0) returned 0x1c [0107.598] SetErrorMode (uMode=0x1) returned 0x0 [0107.598] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\AGP Service" (normalized: "c:\\program files\\agp service"), fInfoLevelId=0x0, lpFileInformation=0x14d550 | out: lpFileInformation=0x14d550*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0107.599] SetErrorMode (uMode=0x0) returned 0x1 [0107.599] SetErrorMode (uMode=0x1) returned 0x0 [0107.599] GetFileAttributesExW (in: lpFileName="C:\\Program Files" (normalized: "c:\\program files"), fInfoLevelId=0x0, lpFileInformation=0x14d550 | out: lpFileInformation=0x14d550*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x9050d1cb, ftLastAccessTime.dwHighDateTime=0x1d8a741, ftLastWriteTime.dwLowDateTime=0x9050d1cb, ftLastWriteTime.dwHighDateTime=0x1d8a741, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0107.599] SetErrorMode (uMode=0x0) returned 0x1 [0107.599] CreateDirectoryW (lpPathName="C:\\Program Files\\AGP Service" (normalized: "c:\\program files\\agp service"), lpSecurityAttributes=0x0) returned 1 [0107.613] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe", nBufferLength=0x105, lpBuffer=0x14d390, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service\\agpsvc.exe", lpFilePart=0x0) returned 0x27 [0107.614] SetErrorMode (uMode=0x1) returned 0x0 [0107.614] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe" (normalized: "c:\\program files\\agp service\\agpsvc.exe"), fInfoLevelId=0x0, lpFileInformation=0x14d5a0 | out: lpFileInformation=0x14d5a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0107.614] SetErrorMode (uMode=0x0) returned 0x1 [0107.614] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe", nBufferLength=0x105, lpBuffer=0x14d3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service\\agpsvc.exe", lpFilePart=0x0) returned 0x27 [0107.615] DeleteFileW (lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe" (normalized: "c:\\program files\\agp service\\agpsvc.exe")) returned 0 [0107.645] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe", nBufferLength=0x105, lpBuffer=0x14d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe", lpFilePart=0x0) returned 0x62 [0107.652] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe", nBufferLength=0x105, lpBuffer=0x14d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe", lpFilePart=0x0) returned 0x62 [0107.653] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe", nBufferLength=0x105, lpBuffer=0x14d390, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe", lpFilePart=0x0) returned 0x62 [0107.653] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe", nBufferLength=0x105, lpBuffer=0x14d390, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service\\agpsvc.exe", lpFilePart=0x0) returned 0x27 [0107.654] CopyFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe"), lpNewFileName="C:\\Program Files\\AGP Service\\agpsvc.exe" (normalized: "c:\\program files\\agp service\\agpsvc.exe"), bFailIfExists=1) returned 1 [0109.065] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x14d7e8 | out: phkResult=0x14d7e8*=0x2d4) returned 0x0 [0109.072] RegQueryValueExW (in: hKey=0x2d4, lpValueName="AGP Service", lpReserved=0x0, lpType=0x14d6fc, lpData=0x0, lpcbData=0x14d6f8*=0x0 | out: lpType=0x14d6fc*=0x0, lpData=0x0, lpcbData=0x14d6f8*=0x0) returned 0x2 [0109.079] RegSetValueExW (in: hKey=0x2d4, lpValueName="AGP Service", Reserved=0x0, dwType=0x1, lpData="C:\\Program Files\\AGP Service\\agpsvc.exe", cbData=0x50 | out: lpData="C:\\Program Files\\AGP Service\\agpsvc.exe") returned 0x0 [0109.098] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x14d788 | out: phkResult=0x14d788*=0x2dc) returned 0x0 [0109.098] RegQueryValueExW (in: hKey=0x2dc, lpValueName="AGP Service", lpReserved=0x0, lpType=0x14d70c, lpData=0x0, lpcbData=0x14d708*=0x0 | out: lpType=0x14d70c*=0x0, lpData=0x0, lpcbData=0x14d708*=0x0) returned 0x2 [0109.098] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe", nBufferLength=0x105, lpBuffer=0x14d250, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe", lpFilePart=0x0) returned 0x62 [0109.156] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\AGP Service\\agpsvc.exe", nBufferLength=0x105, lpBuffer=0x14d390, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\AGP Service\\agpsvc.exe", lpFilePart=0x0) returned 0x61 [0109.156] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\AGP Service\\agpsvc.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\agp service\\agpsvc.exe")) returned 0 [0109.890] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe", nBufferLength=0x105, lpBuffer=0x14d300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe", lpFilePart=0x0) returned 0x62 [0109.899] CoTaskMemAlloc (cb=0x74) returned 0x633b50 [0109.900] DeleteFileA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe:Zone.Identifier" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe:zone.identifier")) returned 0 [0109.900] CoTaskMemFree (pv=0x633b50) [0109.985] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x14c890 | out: TokenHandle=0x14c890*=0x368) returned 1 [0109.985] AdjustTokenPrivileges (in: TokenHandle=0x368, DisableAllPrivileges=0, NewState=0x253f1e0*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0109.987] CloseHandle (hObject=0x368) returned 1 [0109.987] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x14d7d0 | out: TokenHandle=0x14d7d0*=0x368) returned 1 [0109.987] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x14d7b0 | out: lpLuid=0x14d7b0*(LowPart=0x14, HighPart=0)) returned 1 [0109.988] AdjustTokenPrivileges (in: TokenHandle=0x368, DisableAllPrivileges=0, NewState=0x253f200*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0109.988] CloseHandle (hObject=0x368) returned 1 [0109.993] GetCurrentProcess () returned 0xffffffffffffffff [0109.993] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x14d7d0 | out: TokenHandle=0x14d7d0*=0x368) returned 1 [0109.993] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x14d7b0 | out: lpLuid=0x14d7b0*(LowPart=0x14, HighPart=0)) returned 1 [0109.994] AdjustTokenPrivileges (in: TokenHandle=0x368, DisableAllPrivileges=0, NewState=0x253f220*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x0))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0109.994] CloseHandle (hObject=0x368) returned 1 [0110.000] GetSystemInfo (in: lpSystemInfo=0x14c840 | out: lpSystemInfo=0x14c840*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0110.181] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\catalog.dat", nBufferLength=0x105, lpBuffer=0x14d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\catalog.dat", lpFilePart=0x0) returned 0x56 [0110.181] SetErrorMode (uMode=0x1) returned 0x0 [0110.181] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\catalog.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\catalog.dat"), fInfoLevelId=0x0, lpFileInformation=0x14d3f0 | out: lpFileInformation=0x14d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0110.181] SetErrorMode (uMode=0x0) returned 0x1 [0110.232] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\storage.dat", nBufferLength=0x105, lpBuffer=0x14d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\storage.dat", lpFilePart=0x0) returned 0x56 [0110.232] SetErrorMode (uMode=0x1) returned 0x0 [0110.232] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\storage.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\storage.dat"), fInfoLevelId=0x0, lpFileInformation=0x14d3d0 | out: lpFileInformation=0x14d3d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0110.233] SetErrorMode (uMode=0x0) returned 0x1 [0110.709] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4e00, lpName=0x0) returned 0x38c [0110.852] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin", nBufferLength=0x105, lpBuffer=0x14d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin", lpFilePart=0x0) returned 0x57 [0110.853] SetErrorMode (uMode=0x1) returned 0x0 [0110.853] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\settings.bin"), fInfoLevelId=0x0, lpFileInformation=0x14d5d0 | out: lpFileInformation=0x14d5d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0110.854] SetErrorMode (uMode=0x0) returned 0x1 [0110.875] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bak", nBufferLength=0x105, lpBuffer=0x14a9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bak", lpFilePart=0x0) returned 0x57 [0110.876] SetErrorMode (uMode=0x1) returned 0x0 [0110.876] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bak" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\settings.bak"), fInfoLevelId=0x0, lpFileInformation=0x14abf0 | out: lpFileInformation=0x14abf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0110.876] SetErrorMode (uMode=0x0) returned 0x1 [0111.052] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x13200, lpName=0x0) returned 0x3a8 [0111.311] CoTaskMemAlloc (cb=0x204) returned 0x1b3c54a0 [0111.311] GetUserNameW (in: lpBuffer=0x1b3c54a0, pcbBuffer=0x14c9e8 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x14c9e8) returned 1 [0111.320] CoTaskMemFree (pv=0x1b3c54a0) [0111.399] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\Logs\\RDhJ0CNFevzX", nBufferLength=0x105, lpBuffer=0x14c600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\Logs\\RDhJ0CNFevzX", lpFilePart=0x0) returned 0x5c [0111.399] SetErrorMode (uMode=0x1) returned 0x0 [0111.399] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\Logs\\RDhJ0CNFevzX" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\logs\\rdhj0cnfevzx"), fInfoLevelId=0x0, lpFileInformation=0x14c720 | out: lpFileInformation=0x14c720*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0111.399] SetErrorMode (uMode=0x0) returned 0x1 [0111.399] SetErrorMode (uMode=0x1) returned 0x0 [0111.400] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\Logs" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\logs"), fInfoLevelId=0x0, lpFileInformation=0x14c720 | out: lpFileInformation=0x14c720*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0111.400] SetErrorMode (uMode=0x0) returned 0x1 [0111.400] SetErrorMode (uMode=0x1) returned 0x0 [0111.400] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778"), fInfoLevelId=0x0, lpFileInformation=0x14c720 | out: lpFileInformation=0x14c720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe5f456f1, ftCreationTime.dwHighDateTime=0x1d8a905, ftLastAccessTime.dwLowDateTime=0xe5f91b8d, ftLastAccessTime.dwHighDateTime=0x1d8a905, ftLastWriteTime.dwLowDateTime=0xe5f91b8d, ftLastWriteTime.dwHighDateTime=0x1d8a905, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0111.400] SetErrorMode (uMode=0x0) returned 0x1 [0111.400] SetErrorMode (uMode=0x1) returned 0x0 [0111.400] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming"), fInfoLevelId=0x0, lpFileInformation=0x14c720 | out: lpFileInformation=0x14c720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe5f456f1, ftLastAccessTime.dwHighDateTime=0x1d8a905, ftLastWriteTime.dwLowDateTime=0xe5f456f1, ftLastWriteTime.dwHighDateTime=0x1d8a905, nFileSizeHigh=0x0, nFileSizeLow=0x3000)) returned 1 [0111.401] SetErrorMode (uMode=0x0) returned 0x1 [0111.401] SetErrorMode (uMode=0x1) returned 0x0 [0111.401] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), fInfoLevelId=0x0, lpFileInformation=0x14c720 | out: lpFileInformation=0x14c720*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0111.401] SetErrorMode (uMode=0x0) returned 0x1 [0111.401] SetErrorMode (uMode=0x1) returned 0x0 [0111.401] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX" (normalized: "c:\\users\\rdhj0cnfevzx"), fInfoLevelId=0x0, lpFileInformation=0x14c720 | out: lpFileInformation=0x14c720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ce179de, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x84ac775d, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84ac775d, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0111.401] SetErrorMode (uMode=0x0) returned 0x1 [0111.401] SetErrorMode (uMode=0x1) returned 0x0 [0111.401] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x14c720 | out: lpFileInformation=0x14c720*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x3ce179de, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3ce179de, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0111.401] SetErrorMode (uMode=0x0) returned 0x1 [0111.402] CreateDirectoryW (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\Logs" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\logs"), lpSecurityAttributes=0x0) returned 1 [0111.403] CreateDirectoryW (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\Logs\\RDhJ0CNFevzX" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\logs\\rdhj0cnfevzx"), lpSecurityAttributes=0x0) returned 1 [0111.505] SetErrorMode (uMode=0x1) returned 0x0 [0111.505] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x143650 | out: lpFileInformation=0x143650*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0111.505] SetErrorMode (uMode=0x0) returned 0x1 [0111.550] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3000, lpName=0x0) returned 0x3b8 [0111.963] GetWindowThreadProcessId (in: hWnd=0xb0292, lpdwProcessId=0x14c900 | out: lpdwProcessId=0x14c900) returned 0x1128 [0111.963] GetCurrentThreadId () returned 0x1128 [0111.977] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0111.977] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.378734a", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x60082 [0111.981] SetWindowLongPtrW (hWnd=0x60082, nIndex=-4, dwNewLong=0x7ffa16814a40) returned 0x213079c [0111.982] GetWindowLongPtrW (hWnd=0x60082, nIndex=-4) returned 0x7ffa16814a40 [0111.982] SetWindowLongPtrW (hWnd=0x60082, nIndex=-4, dwNewLong=0x1b5f24cc) returned 0x7ffa16814a40 [0111.982] GetWindowLongPtrW (hWnd=0x60082, nIndex=-4) returned 0x1b5f24cc [0111.982] GetWindowLongPtrW (hWnd=0x60082, nIndex=-16) returned 0x4c00000 [0111.985] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0x24, wParam=0x0, lParam=0x14bfc0) returned 0x0 [0111.985] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0x81, wParam=0x0, lParam=0x14bf40) returned 0x1 [0111.986] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0x83, wParam=0x0, lParam=0x14bfe0) returned 0x0 [0111.988] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0x1, wParam=0x0, lParam=0x14bf40) returned 0x0 [0111.992] CoTaskMemAlloc (cb=0x10) returned 0x1b3be7b0 [0111.992] RegisterRawInputDevices (pRawInputDevices=0x1b3be7b0, uiNumDevices=0x1, cbSize=0x10) returned 1 [0111.993] CoTaskMemFree (pv=0x1b3be7b0) [0111.995] SetClipboardViewer (hWndNewViewer=0x60082) returned 0x0 [0111.996] SendMessageA (hWnd=0x0, Msg=0x308, wParam=0x0, lParam=0x0) returned 0x0 [0111.996] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0x308, wParam=0x0, lParam=0x0) returned 0x0 [0112.015] CoCreateGuid (in: pguid=0x14d8f0 | out: pguid=0x14d8f0*(Data1=0x96471173, Data2=0xc24f, Data3=0x439c, Data4=([0]=0x99, [1]=0x3f, [2]=0x81, [3]=0x26, [4]=0x84, [5]=0x7b, [6]=0x67, [7]=0xe5))) returned 0x0 [0112.046] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x14c778 | out: phkResult=0x14c778*=0x3bc) returned 0x0 [0112.046] RegQueryValueExW (in: hKey=0x3bc, lpValueName="InstallationType", lpReserved=0x0, lpType=0x14c6fc, lpData=0x0, lpcbData=0x14c6f8*=0x0 | out: lpType=0x14c6fc*=0x1, lpData=0x0, lpcbData=0x14c6f8*=0xe) returned 0x0 [0112.047] CoTaskMemAlloc (cb=0x12) returned 0x1b3be670 [0112.047] RegQueryValueExW (in: hKey=0x3bc, lpValueName="InstallationType", lpReserved=0x0, lpType=0x14c6cc, lpData=0x1b3be670, lpcbData=0x14c6c8*=0xe | out: lpType=0x14c6cc*=0x1, lpData="Client", lpcbData=0x14c6c8*=0xe) returned 0x0 [0112.047] CoTaskMemFree (pv=0x1b3be670) [0112.047] RegCloseKey (hKey=0x3bc) returned 0x0 [0112.104] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 1 [0112.104] IsWindowUnicode (hWnd=0x60082) returned 1 [0112.104] GetMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14ea90) returned 1 [0112.104] TranslateMessage (lpMsg=0x14eaa0) returned 0 [0112.104] DispatchMessageW (lpMsg=0x14eaa0) returned 0x0 [0112.104] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0 [0112.104] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 0 [0112.111] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 0 [0112.111] WaitMessage () returned 1 [0121.870] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 1 [0121.871] IsWindowUnicode (hWnd=0xb0292) returned 1 [0121.871] GetMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14ea90) returned 1 [0121.871] TranslateMessage (lpMsg=0x14eaa0) returned 0 [0121.871] DispatchMessageW (lpMsg=0x14eaa0) returned 0x0 [0121.873] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 0 [0121.873] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 0 [0121.873] WaitMessage () returned 1 [0129.230] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 1 [0129.230] IsWindowUnicode (hWnd=0x60082) returned 1 [0129.230] GetMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14ea90) returned 1 [0129.230] TranslateMessage (lpMsg=0x14eaa0) returned 0 [0129.230] DispatchMessageW (lpMsg=0x14eaa0) returned 0x0 [0129.516] GetRawInputData (in: hRawInput=0x1100d3, uiCommand=0x10000003, pData=0x14e488, pcbSize=0x14e480, cbSizeHeader=0x18 | out: pData=0x14e488, pcbSize=0x14e480) returned 0x28 [0129.522] GetKeyboardState (in: lpKeyState=0x24a8668 | out: lpKeyState=0x24a8668) returned 1 [0130.317] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0xff, wParam=0x1, lParam=0x1100d3) returned 0x0 [0130.323] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 1 [0130.323] IsWindowUnicode (hWnd=0x60082) returned 1 [0130.324] GetMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14ea90) returned 1 [0130.324] TranslateMessage (lpMsg=0x14eaa0) returned 0 [0130.324] DispatchMessageW (lpMsg=0x14eaa0) returned 0x0 [0130.324] GetRawInputData (in: hRawInput=0x60149, uiCommand=0x10000003, pData=0x14e488, pcbSize=0x14e480, cbSizeHeader=0x18 | out: pData=0x14e488, pcbSize=0x14e480) returned 0x28 [0130.324] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0xff, wParam=0x1, lParam=0x60149) returned 0x0 [0130.324] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 1 [0130.324] IsWindowUnicode (hWnd=0x60082) returned 1 [0130.324] GetMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14ea90) returned 1 [0130.324] TranslateMessage (lpMsg=0x14eaa0) returned 0 [0130.324] DispatchMessageW (lpMsg=0x14eaa0) returned 0x0 [0130.324] GetRawInputData (in: hRawInput=0xa0139, uiCommand=0x10000003, pData=0x14e488, pcbSize=0x14e480, cbSizeHeader=0x18 | out: pData=0x14e488, pcbSize=0x14e480) returned 0x28 [0130.324] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0xff, wParam=0x1, lParam=0xa0139) returned 0x0 [0130.324] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 1 [0130.324] IsWindowUnicode (hWnd=0x60082) returned 1 [0130.324] GetMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14ea90) returned 1 [0130.324] TranslateMessage (lpMsg=0x14eaa0) returned 0 [0130.324] DispatchMessageW (lpMsg=0x14eaa0) returned 0x0 [0130.325] GetRawInputData (in: hRawInput=0x20010f, uiCommand=0x10000003, pData=0x14e488, pcbSize=0x14e480, cbSizeHeader=0x18 | out: pData=0x14e488, pcbSize=0x14e480) returned 0x28 [0130.325] GetKeyboardState (in: lpKeyState=0x24a8668 | out: lpKeyState=0x24a8668) returned 1 [0130.325] MapVirtualKeyExA (uCode=0x12, uMapType=0x2, dwhkl=0x4090409) returned 0x0 [0130.325] ToUnicodeEx (in: wVirtKey=0x12, wScanCode=0x38, lpKeyState=0x24a8668, pwszBuff=0x24a8648, cchBuff=2, wFlags=0x0, dwhkl=0x4090409 | out: pwszBuff="") returned 0 [0130.325] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0xff, wParam=0x1, lParam=0x20010f) returned 0x0 [0130.325] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 1 [0130.325] IsWindowUnicode (hWnd=0x60082) returned 1 [0130.325] GetMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14ea90) returned 1 [0130.325] TranslateMessage (lpMsg=0x14eaa0) returned 0 [0130.325] DispatchMessageW (lpMsg=0x14eaa0) returned 0x0 [0130.325] GetRawInputData (in: hRawInput=0xf02a3, uiCommand=0x10000003, pData=0x14e488, pcbSize=0x14e480, cbSizeHeader=0x18 | out: pData=0x14e488, pcbSize=0x14e480) returned 0x28 [0130.325] GetKeyboardState (in: lpKeyState=0x24a8668 | out: lpKeyState=0x24a8668) returned 1 [0130.641] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\Logs\\RDhJ0CNFevzX\\KB_26088703.dat", nBufferLength=0x105, lpBuffer=0x14dd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\Logs\\RDhJ0CNFevzX\\KB_26088703.dat", lpFilePart=0x0) returned 0x6c [0130.641] SetErrorMode (uMode=0x1) returned 0x0 [0130.642] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\Logs\\RDhJ0CNFevzX\\KB_26088703.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\logs\\rdhj0cnfevzx\\kb_26088703.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x488 [0130.658] GetFileType (hFile=0x488) returned 0x1 [0130.658] SetErrorMode (uMode=0x0) returned 0x1 [0130.658] GetFileType (hFile=0x488) returned 0x1 [0131.160] WriteFile (in: hFile=0x488, lpBuffer=0x26c8d88*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x14e1f8, lpOverlapped=0x0 | out: lpBuffer=0x26c8d88*, lpNumberOfBytesWritten=0x14e1f8*=0x5, lpOverlapped=0x0) returned 1 [0131.162] GetFileSize (in: hFile=0x488, lpFileSizeHigh=0x14e338 | out: lpFileSizeHigh=0x14e338*=0x0) returned 0x5 [0131.162] WriteFile (in: hFile=0x488, lpBuffer=0x26c8d88*, nNumberOfBytesToWrite=0x17, lpNumberOfBytesWritten=0x14e1f8, lpOverlapped=0x0 | out: lpBuffer=0x26c8d88*, lpNumberOfBytesWritten=0x14e1f8*=0x17, lpOverlapped=0x0) returned 1 [0131.162] GetFileSize (in: hFile=0x488, lpFileSizeHigh=0x14e338 | out: lpFileSizeHigh=0x14e338*=0x0) returned 0x1c [0131.436] WriteFile (in: hFile=0x488, lpBuffer=0x26c8d88*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x14e298, lpOverlapped=0x0 | out: lpBuffer=0x26c8d88*, lpNumberOfBytesWritten=0x14e298*=0x2, lpOverlapped=0x0) returned 1 [0131.436] GetFileSize (in: hFile=0x488, lpFileSizeHigh=0x14e3d8 | out: lpFileSizeHigh=0x14e3d8*=0x0) returned 0x1e [0131.436] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0xff, wParam=0x1, lParam=0xf02a3) returned 0x0 [0131.436] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 1 [0131.557] IsWindowUnicode (hWnd=0x60082) returned 1 [0131.557] GetMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14ea90) returned 1 [0131.557] TranslateMessage (lpMsg=0x14eaa0) returned 0 [0131.558] DispatchMessageW (lpMsg=0x14eaa0) returned 0x0 [0131.558] GetRawInputData (in: hRawInput=0x8013f, uiCommand=0x10000003, pData=0x14e488, pcbSize=0x14e480, cbSizeHeader=0x18 | out: pData=0x14e488, pcbSize=0x14e480) returned 0x28 [0131.558] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0xff, wParam=0x1, lParam=0x8013f) returned 0x0 [0131.558] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 1 [0131.558] IsWindowUnicode (hWnd=0x60082) returned 1 [0131.558] GetMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14ea90) returned 1 [0131.558] TranslateMessage (lpMsg=0x14eaa0) returned 0 [0131.558] DispatchMessageW (lpMsg=0x14eaa0) returned 0x0 [0131.558] GetRawInputData (in: hRawInput=0xc00b3, uiCommand=0x10000003, pData=0x14e488, pcbSize=0x14e480, cbSizeHeader=0x18 | out: pData=0x14e488, pcbSize=0x14e480) returned 0x28 [0131.558] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0xff, wParam=0x1, lParam=0xc00b3) returned 0x0 [0131.558] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 1 [0131.558] IsWindowUnicode (hWnd=0x60082) returned 1 [0131.558] GetMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14ea90) returned 1 [0131.558] TranslateMessage (lpMsg=0x14eaa0) returned 0 [0131.558] DispatchMessageW (lpMsg=0x14eaa0) returned 0x0 [0131.558] GetRawInputData (in: hRawInput=0x20377, uiCommand=0x10000003, pData=0x14e488, pcbSize=0x14e480, cbSizeHeader=0x18 | out: pData=0x14e488, pcbSize=0x14e480) returned 0x28 [0131.558] GetKeyboardState (in: lpKeyState=0x24a8668 | out: lpKeyState=0x24a8668) returned 1 [0131.558] MapVirtualKeyExA (uCode=0x27, uMapType=0x2, dwhkl=0x4090409) returned 0x0 [0131.559] ToUnicodeEx (in: wVirtKey=0x27, wScanCode=0x4d, lpKeyState=0x24a8668, pwszBuff=0x24a8648, cchBuff=2, wFlags=0x0, dwhkl=0x4090409 | out: pwszBuff="") returned 0 [0131.559] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0xff, wParam=0x1, lParam=0x20377) returned 0x0 [0131.559] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 1 [0131.559] IsWindowUnicode (hWnd=0x60082) returned 1 [0131.559] GetMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14ea90) returned 1 [0131.559] TranslateMessage (lpMsg=0x14eaa0) returned 0 [0131.559] DispatchMessageW (lpMsg=0x14eaa0) returned 0x0 [0131.559] GetRawInputData (in: hRawInput=0x10379, uiCommand=0x10000003, pData=0x14e488, pcbSize=0x14e480, cbSizeHeader=0x18 | out: pData=0x14e488, pcbSize=0x14e480) returned 0x28 [0131.559] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0xff, wParam=0x1, lParam=0x10379) returned 0x0 [0131.559] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 1 [0131.559] IsWindowUnicode (hWnd=0x60082) returned 1 [0131.559] GetMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14ea90) returned 1 [0131.559] TranslateMessage (lpMsg=0x14eaa0) returned 0 [0131.559] DispatchMessageW (lpMsg=0x14eaa0) returned 0x0 [0131.559] GetRawInputData (in: hRawInput=0x1037b, uiCommand=0x10000003, pData=0x14e488, pcbSize=0x14e480, cbSizeHeader=0x18 | out: pData=0x14e488, pcbSize=0x14e480) returned 0x28 [0131.559] GetKeyboardState (in: lpKeyState=0x24a8668 | out: lpKeyState=0x24a8668) returned 1 [0131.559] WriteFile (in: hFile=0x488, lpBuffer=0x26c8d88*, nNumberOfBytesToWrite=0x2b, lpNumberOfBytesWritten=0x14e1f8, lpOverlapped=0x0 | out: lpBuffer=0x26c8d88*, lpNumberOfBytesWritten=0x14e1f8*=0x2b, lpOverlapped=0x0) returned 1 [0131.560] GetFileSize (in: hFile=0x488, lpFileSizeHigh=0x14e338 | out: lpFileSizeHigh=0x14e338*=0x0) returned 0x49 [0131.561] WriteFile (in: hFile=0x488, lpBuffer=0x26c8d88*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x14e298, lpOverlapped=0x0 | out: lpBuffer=0x26c8d88*, lpNumberOfBytesWritten=0x14e298*=0x2, lpOverlapped=0x0) returned 1 [0131.562] GetFileSize (in: hFile=0x488, lpFileSizeHigh=0x14e3d8 | out: lpFileSizeHigh=0x14e3d8*=0x0) returned 0x4b [0131.562] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0xff, wParam=0x1, lParam=0x1037b) returned 0x0 [0131.562] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 1 [0131.562] IsWindowUnicode (hWnd=0x60082) returned 1 [0131.562] GetMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14ea90) returned 1 [0131.562] TranslateMessage (lpMsg=0x14eaa0) returned 0 [0131.562] DispatchMessageW (lpMsg=0x14eaa0) returned 0x0 [0131.562] GetRawInputData (in: hRawInput=0x1037d, uiCommand=0x10000003, pData=0x14e488, pcbSize=0x14e480, cbSizeHeader=0x18 | out: pData=0x14e488, pcbSize=0x14e480) returned 0x28 [0131.562] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0xff, wParam=0x1, lParam=0x1037d) returned 0x0 [0131.562] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 0 [0131.562] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 0 [0131.562] WaitMessage () returned 1 [0132.455] PeekMessageW (lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0) [0132.455] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0x3b, wParam=0x50e, lParam=0x0) returned 0x1 [0132.456] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0x11, wParam=0x0, lParam=0x0) returned 0x1 [0132.456] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60258, Msg=0x11, wParam=0x0, lParam=0x0) returned 0x1 [0134.688] GetCurrentProcess () returned 0xffffffffffffffff [0134.688] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x14da30 | out: TokenHandle=0x14da30*=0x490) returned 1 [0134.688] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x14da10 | out: lpLuid=0x14da10*(LowPart=0x14, HighPart=0)) returned 1 [0134.692] AdjustTokenPrivileges (in: TokenHandle=0x490, DisableAllPrivileges=0, NewState=0x2626e68*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0134.692] CloseHandle (hObject=0x490) returned 1 [0134.692] NtSetInformationProcess (ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x1d, ProcessInformation=0x14daf0, ProcessInformationLength=0x4) returned 0x0 [0134.692] GetCurrentProcess () returned 0xffffffffffffffff [0134.693] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x14da30 | out: TokenHandle=0x14da30*=0x490) returned 1 [0134.693] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x14da10 | out: lpLuid=0x14da10*(LowPart=0x14, HighPart=0)) returned 1 [0134.693] AdjustTokenPrivileges (in: TokenHandle=0x490, DisableAllPrivileges=0, NewState=0x2626e88*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x0))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0134.694] CloseHandle (hObject=0x490) returned 1 [0135.363] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin", nBufferLength=0x105, lpBuffer=0x14d690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin", lpFilePart=0x0) returned 0x57 [0135.363] SetErrorMode (uMode=0x1) returned 0x0 [0135.363] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\settings.bin"), fInfoLevelId=0x0, lpFileInformation=0x14d8a0 | out: lpFileInformation=0x14d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0135.364] SetErrorMode (uMode=0x0) returned 0x1 [0135.364] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin", nBufferLength=0x105, lpBuffer=0x14d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin", lpFilePart=0x0) returned 0x57 [0135.364] SetErrorMode (uMode=0x1) returned 0x0 [0135.364] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\settings.bin"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x490 [0135.366] GetFileType (hFile=0x490) returned 0x1 [0135.366] SetErrorMode (uMode=0x0) returned 0x1 [0135.366] GetFileType (hFile=0x490) returned 0x1 [0135.366] WriteFile (in: hFile=0x490, lpBuffer=0x26510a8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x14d898, lpOverlapped=0x0 | out: lpBuffer=0x26510a8*, lpNumberOfBytesWritten=0x14d898*=0x8, lpOverlapped=0x0) returned 1 [0135.367] CloseHandle (hObject=0x490) returned 1 [0135.369] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bak", nBufferLength=0x105, lpBuffer=0x14d660, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bak", lpFilePart=0x0) returned 0x57 [0135.369] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bak" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\settings.bak")) returned 0 [0135.453] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0x1c, wParam=0x1, lParam=0xe14) returned 0x0 [0135.453] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60258, Msg=0x1c, wParam=0x1, lParam=0xe14) returned 0x0 [0135.454] NtdllDefWindowProc_W (hWnd=0x601e0, Msg=0x1c, wParam=0x1, lParam=0xe14) returned 0x0 [0135.454] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x1c, wParam=0x1, lParam=0xe14) returned 0x0 [0135.454] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0x86, wParam=0x0, lParam=0x0) returned 0x1 [0135.458] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0x6, wParam=0x1, lParam=0x0) returned 0x0 [0135.475] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0 [0135.481] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0x282, wParam=0x2, lParam=0x0) returned 0x0 [0135.481] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0x7, wParam=0x0, lParam=0x0) returned 0x0 [0135.481] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0x86, wParam=0x0, lParam=0x0) returned 0x1 [0135.482] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0x6, wParam=0x0, lParam=0x0) returned 0x0 [0135.482] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0x1c, wParam=0x0, lParam=0xe64) returned 0x0 [0135.482] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60258, Msg=0x1c, wParam=0x0, lParam=0xe64) returned 0x0 [0135.483] NtdllDefWindowProc_W (hWnd=0x601e0, Msg=0x1c, wParam=0x0, lParam=0xe64) returned 0x0 [0135.483] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x1c, wParam=0x0, lParam=0xe64) returned 0x0 [0135.483] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0x8, wParam=0x0, lParam=0x0) returned 0x0 [0135.483] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0x281, wParam=0x0, lParam=0xc000000f) returned 0x0 [0135.483] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0x282, wParam=0x1, lParam=0x0) returned 0x0 [0135.484] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0x3b, wParam=0x50c, lParam=0x0) returned 0x2 [0135.484] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60082, Msg=0x16, wParam=0x1, lParam=0x0) returned 0x0 [0135.484] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60258, Msg=0x16, wParam=0x1, lParam=0x0) returned 0x0 [0135.484] NtdllDefWindowProc_W (hWnd=0x601e0, Msg=0x16, wParam=0x1, lParam=0x0) returned 0x0 [0135.874] DestroyCursor (hCursor=0x70143) returned 1 [0136.080] GetWindowLongPtrW (hWnd=0xb0292, nIndex=-20) returned 0x10100 [0136.089] DestroyWindow (hWnd=0xb0292) returned 1 [0136.089] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0136.329] PostThreadMessageW (idThread=0x1128, Msg=0x12, wParam=0x0, lParam=0x0) returned 1 [0136.331] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0136.373] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0xb0292, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0136.373] DestroyWindow (hWnd=0x60258) returned 1 [0136.374] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60258, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0136.374] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60258, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0136.376] CallWindowProcW (lpPrevWndFunc=0x7ffa16814a40, hWnd=0x60258, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 Thread: id = 2 os_tid = 0x1028 Thread: id = 3 os_tid = 0x10d8 Thread: id = 4 os_tid = 0x11bc [0094.546] CoGetContextToken (in: pToken=0x1ad5f730 | out: pToken=0x1ad5f730) returned 0x800401f0 [0094.547] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0111.825] LocalFree (hMem=0x5ce8b0) returned 0x0 [0111.826] LocalFree (hMem=0x5ce940) returned 0x0 [0111.826] RegCloseKey (hKey=0x2dc) returned 0x0 [0111.826] CloseHandle (hObject=0x2d0) returned 1 [0111.826] RegCloseKey (hKey=0x2cc) returned 0x0 [0111.827] RegCloseKey (hKey=0x2d4) returned 0x0 [0119.272] CloseHandle (hObject=0x3f0) returned 1 [0119.272] CloseHandle (hObject=0x3f8) returned 1 [0119.272] CloseHandle (hObject=0x3ec) returned 1 [0119.273] CloseHandle (hObject=0x3d4) returned 1 [0119.274] CloseHandle (hObject=0x3f4) returned 1 [0121.927] CloseHandle (hObject=0x41c) returned 1 [0121.927] CloseHandle (hObject=0x418) returned 1 [0121.928] CloseHandle (hObject=0x3f4) returned 1 [0122.707] CloseHandle (hObject=0x3fc) returned 1 [0122.707] CloseHandle (hObject=0x3cc) returned 1 Thread: id = 5 os_tid = 0xac0 [0110.053] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0130.839] SetThreadExecutionState (esFlags=0xffffffff80000001) returned 0x80000000 Thread: id = 6 os_tid = 0x1cc [0110.896] CoGetContextToken (in: pToken=0x1b8efc10 | out: pToken=0x1b8efc10) returned 0x0 [0110.896] CObjectContext::QueryInterface () returned 0x0 [0110.896] CObjectContext::GetCurrentThreadType () returned 0x0 [0110.896] Release () returned 0x0 [0110.897] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 7 os_tid = 0x644 Thread: id = 8 os_tid = 0x111c [0112.049] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0113.297] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe.config", nBufferLength=0x105, lpBuffer=0x1bbcebb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe.config", lpFilePart=0x0) returned 0x69 [0113.298] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe", nBufferLength=0x105, lpBuffer=0x1bbceb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe", lpFilePart=0x0) returned 0x62 [0114.010] GetCurrentProcess () returned 0xffffffffffffffff [0114.010] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1bbcec78 | out: TokenHandle=0x1bbcec78*=0x3cc) returned 1 [0114.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x1bbce8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30 [0114.230] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1bbced20 | out: lpFileInformation=0x1bbced20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe007f322, ftCreationTime.dwHighDateTime=0x1d705cc, ftLastAccessTime.dwLowDateTime=0xdda88158, ftLastAccessTime.dwHighDateTime=0x1d705cc, ftLastWriteTime.dwLowDateTime=0xe842278f, ftLastWriteTime.dwHighDateTime=0x1d705cc, nFileSizeHigh=0x0, nFileSizeLow=0x65b3)) returned 1 [0114.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1bbce870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45 [0114.269] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1bbcecd0 | out: lpFileInformation=0x1bbcecd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe007f322, ftCreationTime.dwHighDateTime=0x1d705cc, ftLastAccessTime.dwLowDateTime=0xdda88158, ftLastAccessTime.dwHighDateTime=0x1d705cc, ftLastWriteTime.dwLowDateTime=0xe842278f, ftLastWriteTime.dwHighDateTime=0x1d705cc, nFileSizeHigh=0x0, nFileSizeLow=0x65b3)) returned 1 [0114.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1bbce6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45 [0114.269] SetErrorMode (uMode=0x1) returned 0x0 [0114.270] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0114.270] GetFileType (hFile=0x3d4) returned 0x1 [0114.270] SetErrorMode (uMode=0x0) returned 0x1 [0114.270] GetFileType (hFile=0x3d4) returned 0x1 [0114.532] GetFileSize (in: hFile=0x3d4, lpFileSizeHigh=0x1bbcecc8 | out: lpFileSizeHigh=0x1bbcecc8*=0x0) returned 0x65b3 [0114.534] ReadFile (in: hFile=0x3d4, lpBuffer=0x253d7e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bbcebe8, lpOverlapped=0x0 | out: lpBuffer=0x253d7e8*, lpNumberOfBytesRead=0x1bbcebe8*=0x1000, lpOverlapped=0x0) returned 1 [0117.227] ReadFile (in: hFile=0x3d4, lpBuffer=0x251fda8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bbce8c8, lpOverlapped=0x0 | out: lpBuffer=0x251fda8*, lpNumberOfBytesRead=0x1bbce8c8*=0x1000, lpOverlapped=0x0) returned 1 [0117.368] ReadFile (in: hFile=0x3d4, lpBuffer=0x251fda8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bbce718, lpOverlapped=0x0 | out: lpBuffer=0x251fda8*, lpNumberOfBytesRead=0x1bbce718*=0x1000, lpOverlapped=0x0) returned 1 [0117.368] ReadFile (in: hFile=0x3d4, lpBuffer=0x251fda8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bbce718, lpOverlapped=0x0 | out: lpBuffer=0x251fda8*, lpNumberOfBytesRead=0x1bbce718*=0x1000, lpOverlapped=0x0) returned 1 [0117.368] ReadFile (in: hFile=0x3d4, lpBuffer=0x251fda8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bbce718, lpOverlapped=0x0 | out: lpBuffer=0x251fda8*, lpNumberOfBytesRead=0x1bbce718*=0x1000, lpOverlapped=0x0) returned 1 [0117.972] ReadFile (in: hFile=0x3d4, lpBuffer=0x251fda8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bbce868, lpOverlapped=0x0 | out: lpBuffer=0x251fda8*, lpNumberOfBytesRead=0x1bbce868*=0x1000, lpOverlapped=0x0) returned 1 [0117.973] ReadFile (in: hFile=0x3d4, lpBuffer=0x251fda8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bbce688, lpOverlapped=0x0 | out: lpBuffer=0x251fda8*, lpNumberOfBytesRead=0x1bbce688*=0x5b3, lpOverlapped=0x0) returned 1 [0117.973] ReadFile (in: hFile=0x3d4, lpBuffer=0x251fda8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bbce838, lpOverlapped=0x0 | out: lpBuffer=0x251fda8*, lpNumberOfBytesRead=0x1bbce838*=0x0, lpOverlapped=0x0) returned 1 [0117.981] CloseHandle (hObject=0x3d4) returned 1 [0117.987] GetCurrentProcess () returned 0xffffffffffffffff [0117.987] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1bbceec8 | out: TokenHandle=0x1bbceec8*=0x3d4) returned 1 [0117.989] GetCurrentProcess () returned 0xffffffffffffffff [0117.989] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1bbceec8 | out: TokenHandle=0x1bbceec8*=0x3ec) returned 1 [0117.990] GetCurrentProcess () returned 0xffffffffffffffff [0117.990] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1bbcec78 | out: TokenHandle=0x1bbcec78*=0x3f0) returned 1 [0117.991] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x1bbced20 | out: lpFileInformation=0x1bbced20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0117.991] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe.config", nBufferLength=0x105, lpBuffer=0x1bbce870, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe.config", lpFilePart=0x0) returned 0x69 [0117.992] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x1bbcecd0 | out: lpFileInformation=0x1bbcecd0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0117.993] GetCurrentProcess () returned 0xffffffffffffffff [0117.993] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1bbceec8 | out: TokenHandle=0x1bbceec8*=0x3f4) returned 1 [0117.994] GetCurrentProcess () returned 0xffffffffffffffff [0117.994] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1bbceec8 | out: TokenHandle=0x1bbceec8*=0x3f8) returned 1 [0118.307] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1bbcebc8 | out: TokenHandle=0x1bbcebc8*=0x3fc) returned 1 [0119.476] GetCurrentProcess () returned 0xffffffffffffffff [0119.477] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1bbcebc8 | out: TokenHandle=0x1bbcebc8*=0x3f4) returned 1 [0119.570] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x1bbcf348 | out: lpWSAData=0x1bbcf348) returned 0 [0119.582] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x418 [0119.599] setsockopt (s=0x418, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0119.600] closesocket (s=0x418) returned 0 [0119.601] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x418 [0119.602] setsockopt (s=0x418, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0119.602] closesocket (s=0x418) returned 0 [0119.610] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1bbcec58 | out: TokenHandle=0x1bbcec58*=0x418) returned 1 [0119.627] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1bbcec58 | out: TokenHandle=0x1bbcec58*=0x41c) returned 1 [0119.854] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe", nBufferLength=0x105, lpBuffer=0x1bbceb80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe", lpFilePart=0x0) returned 0x62 [0119.868] GetCurrentProcessId () returned 0x1120 [0119.877] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca530 [0119.878] GetComputerNameW (in: lpBuffer=0x1b3ca530, nSize=0x25d72a0 | out: lpBuffer="XC64ZB", nSize=0x25d72a0) returned 1 [0119.878] CoTaskMemFree (pv=0x1b3ca530) [0119.879] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1bbcf0a8 | out: phkResult=0x1bbcf0a8*=0x420) returned 0x0 [0119.881] RegQueryValueExW (in: hKey=0x420, lpValueName="Library", lpReserved=0x0, lpType=0x1bbcf00c, lpData=0x0, lpcbData=0x1bbcf008*=0x0 | out: lpType=0x1bbcf00c*=0x2, lpData=0x0, lpcbData=0x1bbcf008*=0x48) returned 0x0 [0119.881] CoTaskMemAlloc (cb=0x4c) returned 0x1b3c0cd0 [0119.881] RegQueryValueExW (in: hKey=0x420, lpValueName="Library", lpReserved=0x0, lpType=0x1bbcefdc, lpData=0x1b3c0cd0, lpcbData=0x1bbcefd8*=0x48 | out: lpType=0x1bbcefdc*=0x2, lpData="%systemroot%\\system32\\netfxperf.dll", lpcbData=0x1bbcefd8*=0x48) returned 0x0 [0119.881] CoTaskMemFree (pv=0x1b3c0cd0) [0119.881] RegQueryValueExW (in: hKey=0x420, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1bbcf02c, lpData=0x0, lpcbData=0x1bbcf028*=0x0 | out: lpType=0x1bbcf02c*=0x4, lpData=0x0, lpcbData=0x1bbcf028*=0x4) returned 0x0 [0119.881] RegQueryValueExW (in: hKey=0x420, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1bbcf030, lpData=0x1bbcf02c, lpcbData=0x1bbcf028*=0x4 | out: lpType=0x1bbcf030*=0x4, lpData=0x1bbcf02c*=0x1, lpcbData=0x1bbcf028*=0x4) returned 0x0 [0119.881] RegQueryValueExW (in: hKey=0x420, lpValueName="First Counter", lpReserved=0x0, lpType=0x1bbcf02c, lpData=0x0, lpcbData=0x1bbcf028*=0x0 | out: lpType=0x1bbcf02c*=0x4, lpData=0x0, lpcbData=0x1bbcf028*=0x4) returned 0x0 [0119.881] RegQueryValueExW (in: hKey=0x420, lpValueName="First Counter", lpReserved=0x0, lpType=0x1bbcf030, lpData=0x1bbcf02c, lpcbData=0x1bbcf028*=0x4 | out: lpType=0x1bbcf030*=0x4, lpData=0x1bbcf02c*=0x1770, lpcbData=0x1bbcf028*=0x4) returned 0x0 [0119.881] RegCloseKey (hKey=0x420) returned 0x0 [0119.884] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1bbcf068 | out: phkResult=0x1bbcf068*=0x420) returned 0x0 [0119.884] RegQueryValueExW (in: hKey=0x420, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1bbcefec, lpData=0x0, lpcbData=0x1bbcefe8*=0x0 | out: lpType=0x1bbcefec*=0x4, lpData=0x0, lpcbData=0x1bbcefe8*=0x4) returned 0x0 [0119.884] RegQueryValueExW (in: hKey=0x420, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1bbceff0, lpData=0x1bbcefec, lpcbData=0x1bbcefe8*=0x4 | out: lpType=0x1bbceff0*=0x4, lpData=0x1bbcefec*=0x3, lpcbData=0x1bbcefe8*=0x4) returned 0x0 [0119.884] RegQueryValueExW (in: hKey=0x420, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1bbcefec, lpData=0x0, lpcbData=0x1bbcefe8*=0x0 | out: lpType=0x1bbcefec*=0x4, lpData=0x0, lpcbData=0x1bbcefe8*=0x4) returned 0x0 [0119.884] RegQueryValueExW (in: hKey=0x420, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1bbceff0, lpData=0x1bbcefec, lpcbData=0x1bbcefe8*=0x4 | out: lpType=0x1bbceff0*=0x4, lpData=0x1bbcefec*=0x20000, lpcbData=0x1bbcefe8*=0x4) returned 0x0 [0119.884] RegQueryValueExW (in: hKey=0x420, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1bbcefec, lpData=0x0, lpcbData=0x1bbcefe8*=0x0 | out: lpType=0x1bbcefec*=0x3, lpData=0x0, lpcbData=0x1bbcefe8*=0xaa) returned 0x0 [0119.884] RegQueryValueExW (in: hKey=0x420, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1bbcefec, lpData=0x25da508, lpcbData=0x1bbcefe8*=0xaa | out: lpType=0x1bbcefec*=0x3, lpData=0x25da508*, lpcbData=0x1bbcefe8*=0xaa) returned 0x0 [0119.892] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x1bbcefa0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x42c [0119.893] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x1bd40000 [0119.894] VirtualQuery (in: lpAddress=0x1bd40000, lpBuffer=0x1bbcef98, dwLength=0x30 | out: lpBuffer=0x1bbcef98*(BaseAddress=0x1bd40000, AllocationBase=0x1bd40000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000, __alignment2=0x0)) returned 0x30 [0119.894] LocalFree (hMem=0x1b3ce3c0) returned 0x0 [0119.895] RegCloseKey (hKey=0x420) returned 0x0 [0119.896] GetVersionExW (in: lpVersionInformation=0x1bbcdf70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1bbcdf70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0119.896] GetVersionExW (in: lpVersionInformation=0x1bbcdf40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1bbcdf40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0119.897] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x25db058, cbSid=0x1bbcef80 | out: pSid=0x25db058*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1bbcef80) returned 1 [0119.898] CreateMutexW (lpMutexAttributes=0x25db260, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x420 [0119.900] WaitForSingleObject (hHandle=0x420, dwMilliseconds=0x1f4) returned 0x0 [0119.900] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x25db578, cbSid=0x1bbceee0 | out: pSid=0x25db578*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1bbceee0) returned 1 [0119.900] CreateMutexW (lpMutexAttributes=0x25db730, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0 [0119.900] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x430 [0119.901] WaitForSingleObject (hHandle=0x430, dwMilliseconds=0x1f4) returned 0x0 [0119.902] ReleaseMutex (hMutex=0x430) returned 1 [0119.902] CloseHandle (hObject=0x430) returned 1 [0119.903] GetCurrentProcessId () returned 0x1120 [0119.904] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1120) returned 0x0 [0119.904] ReleaseMutex (hMutex=0x420) returned 1 [0119.904] CloseHandle (hObject=0x420) returned 1 [0119.905] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x25dc408, cbSid=0x1bbcef80 | out: pSid=0x25dc408*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1bbcef80) returned 1 [0119.905] CreateMutexW (lpMutexAttributes=0x25dc5c0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x420 [0119.905] WaitForSingleObject (hHandle=0x420, dwMilliseconds=0x1f4) returned 0x0 [0119.906] ReleaseMutex (hMutex=0x420) returned 1 [0119.906] CloseHandle (hObject=0x420) returned 1 [0119.906] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x25dd090, cbSid=0x1bbcef80 | out: pSid=0x25dd090*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1bbcef80) returned 1 [0119.906] CreateMutexW (lpMutexAttributes=0x25dd248, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x420 [0119.906] WaitForSingleObject (hHandle=0x420, dwMilliseconds=0x1f4) returned 0x0 [0119.907] ReleaseMutex (hMutex=0x420) returned 1 [0119.907] CloseHandle (hObject=0x420) returned 1 [0119.907] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x25ddd10, cbSid=0x1bbcef80 | out: pSid=0x25ddd10*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1bbcef80) returned 1 [0119.907] CreateMutexW (lpMutexAttributes=0x25ddec8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x420 [0119.907] WaitForSingleObject (hHandle=0x420, dwMilliseconds=0x1f4) returned 0x0 [0119.908] ReleaseMutex (hMutex=0x420) returned 1 [0119.908] CloseHandle (hObject=0x420) returned 1 [0119.908] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x25de988, cbSid=0x1bbcef80 | out: pSid=0x25de988*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1bbcef80) returned 1 [0119.908] CreateMutexW (lpMutexAttributes=0x25deb40, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x420 [0119.908] WaitForSingleObject (hHandle=0x420, dwMilliseconds=0x1f4) returned 0x0 [0119.909] ReleaseMutex (hMutex=0x420) returned 1 [0119.909] CloseHandle (hObject=0x420) returned 1 [0119.911] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x25df5f8, cbSid=0x1bbcef30 | out: pSid=0x25df5f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1bbcef30) returned 1 [0119.911] CreateMutexW (lpMutexAttributes=0x25df7b0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x420 [0119.911] WaitForSingleObject (hHandle=0x420, dwMilliseconds=0x1f4) returned 0x0 [0119.912] ReleaseMutex (hMutex=0x420) returned 1 [0119.912] CloseHandle (hObject=0x420) returned 1 [0119.912] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x25e0280, cbSid=0x1bbcef30 | out: pSid=0x25e0280*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1bbcef30) returned 1 [0119.912] CreateMutexW (lpMutexAttributes=0x25e0438, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x420 [0119.912] WaitForSingleObject (hHandle=0x420, dwMilliseconds=0x1f4) returned 0x0 [0119.913] ReleaseMutex (hMutex=0x420) returned 1 [0119.913] CloseHandle (hObject=0x420) returned 1 [0119.913] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x25e0ed8, cbSid=0x1bbcef30 | out: pSid=0x25e0ed8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1bbcef30) returned 1 [0119.913] CreateMutexW (lpMutexAttributes=0x25e1090, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x420 [0119.913] WaitForSingleObject (hHandle=0x420, dwMilliseconds=0x1f4) returned 0x0 [0119.913] ReleaseMutex (hMutex=0x420) returned 1 [0119.914] CloseHandle (hObject=0x420) returned 1 [0119.914] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x25e1b40, cbSid=0x1bbcef30 | out: pSid=0x25e1b40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1bbcef30) returned 1 [0119.914] CreateMutexW (lpMutexAttributes=0x25e1cf8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x420 [0119.914] WaitForSingleObject (hHandle=0x420, dwMilliseconds=0x1f4) returned 0x0 [0119.914] ReleaseMutex (hMutex=0x420) returned 1 [0119.914] CloseHandle (hObject=0x420) returned 1 [0119.914] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x25e27a0, cbSid=0x1bbcef30 | out: pSid=0x25e27a0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1bbcef30) returned 1 [0119.915] CreateMutexW (lpMutexAttributes=0x25e2958, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x420 [0119.915] WaitForSingleObject (hHandle=0x420, dwMilliseconds=0x1f4) returned 0x0 [0119.915] ReleaseMutex (hMutex=0x420) returned 1 [0119.915] CloseHandle (hObject=0x420) returned 1 [0119.918] CoTaskMemAlloc (cb=0x22) returned 0x1b3bfed0 [0120.331] CoTaskMemFree (pv=0x1b3bfed0) [0120.331] CoTaskMemFree (pv=0x0) [0120.332] FreeAddrInfoW (pAddrInfo=0x1b393b00*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="牴獵整癤湰潣湮捥楴湯愮潮摮獮渮瑥", ai_addr=0x1b3cd910*(sa_family=2, sin_port=0x0, sin_addr="107.150.23.184"), ai_next=0x0)) [0120.396] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x454 [0120.404] setsockopt (s=0x454, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0120.477] bind (s=0x454, addr=0x2615808*(sa_family=2, sin_port=0x0, sin_addr="0.0.0.0"), namelen=16) returned 0 [0120.484] WSAIoctl (in: s=0x454, dwIoControlCode=0xc8000006, lpvInBuffer=0x1bbcf378, cbInBuffer=0x10, lpvOutBuffer=0x1bbcf370, cbOutBuffer=0x8, lpcbBytesReturned=0x1bbcf368, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x1bbcf370, lpcbBytesReturned=0x1bbcf368, lpOverlapped=0x0) returned 0 [0120.541] ConnectEx (in: s=0x454, name=0x26155b0*(sa_family=2, sin_port=0x9828, sin_addr="107.150.23.184"), namelen=16, lpSendBuffer=0x0, dwSendDataLength=0x0, lpdwBytesSent=0x1bbcf448, lpOverlapped=0x2538c90 | out: lpdwBytesSent=0x1bbcf448*=0x0) returned 0 [0120.543] GetForegroundWindow () returned 0x30020 [0120.544] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9f00 [0120.544] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9f00, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0120.544] CoTaskMemFree (pv=0x1b3c9f00) [0120.545] GetForegroundWindow () returned 0x30020 [0120.545] CoTaskMemAlloc (cb=0x204) returned 0x1b3c98d0 [0120.545] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c98d0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0120.545] CoTaskMemFree (pv=0x1b3c98d0) [0120.601] GetForegroundWindow () returned 0x30020 [0120.601] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca530 [0120.601] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca530, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0120.602] CoTaskMemFree (pv=0x1b3ca530) [0120.684] GetForegroundWindow () returned 0x30020 [0120.684] CoTaskMemAlloc (cb=0x204) returned 0x1b3cad70 [0120.684] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cad70, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0120.684] CoTaskMemFree (pv=0x1b3cad70) [0120.743] GetForegroundWindow () returned 0x100e4 [0120.743] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bbcf540 | out: lpdwProcessId=0x1bbcf540) returned 0x7b8 [0120.743] EnumProcesses (in: lpidProcess=0x2616958, cb=0x400, lpcbNeeded=0x1bbcf460 | out: lpidProcess=0x2616958, lpcbNeeded=0x1bbcf460) returned 1 [0120.747] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12671090, Length=0x20000, ResultLength=0x1bbcf400 | out: SystemInformation=0x12671090, ResultLength=0x1bbcf400*=0x1c2d8) returned 0x0 [0120.752] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0120.753] CoTaskMemAlloc (cb=0x204) returned 0x1b3caf80 [0120.753] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3caf80, nMaxCount=256 | out: lpString="FolderView") returned 10 [0120.753] CoTaskMemFree (pv=0x1b3caf80) [0120.818] GetForegroundWindow () returned 0x30020 [0120.818] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bbcf540 | out: lpdwProcessId=0x1bbcf540) returned 0x2f8 [0120.818] EnumProcesses (in: lpidProcess=0x2647be8, cb=0x400, lpcbNeeded=0x1bbcf460 | out: lpidProcess=0x2647be8, lpcbNeeded=0x1bbcf460) returned 1 [0120.823] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126910c0, Length=0x20000, ResultLength=0x1bbcf400 | out: SystemInformation=0x126910c0, ResultLength=0x1bbcf400*=0x1c328) returned 0x0 [0120.825] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0120.825] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9ae0 [0120.825] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9ae0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0120.825] CoTaskMemFree (pv=0x1b3c9ae0) [0120.914] GetForegroundWindow () returned 0x30020 [0120.914] CoTaskMemAlloc (cb=0x204) returned 0x1b3c96c0 [0120.914] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c96c0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0120.914] CoTaskMemFree (pv=0x1b3c96c0) [0121.008] GetForegroundWindow () returned 0x30020 [0121.009] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9f00 [0121.009] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9f00, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0121.009] CoTaskMemFree (pv=0x1b3c9f00) [0121.101] GetForegroundWindow () returned 0x30020 [0121.101] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9ae0 [0121.101] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9ae0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0121.102] CoTaskMemFree (pv=0x1b3c9ae0) [0121.487] WSASend (in: s=0x454, lpBuffers=0x1bbcf2e0*=((len=0xc, buf=0x124de9e7*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1bbcf2d8, dwFlags=0x0, lpOverlapped=0x2538c18, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1bbcf2d8*=0xc, lpOverlapped=0x2538c18) returned 0 [0121.523] GetForegroundWindow () returned 0x100e4 [0121.524] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bbcf540 | out: lpdwProcessId=0x1bbcf540) returned 0x7b8 [0121.524] EnumProcesses (in: lpidProcess=0x26dd8a0, cb=0x400, lpcbNeeded=0x1bbcf460 | out: lpidProcess=0x26dd8a0, lpcbNeeded=0x1bbcf460) returned 1 [0121.529] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126f1150, Length=0x20000, ResultLength=0x1bbcf400 | out: SystemInformation=0x126f1150, ResultLength=0x1bbcf400*=0x1c328) returned 0x0 [0121.538] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0121.538] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9ae0 [0121.539] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3c9ae0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0121.539] CoTaskMemFree (pv=0x1b3c9ae0) [0121.726] GetForegroundWindow () returned 0x30020 [0121.726] CoTaskMemAlloc (cb=0x204) returned 0x1b3cad70 [0121.726] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cad70, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0121.727] CoTaskMemFree (pv=0x1b3cad70) [0125.976] GetForegroundWindow () returned 0x30020 [0125.976] CoTaskMemAlloc (cb=0x204) returned 0x1b3c98d0 [0125.976] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c98d0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0125.977] CoTaskMemFree (pv=0x1b3c98d0) [0126.039] GetForegroundWindow () returned 0x30020 [0126.039] CoTaskMemAlloc (cb=0x204) returned 0x1b3cb190 [0126.039] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cb190, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0126.039] CoTaskMemFree (pv=0x1b3cb190) [0126.290] GetForegroundWindow () returned 0x30020 [0126.290] CoTaskMemAlloc (cb=0x204) returned 0x1b3cb190 [0126.290] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cb190, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0126.290] CoTaskMemFree (pv=0x1b3cb190) [0126.498] GetForegroundWindow () returned 0x100e4 [0126.498] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bbcf540 | out: lpdwProcessId=0x1bbcf540) returned 0x7b8 [0126.498] EnumProcesses (in: lpidProcess=0x26f9950, cb=0x400, lpcbNeeded=0x1bbcf460 | out: lpidProcess=0x26f9950, lpcbNeeded=0x1bbcf460) returned 1 [0126.503] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12731198, Length=0x20000, ResultLength=0x1bbcf400 | out: SystemInformation=0x12731198, ResultLength=0x1bbcf400*=0x1be58) returned 0x0 [0126.511] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0126.511] CoTaskMemAlloc (cb=0x204) returned 0x1b3c96c0 [0126.511] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3c96c0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0126.511] CoTaskMemFree (pv=0x1b3c96c0) [0126.648] GetForegroundWindow () returned 0x30020 [0126.648] CoTaskMemAlloc (cb=0x204) returned 0x1b3c96c0 [0126.648] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c96c0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0126.649] CoTaskMemFree (pv=0x1b3c96c0) [0126.869] GetForegroundWindow () returned 0x30020 [0126.869] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bbcf540 | out: lpdwProcessId=0x1bbcf540) returned 0x2f8 [0126.870] EnumProcesses (in: lpidProcess=0x25af9e0, cb=0x400, lpcbNeeded=0x1bbcf460 | out: lpidProcess=0x25af9e0, lpcbNeeded=0x1bbcf460) returned 1 [0126.872] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12791228, Length=0x20000, ResultLength=0x1bbcf400 | out: SystemInformation=0x12791228, ResultLength=0x1bbcf400*=0x1be58) returned 0x0 [0126.874] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0126.874] CoTaskMemAlloc (cb=0x204) returned 0x1b3cb190 [0126.874] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cb190, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0126.874] CoTaskMemFree (pv=0x1b3cb190) [0126.992] GetForegroundWindow () returned 0x30020 [0126.992] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca320 [0126.992] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca320, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0126.992] CoTaskMemFree (pv=0x1b3ca320) [0127.118] GetForegroundWindow () returned 0x30020 [0127.118] CoTaskMemAlloc (cb=0x204) returned 0x1b3c96c0 [0127.118] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c96c0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0127.118] CoTaskMemFree (pv=0x1b3c96c0) [0127.242] GetForegroundWindow () returned 0x100e4 [0127.242] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bbcf540 | out: lpdwProcessId=0x1bbcf540) returned 0x7b8 [0127.242] EnumProcesses (in: lpidProcess=0x2544020, cb=0x400, lpcbNeeded=0x1bbcf460 | out: lpidProcess=0x2544020, lpcbNeeded=0x1bbcf460) returned 1 [0127.245] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12571d60, Length=0x20000, ResultLength=0x1bbcf400 | out: SystemInformation=0x12571d60, ResultLength=0x1bbcf400*=0x1be58) returned 0x0 [0127.246] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0127.246] CoTaskMemAlloc (cb=0x204) returned 0x1b3cb190 [0127.246] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3cb190, nMaxCount=256 | out: lpString="FolderView") returned 10 [0127.246] CoTaskMemFree (pv=0x1b3cb190) [0127.368] GetForegroundWindow () returned 0x30020 [0127.368] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9f00 [0127.368] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9f00, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0127.368] CoTaskMemFree (pv=0x1b3c9f00) [0127.430] GetForegroundWindow () returned 0x30020 [0127.430] CoTaskMemAlloc (cb=0x204) returned 0x1b3cab60 [0127.430] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cab60, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0127.430] CoTaskMemFree (pv=0x1b3cab60) [0127.555] GetForegroundWindow () returned 0x30020 [0127.555] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bbcf540 | out: lpdwProcessId=0x1bbcf540) returned 0x2f8 [0127.555] EnumProcesses (in: lpidProcess=0x25d6a48, cb=0x400, lpcbNeeded=0x1bbcf460 | out: lpidProcess=0x25d6a48, lpcbNeeded=0x1bbcf460) returned 1 [0127.557] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x125d1df0, Length=0x20000, ResultLength=0x1bbcf400 | out: SystemInformation=0x125d1df0, ResultLength=0x1bbcf400*=0x1be58) returned 0x0 [0127.558] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0127.558] CoTaskMemAlloc (cb=0x204) returned 0x1b3c96c0 [0127.558] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c96c0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0127.558] CoTaskMemFree (pv=0x1b3c96c0) [0127.680] GetForegroundWindow () returned 0x30020 [0127.680] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9f00 [0127.680] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9f00, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0127.680] CoTaskMemFree (pv=0x1b3c9f00) [0127.831] GetForegroundWindow () returned 0x100e4 [0127.831] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bbcf540 | out: lpdwProcessId=0x1bbcf540) returned 0x7b8 [0127.831] EnumProcesses (in: lpidProcess=0x2607f88, cb=0x400, lpcbNeeded=0x1bbcf460 | out: lpidProcess=0x2607f88, lpcbNeeded=0x1bbcf460) returned 1 [0127.833] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x125f1e20, Length=0x20000, ResultLength=0x1bbcf400 | out: SystemInformation=0x125f1e20, ResultLength=0x1bbcf400*=0x1be58) returned 0x0 [0127.834] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0127.834] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9ae0 [0127.834] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3c9ae0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0127.834] CoTaskMemFree (pv=0x1b3c9ae0) [0127.977] GetForegroundWindow () returned 0x30020 [0127.978] CoTaskMemAlloc (cb=0x204) returned 0x1b3cb190 [0127.978] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cb190, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0127.978] CoTaskMemFree (pv=0x1b3cb190) [0128.117] GetForegroundWindow () returned 0x30020 [0128.117] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9ae0 [0128.117] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9ae0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0128.118] CoTaskMemFree (pv=0x1b3c9ae0) [0128.258] GetForegroundWindow () returned 0x30020 [0128.258] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bbcf540 | out: lpdwProcessId=0x1bbcf540) returned 0x2f8 [0128.258] EnumProcesses (in: lpidProcess=0x269aea8, cb=0x400, lpcbNeeded=0x1bbcf460 | out: lpidProcess=0x269aea8, lpcbNeeded=0x1bbcf460) returned 1 [0128.260] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12671078, Length=0x20000, ResultLength=0x1bbcf400 | out: SystemInformation=0x12671078, ResultLength=0x1bbcf400*=0x1be58) returned 0x0 [0128.261] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0128.261] CoTaskMemAlloc (cb=0x204) returned 0x1b3c96c0 [0128.261] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c96c0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0128.261] CoTaskMemFree (pv=0x1b3c96c0) [0128.632] GetForegroundWindow () returned 0x30020 [0128.632] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9f00 [0128.632] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9f00, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0128.632] CoTaskMemFree (pv=0x1b3c9f00) [0128.804] GetForegroundWindow () returned 0x100e4 [0128.805] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bbcf540 | out: lpdwProcessId=0x1bbcf540) returned 0x7b8 [0128.805] EnumProcesses (in: lpidProcess=0x258efb8, cb=0x400, lpcbNeeded=0x1bbcf460 | out: lpidProcess=0x258efb8, lpcbNeeded=0x1bbcf460) returned 1 [0128.809] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d47608, Length=0x20000, ResultLength=0x1bbcf400 | out: SystemInformation=0x12d47608, ResultLength=0x1bbcf400*=0x1be58) returned 0x0 [0128.812] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0128.812] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9ae0 [0128.812] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3c9ae0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0128.812] CoTaskMemFree (pv=0x1b3c9ae0) [0129.024] GetForegroundWindow () returned 0x30020 [0129.024] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9cf0 [0129.024] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9cf0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0129.024] CoTaskMemFree (pv=0x1b3c9cf0) [0130.827] GetForegroundWindow () returned 0x30020 [0130.879] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bbcf530 | out: lpdwProcessId=0x1bbcf530) returned 0x2f8 [0130.879] EnumProcesses (in: lpidProcess=0x2665a40, cb=0x400, lpcbNeeded=0x1bbcf450 | out: lpidProcess=0x2665a40, lpcbNeeded=0x1bbcf450) returned 1 [0130.881] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12e5ab10, Length=0x20000, ResultLength=0x1bbcf3f0 | out: SystemInformation=0x12e5ab10, ResultLength=0x1bbcf3f0*=0x1c320) returned 0x0 [0130.941] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0130.943] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca530 [0130.943] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca530, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0130.943] CoTaskMemFree (pv=0x1b3ca530) [0131.253] GetForegroundWindow () returned 0x30020 [0131.254] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bbcf540 | out: lpdwProcessId=0x1bbcf540) returned 0x2f8 [0131.254] EnumProcesses (in: lpidProcess=0x26ca418, cb=0x400, lpcbNeeded=0x1bbcf460 | out: lpidProcess=0x26ca418, lpcbNeeded=0x1bbcf460) returned 1 [0131.257] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12e9ab70, Length=0x20000, ResultLength=0x1bbcf400 | out: SystemInformation=0x12e9ab70, ResultLength=0x1bbcf400*=0x1c320) returned 0x0 [0131.262] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0131.262] CoTaskMemAlloc (cb=0x204) returned 0x1b3c94b0 [0131.262] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c94b0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0131.262] CoTaskMemFree (pv=0x1b3c94b0) [0131.263] GetLastInputInfo (in: plii=0x1bbcf580 | out: plii=0x1bbcf580*(cbSize=0x8, dwTime=0x18e5bdb)) returned 1 [0131.264] GetForegroundWindow () returned 0x30020 [0131.264] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca110 [0131.264] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca110, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0131.264] CoTaskMemFree (pv=0x1b3ca110) [0131.564] GetForegroundWindow () returned 0x100e4 [0131.564] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bbcf540 | out: lpdwProcessId=0x1bbcf540) returned 0x7b8 [0131.564] EnumProcesses (in: lpidProcess=0x2702678, cb=0x400, lpcbNeeded=0x1bbcf460 | out: lpidProcess=0x2702678, lpcbNeeded=0x1bbcf460) returned 1 [0131.569] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12ebaba0, Length=0x20000, ResultLength=0x1bbcf400 | out: SystemInformation=0x12ebaba0, ResultLength=0x1bbcf400*=0x1c370) returned 0x0 [0131.572] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0131.572] CoTaskMemAlloc (cb=0x204) returned 0x1b3cb190 [0131.572] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3cb190, nMaxCount=256 | out: lpString="FolderView") returned 10 [0131.572] CoTaskMemFree (pv=0x1b3cb190) [0131.574] GetForegroundWindow () returned 0x30020 [0131.574] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9cf0 [0131.574] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9cf0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0131.574] CoTaskMemFree (pv=0x1b3c9cf0) [0132.058] WSASend (in: s=0x41c, lpBuffers=0x1bbcf2e0*=((len=0xc, buf=0x12721167*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1bbcf2d8, dwFlags=0x0, lpOverlapped=0x26f5ef0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1bbcf2d8*=0xc, lpOverlapped=0x26f5ef0) returned 0 [0132.060] GetForegroundWindow () returned 0x30020 [0132.060] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca530 [0132.060] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca530, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0132.060] CoTaskMemFree (pv=0x1b3ca530) [0132.060] GetForegroundWindow () returned 0x30020 [0132.060] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9f00 [0132.060] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9f00, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0132.061] CoTaskMemFree (pv=0x1b3c9f00) [0132.236] GetForegroundWindow () returned 0x30020 [0132.236] CoTaskMemAlloc (cb=0x204) returned 0x1b3c94b0 [0132.236] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c94b0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0132.236] CoTaskMemFree (pv=0x1b3c94b0) [0132.237] GetForegroundWindow () returned 0x100e4 [0132.237] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bbcf530 | out: lpdwProcessId=0x1bbcf530) returned 0x7b8 [0132.237] EnumProcesses (in: lpidProcess=0x25eb740, cb=0x400, lpcbNeeded=0x1bbcf450 | out: lpidProcess=0x25eb740, lpcbNeeded=0x1bbcf450) returned 1 [0132.242] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12f3ac60, Length=0x20000, ResultLength=0x1bbcf3f0 | out: SystemInformation=0x12f3ac60, ResultLength=0x1bbcf3f0*=0x1c690) returned 0x0 [0132.245] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0132.246] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9ae0 [0132.246] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3c9ae0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0132.246] CoTaskMemFree (pv=0x1b3c9ae0) [0134.612] GetForegroundWindow () returned 0x0 [0134.612] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca110 [0134.612] GetWindowTextW (in: hWnd=0x0, lpString=0x1b3ca110, nMaxCount=256 | out: lpString="") returned 0 [0134.613] CoTaskMemFree (pv=0x1b3ca110) [0134.614] GetLastInputInfo (in: plii=0x1bbcf580 | out: plii=0x1bbcf580*(cbSize=0x8, dwTime=0x18e5bdb)) returned 1 [0134.615] GetForegroundWindow () returned 0x0 [0134.615] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca950 [0134.615] GetWindowTextW (in: hWnd=0x0, lpString=0x1b3ca950, nMaxCount=256 | out: lpString="") returned 0 [0134.615] CoTaskMemFree (pv=0x1b3ca950) [0135.137] GetForegroundWindow () returned 0x0 [0135.138] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9ae0 [0135.138] GetWindowTextW (in: hWnd=0x0, lpString=0x1b3c9ae0, nMaxCount=256 | out: lpString="") returned 0 [0135.138] CoTaskMemFree (pv=0x1b3c9ae0) [0135.140] GetForegroundWindow () returned 0x0 [0135.141] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca530 [0135.141] GetWindowTextW (in: hWnd=0x0, lpString=0x1b3ca530, nMaxCount=256 | out: lpString="") returned 0 [0135.141] CoTaskMemFree (pv=0x1b3ca530) [0135.587] GetForegroundWindow () returned 0x100e4 [0135.588] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bbcf540 | out: lpdwProcessId=0x1bbcf540) returned 0x7b8 [0135.588] EnumProcesses (in: lpidProcess=0x2652770, cb=0x400, lpcbNeeded=0x1bbcf460 | out: lpidProcess=0x2652770, lpcbNeeded=0x1bbcf460) returned 1 [0135.591] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12f7acc0, Length=0x20000, ResultLength=0x1bbcf400 | out: SystemInformation=0x12f7acc0, ResultLength=0x1bbcf400*=0x144e0) returned 0x0 [0135.593] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0135.593] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9f00 [0135.593] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3c9f00, nMaxCount=256 | out: lpString="FolderView") returned 10 [0135.593] CoTaskMemFree (pv=0x1b3c9f00) [0135.595] GetForegroundWindow () returned 0x0 [0135.595] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0135.595] CoTaskMemAlloc (cb=0x204) returned 0x1b3cab60 [0135.595] GetWindowTextW (in: hWnd=0x0, lpString=0x1b3cab60, nMaxCount=256 | out: lpString="") returned 0 [0135.595] CoTaskMemFree (pv=0x1b3cab60) [0135.821] GetForegroundWindow () returned 0x0 [0135.821] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9f00 [0135.821] GetWindowTextW (in: hWnd=0x0, lpString=0x1b3c9f00, nMaxCount=256 | out: lpString="") returned 0 [0135.821] CoTaskMemFree (pv=0x1b3c9f00) [0135.822] GetForegroundWindow () returned 0x0 [0135.822] CoTaskMemAlloc (cb=0x204) returned 0x1b3c98d0 [0135.822] GetWindowTextW (in: hWnd=0x0, lpString=0x1b3c98d0, nMaxCount=256 | out: lpString="") returned 0 [0135.822] CoTaskMemFree (pv=0x1b3c98d0) [0136.058] GetForegroundWindow () returned 0x0 [0136.059] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9f00 [0136.059] GetWindowTextW (in: hWnd=0x0, lpString=0x1b3c9f00, nMaxCount=256 | out: lpString="") returned 0 [0136.059] CoTaskMemFree (pv=0x1b3c9f00) [0136.059] GetForegroundWindow () returned 0x100e4 [0136.060] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bbcf530 | out: lpdwProcessId=0x1bbcf530) returned 0x7b8 [0136.060] EnumProcesses (in: lpidProcess=0x267d248, cb=0x400, lpcbNeeded=0x1bbcf450 | out: lpidProcess=0x267d248, lpcbNeeded=0x1bbcf450) returned 1 [0136.063] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12f9acf0, Length=0x20000, ResultLength=0x1bbcf3f0 | out: SystemInformation=0x12f9acf0, ResultLength=0x1bbcf3f0*=0x14490) returned 0x0 [0136.070] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0136.070] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca740 [0136.070] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3ca740, nMaxCount=256 | out: lpString="FolderView") returned 10 [0136.070] CoTaskMemFree (pv=0x1b3ca740) [0136.333] GetForegroundWindow () returned 0x0 [0136.333] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0136.333] CoTaskMemAlloc (cb=0x204) returned 0x1b3cb190 [0136.333] GetWindowTextW (in: hWnd=0x0, lpString=0x1b3cb190, nMaxCount=256 | out: lpString="") returned 0 [0136.337] CoTaskMemFree (pv=0x1b3cb190) [0136.375] GetForegroundWindow () returned 0x0 [0136.375] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca530 [0136.376] GetWindowTextW (in: hWnd=0x0, lpString=0x1b3ca530, nMaxCount=256 | out: lpString="") returned 0 [0136.376] CoTaskMemFree (pv=0x1b3ca530) Thread: id = 9 os_tid = 0x790 [0114.731] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0115.173] GetForegroundWindow () returned 0x30020 [0115.197] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0115.372] EnumProcesses (in: lpidProcess=0x2541d48, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x2541d48, lpcbNeeded=0x1bd3f3e0) returned 1 [0115.395] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x124eeff8, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x124eeff8, ResultLength=0x1bd3f380*=0x1c660) returned 0x0 [0115.578] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0115.702] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9460 [0115.702] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9460, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0115.702] CoTaskMemFree (pv=0x1b3c9460) [0115.702] GetForegroundWindow () returned 0x30020 [0115.703] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9460 [0115.703] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9460, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0115.703] CoTaskMemFree (pv=0x1b3c9460) [0115.703] GetForegroundWindow () returned 0x30020 [0115.703] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9460 [0115.703] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9460, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0115.703] CoTaskMemFree (pv=0x1b3c9460) [0115.703] GetForegroundWindow () returned 0x30020 [0115.703] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9460 [0115.703] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9460, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0115.703] CoTaskMemFree (pv=0x1b3c9460) [0115.704] GetForegroundWindow () returned 0x100e4 [0115.704] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0115.704] EnumProcesses (in: lpidProcess=0x2574208, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x2574208, lpcbNeeded=0x1bd3f3e0) returned 1 [0115.758] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1250f028, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x1250f028, ResultLength=0x1bd3f380*=0x1c660) returned 0x0 [0115.777] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0115.778] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9460 [0115.778] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3c9460, nMaxCount=256 | out: lpString="FolderView") returned 10 [0115.779] CoTaskMemFree (pv=0x1b3c9460) [0115.779] GetForegroundWindow () returned 0x30020 [0115.779] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0115.780] EnumProcesses (in: lpidProcess=0x25b9bc8, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x25b9bc8, lpcbNeeded=0x1bd3f3e0) returned 1 [0115.785] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1252f058, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x1252f058, ResultLength=0x1bd3f380*=0x1c660) returned 0x0 [0115.803] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0115.803] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9460 [0115.803] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9460, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0115.803] CoTaskMemFree (pv=0x1b3c9460) [0115.867] GetForegroundWindow () returned 0x30020 [0115.867] CoTaskMemAlloc (cb=0x204) returned 0x1b3ddf10 [0115.874] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ddf10, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0115.874] CoTaskMemFree (pv=0x1b3ddf10) [0115.874] GetForegroundWindow () returned 0x30020 [0115.874] CoTaskMemAlloc (cb=0x204) returned 0x1b3e89e0 [0115.874] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3e89e0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0115.874] CoTaskMemFree (pv=0x1b3e89e0) [0115.874] GetForegroundWindow () returned 0x30020 [0115.874] CoTaskMemAlloc (cb=0x204) returned 0x1b3e9010 [0115.874] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3e9010, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0115.874] CoTaskMemFree (pv=0x1b3e9010) [0115.875] GetForegroundWindow () returned 0x100e4 [0115.875] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0115.875] EnumProcesses (in: lpidProcess=0x25ebe20, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x25ebe20, lpcbNeeded=0x1bd3f3e0) returned 1 [0115.879] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1254f088, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x1254f088, ResultLength=0x1bd3f380*=0x1c660) returned 0x0 [0115.892] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0115.892] CoTaskMemAlloc (cb=0x204) returned 0x1b3e8bf0 [0115.892] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3e8bf0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0115.892] CoTaskMemFree (pv=0x1b3e8bf0) [0115.892] GetForegroundWindow () returned 0x30020 [0115.893] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0115.893] EnumProcesses (in: lpidProcess=0x261d650, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x261d650, lpcbNeeded=0x1bd3f3e0) returned 1 [0115.895] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1256f0b8, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x1256f0b8, ResultLength=0x1bd3f380*=0x1c660) returned 0x0 [0115.906] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0115.906] CoTaskMemAlloc (cb=0x204) returned 0x1b3e85c0 [0115.906] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3e85c0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0115.907] CoTaskMemFree (pv=0x1b3e85c0) [0115.907] GetForegroundWindow () returned 0x30020 [0115.907] CoTaskMemAlloc (cb=0x204) returned 0x1b3e9010 [0115.907] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3e9010, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0115.907] CoTaskMemFree (pv=0x1b3e9010) [0115.907] GetForegroundWindow () returned 0x30020 [0115.908] CoTaskMemAlloc (cb=0x204) returned 0x1b3e8e00 [0115.908] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3e8e00, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0115.908] CoTaskMemFree (pv=0x1b3e8e00) [0115.908] GetForegroundWindow () returned 0x30020 [0115.908] CoTaskMemAlloc (cb=0x204) returned 0x1b3e87d0 [0115.908] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3e87d0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0115.908] CoTaskMemFree (pv=0x1b3e87d0) [0115.908] GetForegroundWindow () returned 0x100e4 [0115.908] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0115.908] EnumProcesses (in: lpidProcess=0x264f760, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x264f760, lpcbNeeded=0x1bd3f3e0) returned 1 [0115.910] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1258f0e8, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x1258f0e8, ResultLength=0x1bd3f380*=0x1c660) returned 0x0 [0115.969] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0115.969] CoTaskMemAlloc (cb=0x204) returned 0x1b3e8e00 [0115.969] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3e8e00, nMaxCount=256 | out: lpString="FolderView") returned 10 [0115.969] CoTaskMemFree (pv=0x1b3e8e00) [0115.970] GetForegroundWindow () returned 0x30020 [0115.970] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0115.970] EnumProcesses (in: lpidProcess=0x26810a0, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x26810a0, lpcbNeeded=0x1bd3f3e0) returned 1 [0115.973] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x125af118, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x125af118, ResultLength=0x1bd3f380*=0x1c660) returned 0x0 [0115.984] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0115.984] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9f00 [0115.984] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9f00, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0115.984] CoTaskMemFree (pv=0x1b3c9f00) [0115.985] GetForegroundWindow () returned 0x30020 [0115.985] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca320 [0115.985] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca320, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0115.985] CoTaskMemFree (pv=0x1b3ca320) [0115.985] GetForegroundWindow () returned 0x30020 [0115.985] CoTaskMemAlloc (cb=0x204) returned 0x1b3cad70 [0115.985] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cad70, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0115.985] CoTaskMemFree (pv=0x1b3cad70) [0115.985] GetForegroundWindow () returned 0x30020 [0115.986] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca320 [0115.986] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca320, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0115.986] CoTaskMemFree (pv=0x1b3ca320) [0115.986] GetForegroundWindow () returned 0x100e4 [0115.986] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0115.986] EnumProcesses (in: lpidProcess=0x26b3210, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x26b3210, lpcbNeeded=0x1bd3f3e0) returned 1 [0115.992] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x125cf148, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x125cf148, ResultLength=0x1bd3f380*=0x1c660) returned 0x0 [0116.036] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0116.036] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca530 [0116.036] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3ca530, nMaxCount=256 | out: lpString="FolderView") returned 10 [0116.036] CoTaskMemFree (pv=0x1b3ca530) [0116.036] GetForegroundWindow () returned 0x30020 [0116.036] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0116.037] EnumProcesses (in: lpidProcess=0x2541e80, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x2541e80, lpcbNeeded=0x1bd3f3e0) returned 1 [0116.043] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x125ef178, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x125ef178, ResultLength=0x1bd3f380*=0x1c660) returned 0x0 [0116.050] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0116.050] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca950 [0116.050] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca950, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0116.050] CoTaskMemFree (pv=0x1b3ca950) [0116.050] GetForegroundWindow () returned 0x30020 [0116.050] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca110 [0116.050] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca110, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0116.051] CoTaskMemFree (pv=0x1b3ca110) [0116.051] GetForegroundWindow () returned 0x30020 [0116.051] CoTaskMemAlloc (cb=0x204) returned 0x1b3cad70 [0116.051] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cad70, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0116.051] CoTaskMemFree (pv=0x1b3cad70) [0116.051] GetForegroundWindow () returned 0x30020 [0116.051] CoTaskMemAlloc (cb=0x204) returned 0x1b3c96c0 [0116.051] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c96c0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0116.051] CoTaskMemFree (pv=0x1b3c96c0) [0116.051] GetForegroundWindow () returned 0x100e4 [0116.051] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0116.052] EnumProcesses (in: lpidProcess=0x2573f90, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x2573f90, lpcbNeeded=0x1bd3f3e0) returned 1 [0116.059] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1260f1a8, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x1260f1a8, ResultLength=0x1bd3f380*=0x1c660) returned 0x0 [0116.066] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0116.067] CoTaskMemAlloc (cb=0x204) returned 0x1b3cad70 [0116.067] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3cad70, nMaxCount=256 | out: lpString="FolderView") returned 10 [0116.067] CoTaskMemFree (pv=0x1b3cad70) [0116.067] GetForegroundWindow () returned 0x30020 [0116.067] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0116.067] EnumProcesses (in: lpidProcess=0x25a57c0, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x25a57c0, lpcbNeeded=0x1bd3f3e0) returned 1 [0116.073] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1262f1d8, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x1262f1d8, ResultLength=0x1bd3f380*=0x1c660) returned 0x0 [0116.080] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0116.080] CoTaskMemAlloc (cb=0x204) returned 0x1b3c94b0 [0116.080] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c94b0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0116.080] CoTaskMemFree (pv=0x1b3c94b0) [0116.080] GetForegroundWindow () returned 0x30020 [0116.080] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9ae0 [0116.080] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9ae0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0116.081] CoTaskMemFree (pv=0x1b3c9ae0) [0116.081] GetForegroundWindow () returned 0x30020 [0116.081] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca740 [0116.081] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca740, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0116.081] CoTaskMemFree (pv=0x1b3ca740) [0116.081] GetForegroundWindow () returned 0x30020 [0116.081] CoTaskMemAlloc (cb=0x204) returned 0x1b3cb190 [0116.081] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cb190, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0116.081] CoTaskMemFree (pv=0x1b3cb190) [0116.081] GetForegroundWindow () returned 0x100e4 [0116.081] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0116.082] EnumProcesses (in: lpidProcess=0x25d78d0, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x25d78d0, lpcbNeeded=0x1bd3f3e0) returned 1 [0116.089] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1264f208, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x1264f208, ResultLength=0x1bd3f380*=0x1c660) returned 0x0 [0116.096] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0116.096] CoTaskMemAlloc (cb=0x204) returned 0x1b3cb190 [0116.096] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3cb190, nMaxCount=256 | out: lpString="FolderView") returned 10 [0116.096] CoTaskMemFree (pv=0x1b3cb190) [0116.097] GetForegroundWindow () returned 0x30020 [0116.097] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0116.097] EnumProcesses (in: lpidProcess=0x2609100, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x2609100, lpcbNeeded=0x1bd3f3e0) returned 1 [0116.149] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1266f238, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x1266f238, ResultLength=0x1bd3f380*=0x1c660) returned 0x0 [0116.156] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0116.156] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9f00 [0116.156] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9f00, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0116.156] CoTaskMemFree (pv=0x1b3c9f00) [0116.156] GetForegroundWindow () returned 0x30020 [0116.156] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca530 [0116.157] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca530, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0116.157] CoTaskMemFree (pv=0x1b3ca530) [0116.157] GetForegroundWindow () returned 0x30020 [0116.157] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca110 [0116.157] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca110, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0116.157] CoTaskMemFree (pv=0x1b3ca110) [0116.157] GetForegroundWindow () returned 0x30020 [0116.157] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca950 [0116.157] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca950, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0116.157] CoTaskMemFree (pv=0x1b3ca950) [0116.157] GetForegroundWindow () returned 0x100e4 [0116.158] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0116.158] EnumProcesses (in: lpidProcess=0x263b598, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x263b598, lpcbNeeded=0x1bd3f3e0) returned 1 [0116.164] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1268f268, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x1268f268, ResultLength=0x1bd3f380*=0x1c660) returned 0x0 [0116.171] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0116.171] CoTaskMemAlloc (cb=0x204) returned 0x1b3caf80 [0116.171] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3caf80, nMaxCount=256 | out: lpString="FolderView") returned 10 [0116.171] CoTaskMemFree (pv=0x1b3caf80) [0116.172] GetForegroundWindow () returned 0x30020 [0116.172] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0116.172] EnumProcesses (in: lpidProcess=0x266cdc8, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x266cdc8, lpcbNeeded=0x1bd3f3e0) returned 1 [0116.177] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126af298, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x126af298, ResultLength=0x1bd3f380*=0x1c660) returned 0x0 [0116.232] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0116.232] CoTaskMemAlloc (cb=0x204) returned 0x1b3cad70 [0116.232] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cad70, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0116.232] CoTaskMemFree (pv=0x1b3cad70) [0116.232] GetForegroundWindow () returned 0x30020 [0116.232] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca320 [0116.232] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca320, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0116.232] CoTaskMemFree (pv=0x1b3ca320) [0116.233] GetForegroundWindow () returned 0x30020 [0116.233] CoTaskMemAlloc (cb=0x204) returned 0x1b3cb190 [0116.233] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cb190, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0116.233] CoTaskMemFree (pv=0x1b3cb190) [0116.233] GetForegroundWindow () returned 0x30020 [0116.233] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca530 [0116.233] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca530, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0116.233] CoTaskMemFree (pv=0x1b3ca530) [0116.233] GetForegroundWindow () returned 0x100e4 [0116.233] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0116.233] EnumProcesses (in: lpidProcess=0x269f0e0, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x269f0e0, lpcbNeeded=0x1bd3f3e0) returned 1 [0116.237] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126cf2c8, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x126cf2c8, ResultLength=0x1bd3f380*=0x1c660) returned 0x0 [0116.244] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0116.244] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca740 [0116.244] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3ca740, nMaxCount=256 | out: lpString="FolderView") returned 10 [0116.244] CoTaskMemFree (pv=0x1b3ca740) [0116.245] GetForegroundWindow () returned 0x30020 [0116.245] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0116.245] EnumProcesses (in: lpidProcess=0x26d0910, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x26d0910, lpcbNeeded=0x1bd3f3e0) returned 1 [0116.247] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126ef2f8, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x126ef2f8, ResultLength=0x1bd3f380*=0x1c660) returned 0x0 [0116.257] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0116.257] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca950 [0116.257] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca950, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0116.258] CoTaskMemFree (pv=0x1b3ca950) [0116.258] GetForegroundWindow () returned 0x30020 [0116.258] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9ae0 [0116.258] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9ae0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0116.258] CoTaskMemFree (pv=0x1b3c9ae0) [0116.258] GetForegroundWindow () returned 0x30020 [0116.258] CoTaskMemAlloc (cb=0x204) returned 0x1b3caf80 [0116.259] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3caf80, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0116.259] CoTaskMemFree (pv=0x1b3caf80) [0116.259] GetForegroundWindow () returned 0x30020 [0116.259] CoTaskMemAlloc (cb=0x204) returned 0x1b3cab60 [0116.259] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cab60, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0116.259] CoTaskMemFree (pv=0x1b3cab60) [0116.259] GetForegroundWindow () returned 0x100e4 [0116.259] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0116.259] EnumProcesses (in: lpidProcess=0x2702a80, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x2702a80, lpcbNeeded=0x1bd3f3e0) returned 1 [0116.262] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1270f328, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x1270f328, ResultLength=0x1bd3f380*=0x1c660) returned 0x0 [0116.317] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0116.317] CoTaskMemAlloc (cb=0x204) returned 0x1b3caf80 [0116.317] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3caf80, nMaxCount=256 | out: lpString="FolderView") returned 10 [0116.318] CoTaskMemFree (pv=0x1b3caf80) [0116.318] GetForegroundWindow () returned 0x30020 [0116.318] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0116.318] EnumProcesses (in: lpidProcess=0x27342b0, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x27342b0, lpcbNeeded=0x1bd3f3e0) returned 1 [0116.358] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1272f358, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x1272f358, ResultLength=0x1bd3f380*=0x1c660) returned 0x0 [0116.370] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0116.370] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca320 [0116.370] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca320, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0116.370] CoTaskMemFree (pv=0x1b3ca320) [0116.370] GetForegroundWindow () returned 0x30020 [0116.370] CoTaskMemAlloc (cb=0x204) returned 0x1b3cb190 [0116.370] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cb190, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0116.371] CoTaskMemFree (pv=0x1b3cb190) [0116.371] GetForegroundWindow () returned 0x30020 [0116.371] CoTaskMemAlloc (cb=0x204) returned 0x1b3cab60 [0116.371] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cab60, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0116.371] CoTaskMemFree (pv=0x1b3cab60) [0116.371] GetForegroundWindow () returned 0x30020 [0116.371] CoTaskMemAlloc (cb=0x204) returned 0x1b3c98d0 [0116.371] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c98d0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0116.371] CoTaskMemFree (pv=0x1b3c98d0) [0116.372] GetForegroundWindow () returned 0x100e4 [0116.372] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0116.372] EnumProcesses (in: lpidProcess=0x2766420, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x2766420, lpcbNeeded=0x1bd3f3e0) returned 1 [0116.374] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1274f388, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x1274f388, ResultLength=0x1bd3f380*=0x1c660) returned 0x0 [0116.386] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0116.386] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca110 [0116.386] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3ca110, nMaxCount=256 | out: lpString="FolderView") returned 10 [0116.386] CoTaskMemFree (pv=0x1b3ca110) [0116.387] GetForegroundWindow () returned 0x30020 [0116.387] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0116.387] EnumProcesses (in: lpidProcess=0x2797c50, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x2797c50, lpcbNeeded=0x1bd3f3e0) returned 1 [0116.389] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1276f3b8, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x1276f3b8, ResultLength=0x1bd3f380*=0x1c660) returned 0x0 [0116.449] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0116.449] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca320 [0116.449] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca320, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0116.449] CoTaskMemFree (pv=0x1b3ca320) [0116.450] GetForegroundWindow () returned 0x30020 [0116.450] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9ae0 [0116.450] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9ae0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0116.450] CoTaskMemFree (pv=0x1b3c9ae0) [0116.539] GetForegroundWindow () returned 0x30020 [0116.539] CoTaskMemAlloc (cb=0x204) returned 0x1b3c98d0 [0116.539] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c98d0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0116.539] CoTaskMemFree (pv=0x1b3c98d0) [0116.648] GetForegroundWindow () returned 0x30020 [0116.648] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9ae0 [0116.648] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9ae0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0116.648] CoTaskMemFree (pv=0x1b3c9ae0) [0116.742] GetForegroundWindow () returned 0x100e4 [0116.742] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0116.742] EnumProcesses (in: lpidProcess=0x27ca3d8, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x27ca3d8, lpcbNeeded=0x1bd3f3e0) returned 1 [0116.746] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1278f3e8, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x1278f3e8, ResultLength=0x1bd3f380*=0x1c660) returned 0x0 [0116.758] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0116.758] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca320 [0116.758] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3ca320, nMaxCount=256 | out: lpString="FolderView") returned 10 [0116.758] CoTaskMemFree (pv=0x1b3ca320) [0116.861] GetForegroundWindow () returned 0x30020 [0116.861] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0116.861] EnumProcesses (in: lpidProcess=0x27fbda0, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x27fbda0, lpcbNeeded=0x1bd3f3e0) returned 1 [0116.914] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x124a6e90, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x124a6e90, ResultLength=0x1bd3f380*=0x1c660) returned 0x0 [0116.920] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0116.920] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca950 [0116.920] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca950, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0116.920] CoTaskMemFree (pv=0x1b3ca950) [0116.976] GetForegroundWindow () returned 0x30020 [0116.977] CoTaskMemAlloc (cb=0x204) returned 0x1b3cb190 [0116.977] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cb190, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0116.977] CoTaskMemFree (pv=0x1b3cb190) [0117.070] GetForegroundWindow () returned 0x30020 [0117.070] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9f00 [0117.070] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9f00, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0117.070] CoTaskMemFree (pv=0x1b3c9f00) [0117.164] GetForegroundWindow () returned 0x30020 [0117.164] CoTaskMemAlloc (cb=0x204) returned 0x1b3c96c0 [0117.164] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c96c0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0117.164] CoTaskMemFree (pv=0x1b3c96c0) [0117.263] GetForegroundWindow () returned 0x100e4 [0117.263] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0117.263] EnumProcesses (in: lpidProcess=0x2562e58, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x2562e58, lpcbNeeded=0x1bd3f3e0) returned 1 [0117.266] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x124eee38, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x124eee38, ResultLength=0x1bd3f380*=0x1c660) returned 0x0 [0117.273] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0117.273] CoTaskMemAlloc (cb=0x204) returned 0x1b3cad70 [0117.273] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3cad70, nMaxCount=256 | out: lpString="FolderView") returned 10 [0117.273] CoTaskMemFree (pv=0x1b3cad70) [0117.400] GetForegroundWindow () returned 0x30020 [0117.400] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0117.400] EnumProcesses (in: lpidProcess=0x25a0768, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x25a0768, lpcbNeeded=0x1bd3f3e0) returned 1 [0117.405] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1250ee68, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x1250ee68, ResultLength=0x1bd3f380*=0x1c660) returned 0x0 [0117.412] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0117.412] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9f00 [0117.412] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9f00, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0117.412] CoTaskMemFree (pv=0x1b3c9f00) [0117.509] GetForegroundWindow () returned 0x30020 [0117.509] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca530 [0117.509] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca530, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0117.509] CoTaskMemFree (pv=0x1b3ca530) [0117.602] GetForegroundWindow () returned 0x30020 [0117.602] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca950 [0117.602] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca950, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0117.602] CoTaskMemFree (pv=0x1b3ca950) [0117.695] GetForegroundWindow () returned 0x30020 [0117.695] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9ae0 [0117.695] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9ae0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0117.695] CoTaskMemFree (pv=0x1b3c9ae0) [0117.790] GetForegroundWindow () returned 0x100e4 [0117.790] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0117.790] EnumProcesses (in: lpidProcess=0x25d2fe8, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x25d2fe8, lpcbNeeded=0x1bd3f3e0) returned 1 [0117.812] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1252ee98, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x1252ee98, ResultLength=0x1bd3f380*=0x1c660) returned 0x0 [0117.820] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0117.820] CoTaskMemAlloc (cb=0x204) returned 0x1b3caf80 [0117.820] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3caf80, nMaxCount=256 | out: lpString="FolderView") returned 10 [0117.820] CoTaskMemFree (pv=0x1b3caf80) [0117.884] GetForegroundWindow () returned 0x30020 [0117.884] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0117.884] EnumProcesses (in: lpidProcess=0x2606500, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x2606500, lpcbNeeded=0x1bd3f3e0) returned 1 [0117.896] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1254eec8, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x1254eec8, ResultLength=0x1bd3f380*=0x1c610) returned 0x0 [0117.910] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0117.910] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca530 [0117.918] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca530, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0117.977] CoTaskMemFree (pv=0x1b3ca530) [0117.978] GetForegroundWindow () returned 0x30020 [0117.978] CoTaskMemAlloc (cb=0x204) returned 0x1b3cad70 [0117.978] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cad70, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0117.978] CoTaskMemFree (pv=0x1b3cad70) [0118.077] GetForegroundWindow () returned 0x30020 [0118.077] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9f00 [0118.077] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9f00, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0118.077] CoTaskMemFree (pv=0x1b3c9f00) [0118.158] GetForegroundWindow () returned 0x30020 [0118.158] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9f00 [0118.158] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9f00, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0118.158] CoTaskMemFree (pv=0x1b3c9f00) [0118.217] GetForegroundWindow () returned 0x100e4 [0118.218] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0118.218] EnumProcesses (in: lpidProcess=0x263d9e8, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x263d9e8, lpcbNeeded=0x1bd3f3e0) returned 1 [0118.226] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1256eef8, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x1256eef8, ResultLength=0x1bd3f380*=0x1c2d8) returned 0x0 [0118.235] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0118.235] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca530 [0118.236] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3ca530, nMaxCount=256 | out: lpString="FolderView") returned 10 [0118.236] CoTaskMemFree (pv=0x1b3ca530) [0118.384] GetForegroundWindow () returned 0x30020 [0118.384] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0118.384] EnumProcesses (in: lpidProcess=0x266f700, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x266f700, lpcbNeeded=0x1bd3f3e0) returned 1 [0118.389] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1258ef28, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x1258ef28, ResultLength=0x1bd3f380*=0x1c2d8) returned 0x0 [0118.398] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0118.399] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca950 [0118.399] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca950, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0118.399] CoTaskMemFree (pv=0x1b3ca950) [0118.493] GetForegroundWindow () returned 0x30020 [0118.493] CoTaskMemAlloc (cb=0x204) returned 0x1b3c98d0 [0118.493] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c98d0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0118.493] CoTaskMemFree (pv=0x1b3c98d0) [0118.586] GetForegroundWindow () returned 0x30020 [0118.586] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9f00 [0118.586] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9f00, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0118.586] CoTaskMemFree (pv=0x1b3c9f00) [0118.677] GetForegroundWindow () returned 0x30020 [0118.677] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9f00 [0118.677] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9f00, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0118.678] CoTaskMemFree (pv=0x1b3c9f00) [0118.774] GetForegroundWindow () returned 0x100e4 [0118.774] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0118.774] EnumProcesses (in: lpidProcess=0x26a3748, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x26a3748, lpcbNeeded=0x1bd3f3e0) returned 1 [0118.776] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x125aef58, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x125aef58, ResultLength=0x1bd3f380*=0x1c2d8) returned 0x0 [0118.783] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0118.783] CoTaskMemAlloc (cb=0x204) returned 0x1b3c96c0 [0118.783] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3c96c0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0118.783] CoTaskMemFree (pv=0x1b3c96c0) [0118.867] GetForegroundWindow () returned 0x30020 [0118.867] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0118.867] EnumProcesses (in: lpidProcess=0x26d4b78, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x26d4b78, lpcbNeeded=0x1bd3f3e0) returned 1 [0118.871] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x125cef88, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x125cef88, ResultLength=0x1bd3f380*=0x1c2d8) returned 0x0 [0118.878] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0118.878] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9ae0 [0118.878] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9ae0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0118.879] CoTaskMemFree (pv=0x1b3c9ae0) [0118.977] GetForegroundWindow () returned 0x30020 [0118.977] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca530 [0118.977] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca530, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0118.977] CoTaskMemFree (pv=0x1b3ca530) [0119.060] GetForegroundWindow () returned 0x30020 [0119.060] CoTaskMemAlloc (cb=0x204) returned 0x1b3cad70 [0119.060] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cad70, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0119.060] CoTaskMemFree (pv=0x1b3cad70) [0119.151] GetForegroundWindow () returned 0x30020 [0119.151] CoTaskMemAlloc (cb=0x204) returned 0x1b3c96c0 [0119.151] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c96c0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0119.151] CoTaskMemFree (pv=0x1b3c96c0) [0119.242] GetForegroundWindow () returned 0x100e4 [0119.242] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0119.243] EnumProcesses (in: lpidProcess=0x270cff0, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x270cff0, lpcbNeeded=0x1bd3f3e0) returned 1 [0119.248] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x125eefb8, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x125eefb8, ResultLength=0x1bd3f380*=0x1c2d8) returned 0x0 [0119.279] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0119.280] CoTaskMemAlloc (cb=0x204) returned 0x1b3cb190 [0119.280] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3cb190, nMaxCount=256 | out: lpString="FolderView") returned 10 [0119.280] CoTaskMemFree (pv=0x1b3cb190) [0119.383] GetForegroundWindow () returned 0x30020 [0119.384] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0119.384] EnumProcesses (in: lpidProcess=0x256b778, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x256b778, lpcbNeeded=0x1bd3f3e0) returned 1 [0119.389] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1260efe8, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x1260efe8, ResultLength=0x1bd3f380*=0x1c2d8) returned 0x0 [0119.397] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0119.398] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca320 [0119.398] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca320, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0119.398] CoTaskMemFree (pv=0x1b3ca320) [0119.493] GetForegroundWindow () returned 0x30020 [0119.493] CoTaskMemAlloc (cb=0x204) returned 0x1b3caf80 [0119.493] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3caf80, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0119.493] CoTaskMemFree (pv=0x1b3caf80) [0119.558] GetForegroundWindow () returned 0x30020 [0119.558] CoTaskMemAlloc (cb=0x204) returned 0x1b3cad70 [0119.558] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cad70, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0119.558] CoTaskMemFree (pv=0x1b3cad70) [0119.789] GetForegroundWindow () returned 0x30020 [0119.789] CoTaskMemAlloc (cb=0x204) returned 0x1b3c98d0 [0119.789] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c98d0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0119.789] CoTaskMemFree (pv=0x1b3c98d0) [0119.856] GetForegroundWindow () returned 0x100e4 [0119.856] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0119.856] EnumProcesses (in: lpidProcess=0x25a56a8, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x25a56a8, lpcbNeeded=0x1bd3f3e0) returned 1 [0119.860] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12631030, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x12631030, ResultLength=0x1bd3f380*=0x1c2d8) returned 0x0 [0119.867] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0119.867] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9cf0 [0119.867] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3c9cf0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0119.868] CoTaskMemFree (pv=0x1b3c9cf0) [0119.930] GetForegroundWindow () returned 0x30020 [0119.930] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0119.930] EnumProcesses (in: lpidProcess=0x25e3140, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x25e3140, lpcbNeeded=0x1bd3f3e0) returned 1 [0119.934] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12651060, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x12651060, ResultLength=0x1bd3f380*=0x1c2d8) returned 0x0 [0119.941] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0119.941] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9f00 [0119.941] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9f00, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0119.941] CoTaskMemFree (pv=0x1b3c9f00) [0120.041] GetForegroundWindow () returned 0x30020 [0120.041] CoTaskMemAlloc (cb=0x204) returned 0x1b3cad70 [0120.041] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cad70, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0120.041] CoTaskMemFree (pv=0x1b3cad70) [0120.314] GetForegroundWindow () returned 0x30020 [0120.314] CoTaskMemAlloc (cb=0x204) returned 0x1b3cb190 [0120.314] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cb190, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0120.314] CoTaskMemFree (pv=0x1b3cb190) [0120.367] GetForegroundWindow () returned 0x30020 [0120.367] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca110 [0120.367] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca110, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0120.367] CoTaskMemFree (pv=0x1b3ca110) [0121.195] GetForegroundWindow () returned 0x100e4 [0121.195] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0121.195] EnumProcesses (in: lpidProcess=0x267a618, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x267a618, lpcbNeeded=0x1bd3f3e0) returned 1 [0121.199] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b10f0, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x126b10f0, ResultLength=0x1bd3f380*=0x1c328) returned 0x0 [0121.207] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0121.208] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca530 [0121.208] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3ca530, nMaxCount=256 | out: lpString="FolderView") returned 10 [0121.208] CoTaskMemFree (pv=0x1b3ca530) [0121.385] GetForegroundWindow () returned 0x30020 [0121.385] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0121.385] EnumProcesses (in: lpidProcess=0x26abb60, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x26abb60, lpcbNeeded=0x1bd3f3e0) returned 1 [0121.389] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126d1120, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x126d1120, ResultLength=0x1bd3f380*=0x1c328) returned 0x0 [0121.396] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0121.396] CoTaskMemAlloc (cb=0x204) returned 0x1b3cb190 [0121.396] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cb190, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0121.396] CoTaskMemFree (pv=0x1b3cb190) [0121.440] GetForegroundWindow () returned 0x30020 [0121.440] CoTaskMemAlloc (cb=0x204) returned 0x1b3cb190 [0121.440] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cb190, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0121.440] CoTaskMemFree (pv=0x1b3cb190) [0121.603] GetForegroundWindow () returned 0x30020 [0121.603] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0121.603] EnumProcesses (in: lpidProcess=0x270ebd8, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x270ebd8, lpcbNeeded=0x1bd3f3e0) returned 1 [0121.607] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12711180, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x12711180, ResultLength=0x1bd3f380*=0x1c328) returned 0x0 [0121.615] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0121.616] CoTaskMemAlloc (cb=0x204) returned 0x1b3c96c0 [0121.616] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c96c0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0121.616] CoTaskMemFree (pv=0x1b3c96c0) [0121.821] GetForegroundWindow () returned 0x30020 [0121.821] CoTaskMemAlloc (cb=0x204) returned 0x1b3c94b0 [0121.821] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c94b0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0121.821] CoTaskMemFree (pv=0x1b3c94b0) [0121.906] GetForegroundWindow () returned 0x100e4 [0121.906] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0121.906] EnumProcesses (in: lpidProcess=0x2740df0, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x2740df0, lpcbNeeded=0x1bd3f3e0) returned 1 [0121.909] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127311b0, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x127311b0, ResultLength=0x1bd3f380*=0x1c328) returned 0x0 [0121.935] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0121.935] CoTaskMemAlloc (cb=0x204) returned 0x1b3c94b0 [0121.935] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3c94b0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0121.935] CoTaskMemFree (pv=0x1b3c94b0) [0121.961] GetForegroundWindow () returned 0x30020 [0121.961] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0121.961] EnumProcesses (in: lpidProcess=0x258e7b0, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x258e7b0, lpcbNeeded=0x1bd3f3e0) returned 1 [0121.966] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127511e0, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x127511e0, ResultLength=0x1bd3f380*=0x1c328) returned 0x0 [0121.974] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0121.974] CoTaskMemAlloc (cb=0x204) returned 0x1b3c94b0 [0121.974] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c94b0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0121.974] CoTaskMemFree (pv=0x1b3c94b0) [0122.040] GetForegroundWindow () returned 0x30020 [0122.040] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca320 [0122.040] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca320, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0122.040] CoTaskMemFree (pv=0x1b3ca320) [0122.102] GetForegroundWindow () returned 0x30020 [0122.102] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9ae0 [0122.102] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9ae0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0122.102] CoTaskMemFree (pv=0x1b3c9ae0) [0122.175] GetForegroundWindow () returned 0x30020 [0122.175] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca740 [0122.175] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca740, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0122.175] CoTaskMemFree (pv=0x1b3ca740) [0122.243] GetForegroundWindow () returned 0x100e4 [0122.243] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0122.243] EnumProcesses (in: lpidProcess=0x25c03b0, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x25c03b0, lpcbNeeded=0x1bd3f3e0) returned 1 [0122.250] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12771210, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x12771210, ResultLength=0x1bd3f380*=0x1c328) returned 0x0 [0122.260] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0122.260] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9cf0 [0122.260] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3c9cf0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0122.260] CoTaskMemFree (pv=0x1b3c9cf0) [0122.320] GetForegroundWindow () returned 0x30020 [0122.321] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0122.321] EnumProcesses (in: lpidProcess=0x25f1730, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x25f1730, lpcbNeeded=0x1bd3f3e0) returned 1 [0122.326] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12791240, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x12791240, ResultLength=0x1bd3f380*=0x1bf48) returned 0x0 [0122.334] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0122.335] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca320 [0122.335] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca320, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0122.335] CoTaskMemFree (pv=0x1b3ca320) [0122.398] GetForegroundWindow () returned 0x30020 [0122.398] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca110 [0122.398] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca110, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0122.399] CoTaskMemFree (pv=0x1b3ca110) [0122.461] GetForegroundWindow () returned 0x30020 [0122.461] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca740 [0122.461] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca740, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0122.461] CoTaskMemFree (pv=0x1b3ca740) [0122.523] GetForegroundWindow () returned 0x30020 [0122.523] CoTaskMemAlloc (cb=0x204) returned 0x1b3cab60 [0122.524] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cab60, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0122.524] CoTaskMemFree (pv=0x1b3cab60) [0122.586] GetForegroundWindow () returned 0x100e4 [0122.586] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0122.587] EnumProcesses (in: lpidProcess=0x2622d00, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x2622d00, lpcbNeeded=0x1bd3f3e0) returned 1 [0122.592] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127b1270, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x127b1270, ResultLength=0x1bd3f380*=0x1bf48) returned 0x0 [0122.599] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0122.599] CoTaskMemAlloc (cb=0x204) returned 0x1b3c98d0 [0122.599] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3c98d0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0122.600] CoTaskMemFree (pv=0x1b3c98d0) [0122.665] GetForegroundWindow () returned 0x30020 [0122.665] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0122.665] EnumProcesses (in: lpidProcess=0x26539f0, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x26539f0, lpcbNeeded=0x1bd3f3e0) returned 1 [0122.707] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x124a6e90, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x124a6e90, ResultLength=0x1bd3f380*=0x1bf48) returned 0x0 [0122.714] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0122.714] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9cf0 [0122.714] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9cf0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0122.714] CoTaskMemFree (pv=0x1b3c9cf0) [0122.773] GetForegroundWindow () returned 0x30020 [0122.774] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca740 [0122.774] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca740, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0122.774] CoTaskMemFree (pv=0x1b3ca740) [0122.867] GetForegroundWindow () returned 0x30020 [0122.867] CoTaskMemAlloc (cb=0x204) returned 0x1b3c98d0 [0122.867] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c98d0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0122.867] CoTaskMemFree (pv=0x1b3c98d0) [0122.929] GetForegroundWindow () returned 0x30020 [0122.929] CoTaskMemAlloc (cb=0x204) returned 0x1b3c96c0 [0122.930] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c96c0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0122.930] CoTaskMemFree (pv=0x1b3c96c0) [0122.992] GetForegroundWindow () returned 0x100e4 [0122.992] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0122.992] EnumProcesses (in: lpidProcess=0x25754a0, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x25754a0, lpcbNeeded=0x1bd3f3e0) returned 1 [0122.999] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x124c6ec0, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x124c6ec0, ResultLength=0x1bd3f380*=0x1bf48) returned 0x0 [0123.005] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0123.005] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca950 [0123.005] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3ca950, nMaxCount=256 | out: lpString="FolderView") returned 10 [0123.005] CoTaskMemFree (pv=0x1b3ca950) [0123.073] GetForegroundWindow () returned 0x30020 [0123.073] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0123.074] EnumProcesses (in: lpidProcess=0x25a6190, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x25a6190, lpcbNeeded=0x1bd3f3e0) returned 1 [0123.089] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x124eee38, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x124eee38, ResultLength=0x1bd3f380*=0x1bf48) returned 0x0 [0123.114] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0123.114] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca950 [0123.114] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca950, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0123.114] CoTaskMemFree (pv=0x1b3ca950) [0123.166] GetForegroundWindow () returned 0x30020 [0123.166] CoTaskMemAlloc (cb=0x204) returned 0x1b3c98d0 [0123.166] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c98d0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0123.166] CoTaskMemFree (pv=0x1b3c98d0) [0123.227] GetForegroundWindow () returned 0x30020 [0123.227] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca530 [0123.227] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca530, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0123.227] CoTaskMemFree (pv=0x1b3ca530) [0123.292] GetForegroundWindow () returned 0x30020 [0123.292] CoTaskMemAlloc (cb=0x204) returned 0x1b3c94b0 [0123.292] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c94b0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0123.292] CoTaskMemFree (pv=0x1b3c94b0) [0123.352] GetForegroundWindow () returned 0x100e4 [0123.352] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0123.352] EnumProcesses (in: lpidProcess=0x25d77c0, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x25d77c0, lpcbNeeded=0x1bd3f3e0) returned 1 [0123.359] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1250ee68, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x1250ee68, ResultLength=0x1bd3f380*=0x1bf48) returned 0x0 [0123.366] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0123.366] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9ae0 [0123.366] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3c9ae0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0123.366] CoTaskMemFree (pv=0x1b3c9ae0) [0123.430] GetForegroundWindow () returned 0x30020 [0123.430] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0123.430] EnumProcesses (in: lpidProcess=0x26084b0, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x26084b0, lpcbNeeded=0x1bd3f3e0) returned 1 [0123.436] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1252ee98, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x1252ee98, ResultLength=0x1bd3f380*=0x1bf48) returned 0x0 [0123.443] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0123.444] CoTaskMemAlloc (cb=0x204) returned 0x1b3cad70 [0123.444] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cad70, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0123.444] CoTaskMemFree (pv=0x1b3cad70) [0123.496] GetForegroundWindow () returned 0x30020 [0123.496] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9ae0 [0123.496] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9ae0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0123.496] CoTaskMemFree (pv=0x1b3c9ae0) [0123.554] GetForegroundWindow () returned 0x30020 [0123.555] CoTaskMemAlloc (cb=0x204) returned 0x1b3c94b0 [0123.555] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c94b0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0123.555] CoTaskMemFree (pv=0x1b3c94b0) [0123.619] GetForegroundWindow () returned 0x30020 [0123.619] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca740 [0123.619] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca740, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0123.619] CoTaskMemFree (pv=0x1b3ca740) [0123.682] GetForegroundWindow () returned 0x100e4 [0123.682] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0123.682] EnumProcesses (in: lpidProcess=0x2639a80, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x2639a80, lpcbNeeded=0x1bd3f3e0) returned 1 [0123.692] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1254eec8, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x1254eec8, ResultLength=0x1bd3f380*=0x1bea8) returned 0x0 [0123.698] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0123.699] CoTaskMemAlloc (cb=0x204) returned 0x1b3cab60 [0123.699] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3cab60, nMaxCount=256 | out: lpString="FolderView") returned 10 [0123.699] CoTaskMemFree (pv=0x1b3cab60) [0123.758] GetForegroundWindow () returned 0x30020 [0123.758] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0123.758] EnumProcesses (in: lpidProcess=0x266a650, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x266a650, lpcbNeeded=0x1bd3f3e0) returned 1 [0123.763] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1256eef8, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x1256eef8, ResultLength=0x1bd3f380*=0x1bea8) returned 0x0 [0123.770] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0123.770] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca740 [0123.770] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca740, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0123.770] CoTaskMemFree (pv=0x1b3ca740) [0123.836] GetForegroundWindow () returned 0x30020 [0123.836] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca110 [0123.836] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca110, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0123.836] CoTaskMemFree (pv=0x1b3ca110) [0123.898] GetForegroundWindow () returned 0x30020 [0123.898] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9ae0 [0123.898] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9ae0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0123.898] CoTaskMemFree (pv=0x1b3c9ae0) [0123.961] GetForegroundWindow () returned 0x30020 [0123.961] CoTaskMemAlloc (cb=0x204) returned 0x1b3cb190 [0123.961] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cb190, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0123.961] CoTaskMemFree (pv=0x1b3cb190) [0124.023] GetForegroundWindow () returned 0x100e4 [0124.023] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0124.023] EnumProcesses (in: lpidProcess=0x269bb00, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x269bb00, lpcbNeeded=0x1bd3f3e0) returned 1 [0124.028] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1258ef28, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x1258ef28, ResultLength=0x1bd3f380*=0x1bea8) returned 0x0 [0124.035] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0124.035] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca530 [0124.035] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3ca530, nMaxCount=256 | out: lpString="FolderView") returned 10 [0124.035] CoTaskMemFree (pv=0x1b3ca530) [0124.089] GetForegroundWindow () returned 0x30020 [0124.089] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0124.091] EnumProcesses (in: lpidProcess=0x26cc6d0, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x26cc6d0, lpcbNeeded=0x1bd3f3e0) returned 1 [0124.096] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x125aef58, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x125aef58, ResultLength=0x1bd3f380*=0x1bea8) returned 0x0 [0124.102] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0124.102] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9ae0 [0124.102] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9ae0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0124.102] CoTaskMemFree (pv=0x1b3c9ae0) [0124.164] GetForegroundWindow () returned 0x30020 [0124.164] CoTaskMemAlloc (cb=0x204) returned 0x1b3c94b0 [0124.164] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c94b0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0124.164] CoTaskMemFree (pv=0x1b3c94b0) [0124.227] GetForegroundWindow () returned 0x30020 [0124.227] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9f00 [0124.227] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9f00, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0124.227] CoTaskMemFree (pv=0x1b3c9f00) [0124.290] GetForegroundWindow () returned 0x30020 [0124.290] CoTaskMemAlloc (cb=0x204) returned 0x1b3cb190 [0124.290] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cb190, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0124.290] CoTaskMemFree (pv=0x1b3cb190) [0124.352] GetForegroundWindow () returned 0x100e4 [0124.352] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0124.353] EnumProcesses (in: lpidProcess=0x26fdbe0, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x26fdbe0, lpcbNeeded=0x1bd3f3e0) returned 1 [0124.360] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x125cef88, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x125cef88, ResultLength=0x1bd3f380*=0x1bea8) returned 0x0 [0124.366] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0124.366] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9ae0 [0124.367] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3c9ae0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0124.367] CoTaskMemFree (pv=0x1b3c9ae0) [0124.432] GetForegroundWindow () returned 0x30020 [0124.432] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0124.432] EnumProcesses (in: lpidProcess=0x272e7b0, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x272e7b0, lpcbNeeded=0x1bd3f3e0) returned 1 [0124.437] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x125eefb8, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x125eefb8, ResultLength=0x1bd3f380*=0x1bea8) returned 0x0 [0124.454] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0124.454] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca530 [0124.454] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca530, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0124.454] CoTaskMemFree (pv=0x1b3ca530) [0124.508] GetForegroundWindow () returned 0x30020 [0124.508] CoTaskMemAlloc (cb=0x204) returned 0x1b3c98d0 [0124.508] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c98d0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0124.508] CoTaskMemFree (pv=0x1b3c98d0) [0124.570] GetForegroundWindow () returned 0x30020 [0124.570] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9cf0 [0124.570] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9cf0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0124.570] CoTaskMemFree (pv=0x1b3c9cf0) [0124.638] GetForegroundWindow () returned 0x30020 [0124.638] CoTaskMemAlloc (cb=0x204) returned 0x1b3c96c0 [0124.638] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c96c0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0124.638] CoTaskMemFree (pv=0x1b3c96c0) [0124.742] GetForegroundWindow () returned 0x100e4 [0124.742] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0124.742] EnumProcesses (in: lpidProcess=0x256d1b8, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x256d1b8, lpcbNeeded=0x1bd3f3e0) returned 1 [0124.747] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1260efe8, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x1260efe8, ResultLength=0x1bd3f380*=0x1c340) returned 0x0 [0124.754] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0124.754] CoTaskMemAlloc (cb=0x204) returned 0x1b3cb190 [0124.754] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3cb190, nMaxCount=256 | out: lpString="FolderView") returned 10 [0124.754] CoTaskMemFree (pv=0x1b3cb190) [0124.825] GetForegroundWindow () returned 0x30020 [0124.826] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0124.826] EnumProcesses (in: lpidProcess=0x259e388, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x259e388, lpcbNeeded=0x1bd3f3e0) returned 1 [0124.831] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12631018, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x12631018, ResultLength=0x1bd3f380*=0x1c3e0) returned 0x0 [0124.837] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0124.837] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca110 [0124.837] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca110, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0124.837] CoTaskMemFree (pv=0x1b3ca110) [0124.898] GetForegroundWindow () returned 0x30020 [0124.898] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca950 [0124.898] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca950, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0124.898] CoTaskMemFree (pv=0x1b3ca950) [0124.961] GetForegroundWindow () returned 0x30020 [0124.961] CoTaskMemAlloc (cb=0x204) returned 0x1b3c96c0 [0124.961] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c96c0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0124.961] CoTaskMemFree (pv=0x1b3c96c0) [0125.023] GetForegroundWindow () returned 0x30020 [0125.023] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9f00 [0125.024] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9f00, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0125.024] CoTaskMemFree (pv=0x1b3c9f00) [0125.087] GetForegroundWindow () returned 0x100e4 [0125.087] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0125.087] EnumProcesses (in: lpidProcess=0x25cff58, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x25cff58, lpcbNeeded=0x1bd3f3e0) returned 1 [0125.094] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12651048, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x12651048, ResultLength=0x1bd3f380*=0x1be58) returned 0x0 [0125.103] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0125.104] CoTaskMemAlloc (cb=0x204) returned 0x1b3c98d0 [0125.104] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3c98d0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0125.104] CoTaskMemFree (pv=0x1b3c98d0) [0125.162] GetForegroundWindow () returned 0x30020 [0125.163] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0125.163] EnumProcesses (in: lpidProcess=0x2600a98, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x2600a98, lpcbNeeded=0x1bd3f3e0) returned 1 [0125.174] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12671078, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x12671078, ResultLength=0x1bd3f380*=0x1be58) returned 0x0 [0125.183] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0125.183] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9cf0 [0125.184] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9cf0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0125.184] CoTaskMemFree (pv=0x1b3c9cf0) [0125.242] GetForegroundWindow () returned 0x30020 [0125.242] CoTaskMemAlloc (cb=0x204) returned 0x1b3cb190 [0125.242] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cb190, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0125.242] CoTaskMemFree (pv=0x1b3cb190) [0125.304] GetForegroundWindow () returned 0x30020 [0125.304] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9cf0 [0125.304] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9cf0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0125.305] CoTaskMemFree (pv=0x1b3c9cf0) [0125.368] GetForegroundWindow () returned 0x30020 [0125.368] CoTaskMemAlloc (cb=0x204) returned 0x1b3cad70 [0125.368] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cad70, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0125.368] CoTaskMemFree (pv=0x1b3cad70) [0125.430] GetForegroundWindow () returned 0x100e4 [0125.430] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0125.430] EnumProcesses (in: lpidProcess=0x2631f18, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x2631f18, lpcbNeeded=0x1bd3f3e0) returned 1 [0125.437] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126910a8, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x126910a8, ResultLength=0x1bd3f380*=0x1be58) returned 0x0 [0125.444] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0125.446] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9f00 [0125.446] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3c9f00, nMaxCount=256 | out: lpString="FolderView") returned 10 [0125.447] CoTaskMemFree (pv=0x1b3c9f00) [0125.508] GetForegroundWindow () returned 0x30020 [0125.508] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0125.508] EnumProcesses (in: lpidProcess=0x2662a58, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x2662a58, lpcbNeeded=0x1bd3f3e0) returned 1 [0125.514] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b10d8, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x126b10d8, ResultLength=0x1bd3f380*=0x1be58) returned 0x0 [0125.521] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0125.521] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca110 [0125.521] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca110, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0125.521] CoTaskMemFree (pv=0x1b3ca110) [0125.618] GetForegroundWindow () returned 0x30020 [0125.618] CoTaskMemAlloc (cb=0x204) returned 0x1b3cb190 [0125.618] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cb190, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0125.618] CoTaskMemFree (pv=0x1b3cb190) [0125.680] GetForegroundWindow () returned 0x30020 [0125.680] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9f00 [0125.680] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9f00, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0125.680] CoTaskMemFree (pv=0x1b3c9f00) [0125.757] GetForegroundWindow () returned 0x30020 [0125.757] CoTaskMemAlloc (cb=0x204) returned 0x1b3c94b0 [0125.757] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c94b0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0125.757] CoTaskMemFree (pv=0x1b3c94b0) [0125.820] GetForegroundWindow () returned 0x100e4 [0125.820] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0125.820] EnumProcesses (in: lpidProcess=0x2693e78, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x2693e78, lpcbNeeded=0x1bd3f3e0) returned 1 [0125.828] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126d1108, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x126d1108, ResultLength=0x1bd3f380*=0x1be58) returned 0x0 [0125.837] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0125.837] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9ae0 [0125.837] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3c9ae0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0125.837] CoTaskMemFree (pv=0x1b3c9ae0) [0125.898] GetForegroundWindow () returned 0x30020 [0125.898] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0125.898] EnumProcesses (in: lpidProcess=0x26c49b8, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x26c49b8, lpcbNeeded=0x1bd3f3e0) returned 1 [0125.904] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126f1138, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x126f1138, ResultLength=0x1bd3f380*=0x1be58) returned 0x0 [0125.911] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0125.911] CoTaskMemAlloc (cb=0x204) returned 0x1b3cab60 [0125.911] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cab60, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0125.911] CoTaskMemFree (pv=0x1b3cab60) [0125.916] CoTaskMemAlloc (cb=0x22) returned 0x1b3958b0 [0125.916] getaddrinfo (in: pNodeName="trustedvpnconnection.anondns.net", pServiceName=0x0, pHints=0x1bd3f3a0*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x1bd3f398 | out: ppResult=0x1bd3f398*=0x1b393840*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="trustedvpnconnection.anondns.net", ai_addr=0x1b3cd5d0*(sa_family=2, sin_port=0x0, sin_addr="107.150.23.184"), ai_next=0x0)) returned 0 [0125.921] CoTaskMemFree (pv=0x1b3958b0) [0125.921] CoTaskMemFree (pv=0x0) [0125.922] FreeAddrInfoW (pAddrInfo=0x1b393840*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="牴獵整癤湰潣湮捥楴湯愮潮摮獮渮瑥", ai_addr=0x1b3cd5d0*(sa_family=2, sin_port=0x0, sin_addr="107.150.23.184"), ai_next=0x0)) [0125.922] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x41c [0125.923] setsockopt (s=0x41c, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0125.923] bind (s=0x41c, addr=0x26f72e0*(sa_family=2, sin_port=0x0, sin_addr="0.0.0.0"), namelen=16) returned 0 [0125.924] ConnectEx (in: s=0x41c, name=0x26f70c0*(sa_family=2, sin_port=0x9828, sin_addr="107.150.23.184"), namelen=16, lpSendBuffer=0x0, dwSendDataLength=0x0, lpdwBytesSent=0x1bd3f3c8, lpOverlapped=0x26f5f68 | out: lpdwBytesSent=0x1bd3f3c8*=0x0) returned 0 [0126.102] GetForegroundWindow () returned 0x30020 [0126.102] CoTaskMemAlloc (cb=0x204) returned 0x1b3cab60 [0126.102] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cab60, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0126.102] CoTaskMemFree (pv=0x1b3cab60) [0126.383] WSASend (in: s=0x41c, lpBuffers=0x1bd3f260*=((len=0xc, buf=0x12721167*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1bd3f258, dwFlags=0x0, lpOverlapped=0x26f5ef0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1bd3f258*=0xc, lpOverlapped=0x26f5ef0) returned 0 [0126.385] GetForegroundWindow () returned 0x30020 [0126.385] CoTaskMemAlloc (cb=0x204) returned 0x1b3c96c0 [0126.385] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c96c0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0126.385] CoTaskMemFree (pv=0x1b3c96c0) [0126.570] GetForegroundWindow () returned 0x30020 [0126.570] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0126.570] EnumProcesses (in: lpidProcess=0x272a490, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x272a490, lpcbNeeded=0x1bd3f3e0) returned 1 [0126.573] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127511c8, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x127511c8, ResultLength=0x1bd3f380*=0x1be58) returned 0x0 [0126.596] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0126.596] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9f00 [0126.596] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9f00, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0126.596] CoTaskMemFree (pv=0x1b3c9f00) [0126.790] GetForegroundWindow () returned 0x100e4 [0126.791] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0126.791] EnumProcesses (in: lpidProcess=0x257ceb0, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x257ceb0, lpcbNeeded=0x1bd3f3e0) returned 1 [0126.795] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127711f8, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x127711f8, ResultLength=0x1bd3f380*=0x1be58) returned 0x0 [0126.803] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0126.803] CoTaskMemAlloc (cb=0x204) returned 0x1b3cb190 [0126.803] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3cb190, nMaxCount=256 | out: lpString="FolderView") returned 10 [0126.803] CoTaskMemFree (pv=0x1b3cb190) [0126.929] GetForegroundWindow () returned 0x30020 [0126.929] CoTaskMemAlloc (cb=0x204) returned 0x1b3cb190 [0126.929] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cb190, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0126.930] CoTaskMemFree (pv=0x1b3cb190) [0127.055] GetForegroundWindow () returned 0x30020 [0127.055] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca530 [0127.055] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca530, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0127.055] CoTaskMemFree (pv=0x1b3ca530) [0127.180] GetForegroundWindow () returned 0x30020 [0127.180] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9ae0 [0127.180] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c9ae0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0127.181] CoTaskMemFree (pv=0x1b3c9ae0) [0127.305] GetForegroundWindow () returned 0x30020 [0127.305] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0127.305] EnumProcesses (in: lpidProcess=0x2574bf0, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x2574bf0, lpcbNeeded=0x1bd3f3e0) returned 1 [0127.307] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12591d90, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x12591d90, ResultLength=0x1bd3f380*=0x1be58) returned 0x0 [0127.314] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0127.314] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca530 [0127.314] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca530, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0127.314] CoTaskMemFree (pv=0x1b3ca530) [0127.492] GetForegroundWindow () returned 0x100e4 [0127.492] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0127.492] EnumProcesses (in: lpidProcess=0x25a5e30, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x25a5e30, lpcbNeeded=0x1bd3f3e0) returned 1 [0127.494] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x125b1dc0, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x125b1dc0, ResultLength=0x1bd3f380*=0x1be58) returned 0x0 [0127.501] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0127.501] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca740 [0127.501] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3ca740, nMaxCount=256 | out: lpString="FolderView") returned 10 [0127.501] CoTaskMemFree (pv=0x1b3ca740) [0127.618] GetForegroundWindow () returned 0x30020 [0127.619] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca320 [0127.619] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca320, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0127.619] CoTaskMemFree (pv=0x1b3ca320) [0127.760] GetForegroundWindow () returned 0x30020 [0127.760] CoTaskMemAlloc (cb=0x204) returned 0x1b3c94b0 [0127.760] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c94b0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0127.760] CoTaskMemFree (pv=0x1b3c94b0) [0127.900] GetForegroundWindow () returned 0x30020 [0127.900] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0127.900] EnumProcesses (in: lpidProcess=0x2638b10, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x2638b10, lpcbNeeded=0x1bd3f3e0) returned 1 [0127.912] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12631018, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x12631018, ResultLength=0x1bd3f380*=0x1be58) returned 0x0 [0127.921] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0127.921] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca320 [0127.921] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca320, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0127.921] CoTaskMemFree (pv=0x1b3ca320) [0128.050] GetForegroundWindow () returned 0x30020 [0128.051] CoTaskMemAlloc (cb=0x204) returned 0x1b3cb190 [0128.051] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cb190, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0128.051] CoTaskMemFree (pv=0x1b3cb190) [0128.181] GetForegroundWindow () returned 0x100e4 [0128.181] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0128.182] EnumProcesses (in: lpidProcess=0x266a290, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x266a290, lpcbNeeded=0x1bd3f3e0) returned 1 [0128.191] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12651048, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x12651048, ResultLength=0x1bd3f380*=0x1be58) returned 0x0 [0128.198] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0128.199] CoTaskMemAlloc (cb=0x204) returned 0x1b3cad70 [0128.199] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3cad70, nMaxCount=256 | out: lpString="FolderView") returned 10 [0128.199] CoTaskMemFree (pv=0x1b3cad70) [0128.445] GetForegroundWindow () returned 0x30020 [0128.445] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca530 [0128.445] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca530, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0128.445] CoTaskMemFree (pv=0x1b3ca530) [0128.492] GetForegroundWindow () returned 0x30020 [0128.492] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca740 [0128.492] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca740, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0128.492] CoTaskMemFree (pv=0x1b3ca740) [0128.680] GetForegroundWindow () returned 0x30020 [0128.680] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca950 [0128.680] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca950, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0128.681] CoTaskMemFree (pv=0x1b3ca950) [0128.900] GetForegroundWindow () returned 0x30020 [0128.900] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0128.900] EnumProcesses (in: lpidProcess=0x25c04e0, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x25c04e0, lpcbNeeded=0x1bd3f3e0) returned 1 [0128.918] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12dfaa80, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x12dfaa80, ResultLength=0x1bd3f380*=0x1be58) returned 0x0 [0128.927] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0128.927] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca320 [0128.927] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca320, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0128.927] CoTaskMemFree (pv=0x1b3ca320) [0129.122] GetForegroundWindow () returned 0x100e4 [0129.122] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0129.122] EnumProcesses (in: lpidProcess=0x25f8238, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x25f8238, lpcbNeeded=0x1bd3f3e0) returned 1 [0129.125] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12e1aab0, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x12e1aab0, ResultLength=0x1bd3f380*=0x1be58) returned 0x0 [0129.135] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0129.135] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca320 [0129.135] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3ca320, nMaxCount=256 | out: lpString="FolderView") returned 10 [0129.136] CoTaskMemFree (pv=0x1b3ca320) [0130.564] GetLastInputInfo (in: plii=0x1bd3f500 | out: plii=0x1bd3f500*(cbSize=0x8, dwTime=0x18e5bdb)) returned 1 [0130.565] GetForegroundWindow () returned 0x30020 [0130.565] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0130.565] EnumProcesses (in: lpidProcess=0x2634500, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x2634500, lpcbNeeded=0x1bd3f3e0) returned 1 [0130.570] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12e3aae0, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x12e3aae0, ResultLength=0x1bd3f380*=0x1bfe8) returned 0x0 [0130.833] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0130.844] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca530 [0130.844] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca530, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0130.844] CoTaskMemFree (pv=0x1b3ca530) [0130.944] GetForegroundWindow () returned 0x30020 [0130.949] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca950 [0130.949] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca950, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0130.949] CoTaskMemFree (pv=0x1b3ca950) [0130.950] GetForegroundWindow () returned 0x30020 [0130.950] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca110 [0130.950] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca110, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0130.950] CoTaskMemFree (pv=0x1b3ca110) [0130.950] GetForegroundWindow () returned 0x30020 [0130.950] CoTaskMemAlloc (cb=0x204) returned 0x1b3cad70 [0130.950] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cad70, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0130.950] CoTaskMemFree (pv=0x1b3cad70) [0130.952] GetForegroundWindow () returned 0x100e4 [0130.952] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0130.952] EnumProcesses (in: lpidProcess=0x2697608, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x2697608, lpcbNeeded=0x1bd3f3e0) returned 1 [0130.954] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12e7ab40, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x12e7ab40, ResultLength=0x1bd3f380*=0x1c370) returned 0x0 [0130.962] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0130.963] CoTaskMemAlloc (cb=0x204) returned 0x1b3cb190 [0130.963] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3cb190, nMaxCount=256 | out: lpString="FolderView") returned 10 [0130.964] CoTaskMemFree (pv=0x1b3cb190) [0130.965] GetForegroundWindow () returned 0x30020 [0130.965] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca950 [0130.965] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca950, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0130.965] CoTaskMemFree (pv=0x1b3ca950) [0131.426] GetForegroundWindow () returned 0x30020 [0131.562] CoTaskMemAlloc (cb=0x204) returned 0x1b3c94b0 [0131.562] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c94b0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0131.562] CoTaskMemFree (pv=0x1b3c94b0) [0131.563] GetForegroundWindow () returned 0x30020 [0131.563] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca740 [0131.563] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3ca740, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0131.563] CoTaskMemFree (pv=0x1b3ca740) [0131.719] GetForegroundWindow () returned 0x30020 [0131.720] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x2f8 [0131.720] EnumProcesses (in: lpidProcess=0x2737208, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x2737208, lpcbNeeded=0x1bd3f3e0) returned 1 [0131.725] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12edabd0, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x12edabd0, ResultLength=0x1bd3f380*=0x1c460) returned 0x0 [0131.733] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0131.733] CoTaskMemAlloc (cb=0x204) returned 0x1b3c96c0 [0131.733] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c96c0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0131.733] CoTaskMemFree (pv=0x1b3c96c0) [0131.734] GetForegroundWindow () returned 0x100e4 [0131.734] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4b0 | out: lpdwProcessId=0x1bd3f4b0) returned 0x7b8 [0131.734] EnumProcesses (in: lpidProcess=0x2768788, cb=0x400, lpcbNeeded=0x1bd3f3d0 | out: lpidProcess=0x2768788, lpcbNeeded=0x1bd3f3d0) returned 1 [0131.741] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12efac00, Length=0x20000, ResultLength=0x1bd3f370 | out: SystemInformation=0x12efac00, ResultLength=0x1bd3f370*=0x1c460) returned 0x0 [0131.823] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0131.823] CoTaskMemAlloc (cb=0x204) returned 0x1b3cab60 [0131.823] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3cab60, nMaxCount=256 | out: lpString="FolderView") returned 10 [0131.823] CoTaskMemFree (pv=0x1b3cab60) [0131.866] GetForegroundWindow () returned 0x30020 [0131.867] CoTaskMemAlloc (cb=0x204) returned 0x1b3cb190 [0131.867] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cb190, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0131.867] CoTaskMemFree (pv=0x1b3cb190) [0131.868] GetForegroundWindow () returned 0x30020 [0131.868] GetWindowThreadProcessId (in: hWnd=0x30020, lpdwProcessId=0x1bd3f4b0 | out: lpdwProcessId=0x1bd3f4b0) returned 0x2f8 [0131.868] EnumProcesses (in: lpidProcess=0x25a9118, cb=0x400, lpcbNeeded=0x1bd3f3d0 | out: lpidProcess=0x25a9118, lpcbNeeded=0x1bd3f3d0) returned 1 [0131.872] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12f1ac30, Length=0x20000, ResultLength=0x1bd3f370 | out: SystemInformation=0x12f1ac30, ResultLength=0x1bd3f370*=0x1c5f0) returned 0x0 [0131.880] GetKeyboardLayout (idThread=0x2f8) returned 0x4090409 [0131.880] CoTaskMemAlloc (cb=0x204) returned 0x1b3cb190 [0131.880] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3cb190, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0131.880] CoTaskMemFree (pv=0x1b3cb190) [0132.152] GetForegroundWindow () returned 0x30020 [0132.152] CoTaskMemAlloc (cb=0x204) returned 0x1b3c98d0 [0132.152] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c98d0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0132.153] CoTaskMemFree (pv=0x1b3c98d0) [0132.153] GetForegroundWindow () returned 0x30020 [0132.153] CoTaskMemAlloc (cb=0x204) returned 0x1b3c96c0 [0132.153] GetWindowTextW (in: hWnd=0x30020, lpString=0x1b3c96c0, nMaxCount=256 | out: lpString="Blank Page - Internet Explorer") returned 30 [0132.154] CoTaskMemFree (pv=0x1b3c96c0) [0133.121] GetForegroundWindow () returned 0x0 [0133.121] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0133.121] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca110 [0133.121] GetWindowTextW (in: hWnd=0x0, lpString=0x1b3ca110, nMaxCount=256 | out: lpString="") returned 0 [0133.121] CoTaskMemFree (pv=0x1b3ca110) [0133.121] GetForegroundWindow () returned 0x0 [0133.122] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0133.122] CoTaskMemAlloc (cb=0x204) returned 0x1b3cab60 [0133.122] GetWindowTextW (in: hWnd=0x0, lpString=0x1b3cab60, nMaxCount=256 | out: lpString="") returned 0 [0133.122] CoTaskMemFree (pv=0x1b3cab60) [0134.892] GetForegroundWindow () returned 0x0 [0134.892] CoTaskMemAlloc (cb=0x204) returned 0x1b3cb190 [0134.892] GetWindowTextW (in: hWnd=0x0, lpString=0x1b3cb190, nMaxCount=256 | out: lpString="") returned 0 [0134.892] CoTaskMemFree (pv=0x1b3cb190) [0134.893] GetForegroundWindow () returned 0x0 [0134.893] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca320 [0134.893] GetWindowTextW (in: hWnd=0x0, lpString=0x1b3ca320, nMaxCount=256 | out: lpString="") returned 0 [0134.893] CoTaskMemFree (pv=0x1b3ca320) [0135.348] GetForegroundWindow () returned 0x0 [0135.348] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca530 [0135.348] GetWindowTextW (in: hWnd=0x0, lpString=0x1b3ca530, nMaxCount=256 | out: lpString="") returned 0 [0135.348] CoTaskMemFree (pv=0x1b3ca530) [0135.349] GetForegroundWindow () returned 0x100e4 [0135.349] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4b0 | out: lpdwProcessId=0x1bd3f4b0) returned 0x7b8 [0135.349] EnumProcesses (in: lpidProcess=0x262aa90, cb=0x400, lpcbNeeded=0x1bd3f3d0 | out: lpidProcess=0x262aa90, lpcbNeeded=0x1bd3f3d0) returned 1 [0135.352] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12f5ac90, Length=0x20000, ResultLength=0x1bd3f370 | out: SystemInformation=0x12f5ac90, ResultLength=0x1bd3f370*=0x144e0) returned 0x0 [0135.361] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0135.361] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca320 [0135.361] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3ca320, nMaxCount=256 | out: lpString="FolderView") returned 10 [0135.362] CoTaskMemFree (pv=0x1b3ca320) [0135.682] GetForegroundWindow () returned 0x0 [0135.682] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0135.682] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca320 [0135.682] GetWindowTextW (in: hWnd=0x0, lpString=0x1b3ca320, nMaxCount=256 | out: lpString="") returned 0 [0135.682] CoTaskMemFree (pv=0x1b3ca320) [0135.683] GetForegroundWindow () returned 0x0 [0135.683] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca950 [0135.683] GetWindowTextW (in: hWnd=0x0, lpString=0x1b3ca950, nMaxCount=256 | out: lpString="") returned 0 [0135.683] CoTaskMemFree (pv=0x1b3ca950) [0135.915] GetForegroundWindow () returned 0x0 [0135.915] CoTaskMemAlloc (cb=0x204) returned 0x1b3cad70 [0135.915] GetWindowTextW (in: hWnd=0x0, lpString=0x1b3cad70, nMaxCount=256 | out: lpString="") returned 0 [0135.915] CoTaskMemFree (pv=0x1b3cad70) [0135.916] GetForegroundWindow () returned 0x0 [0135.916] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca110 [0135.917] GetWindowTextW (in: hWnd=0x0, lpString=0x1b3ca110, nMaxCount=256 | out: lpString="") returned 0 [0135.917] CoTaskMemFree (pv=0x1b3ca110) [0136.209] GetForegroundWindow () returned 0x100e4 [0136.209] GetWindowThreadProcessId (in: hWnd=0x100e4, lpdwProcessId=0x1bd3f4c0 | out: lpdwProcessId=0x1bd3f4c0) returned 0x7b8 [0136.209] EnumProcesses (in: lpidProcess=0x26a3388, cb=0x400, lpcbNeeded=0x1bd3f3e0 | out: lpidProcess=0x26a3388, lpcbNeeded=0x1bd3f3e0) returned 1 [0136.212] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12fbad20, Length=0x20000, ResultLength=0x1bd3f380 | out: SystemInformation=0x12fbad20, ResultLength=0x1bd3f380*=0x14490) returned 0x0 [0136.220] GetKeyboardLayout (idThread=0x7b8) returned 0x4090409 [0136.220] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca320 [0136.220] GetWindowTextW (in: hWnd=0x100e4, lpString=0x1b3ca320, nMaxCount=256 | out: lpString="FolderView") returned 10 [0136.220] CoTaskMemFree (pv=0x1b3ca320) [0136.221] GetForegroundWindow () returned 0x0 [0136.221] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0136.221] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca530 [0136.221] GetWindowTextW (in: hWnd=0x0, lpString=0x1b3ca530, nMaxCount=256 | out: lpString="") returned 0 [0136.221] CoTaskMemFree (pv=0x1b3ca530) [0136.559] GetForegroundWindow () returned 0x0 [0136.559] CoTaskMemAlloc (cb=0x204) returned 0x1b3c9ae0 [0136.559] GetWindowTextW (in: hWnd=0x0, lpString=0x1b3c9ae0, nMaxCount=256 | out: lpString="") returned 0 [0136.559] CoTaskMemFree (pv=0x1b3c9ae0) [0136.560] GetForegroundWindow () returned 0x0 [0136.560] CoTaskMemAlloc (cb=0x204) returned 0x1b3c98d0 [0136.560] GetWindowTextW (in: hWnd=0x0, lpString=0x1b3c98d0, nMaxCount=256 | out: lpString="") returned 0 [0136.560] CoTaskMemFree (pv=0x1b3c98d0) Thread: id = 10 os_tid = 0x1114 [0120.828] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0120.834] setsockopt (s=0x454, level=65535, optname=28688, optval=0x0, optlen=0) returned 0 [0121.075] getpeername (in: s=0x454, name=0x2679588, namelen=0x1c32f238 | out: name=0x2679588*(sa_family=2, sin_port=0x9828, sin_addr="107.150.23.184"), namelen=0x1c32f238) returned 0 [0121.151] CoTaskMemAlloc (cb=0x204) returned 0x1b3c94b0 [0121.151] GetComputerNameW (in: lpBuffer=0x1b3c94b0, nSize=0x1c32f1b8 | out: lpBuffer="XC64ZB", nSize=0x1c32f1b8) returned 1 [0121.151] CoTaskMemFree (pv=0x1b3c94b0) [0121.151] CoTaskMemAlloc (cb=0x204) returned 0x1b3c96c0 [0121.151] GetUserNameW (in: lpBuffer=0x1b3c96c0, pcbBuffer=0x1c32f1b8 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x1c32f1b8) returned 1 [0121.152] CoTaskMemFree (pv=0x1b3c96c0) [0121.508] WSARecv (in: s=0x454, lpBuffers=0x1c32f1b0, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f1ac, lpFlags=0x1c32f1a8*=0x0, lpOverlapped=0x2538ba0, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f1b0*=((len=0xffff, buf=0x124ce9e8*)), lpNumberOfBytesRecvd=0x1c32f1ac*=0x0, lpFlags=0x1c32f1a8*=0x0, lpOverlapped=0x2538ba0) returned 0 [0121.513] WSASend (in: s=0x454, lpBuffers=0x1c32f1b0*=((len=0x4c, buf=0x124de9e7*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c32f1a8, dwFlags=0x0, lpOverlapped=0x2538c18, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c32f1a8*=0x4c, lpOverlapped=0x2538c18) returned 0 [0121.702] closesocket (s=0x454) returned 0 [0121.862] GetWindowThreadProcessId (in: hWnd=0xb0292, lpdwProcessId=0x1c32ef00 | out: lpdwProcessId=0x1c32ef00) returned 0x1128 [0121.862] GetCurrentThreadId () returned 0x1114 [0121.870] GetWindowThreadProcessId (in: hWnd=0xb0292, lpdwProcessId=0x1c32ee00 | out: lpdwProcessId=0x1c32ee00) returned 0x1128 [0121.870] GetCurrentThreadId () returned 0x1114 [0121.870] PostMessageW (hWnd=0xb0292, Msg=0xc1e3, wParam=0x0, lParam=0x0) returned 1 [0126.057] setsockopt (s=0x41c, level=65535, optname=28688, optval=0x0, optlen=0) returned 0 [0126.057] getpeername (in: s=0x41c, name=0x26f7a58, namelen=0x1c32f238 | out: name=0x26f7a58*(sa_family=2, sin_port=0x9828, sin_addr="107.150.23.184"), namelen=0x1c32f238) returned 0 [0126.057] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca320 [0126.057] GetComputerNameW (in: lpBuffer=0x1b3ca320, nSize=0x1c32f1b8 | out: lpBuffer="XC64ZB", nSize=0x1c32f1b8) returned 1 [0126.057] CoTaskMemFree (pv=0x1b3ca320) [0126.057] CoTaskMemAlloc (cb=0x204) returned 0x1b3ca110 [0126.057] GetUserNameW (in: lpBuffer=0x1b3ca110, pcbBuffer=0x1c32f1b8 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x1c32f1b8) returned 1 [0126.058] CoTaskMemFree (pv=0x1b3ca110) [0126.059] WSASend (in: s=0x41c, lpBuffers=0x1c32ef70*=((len=0x4c, buf=0x12721167*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c32ef68, dwFlags=0x0, lpOverlapped=0x26f5ef0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c32ef68*=0x4c, lpOverlapped=0x26f5ef0) returned 0 [0126.060] WSARecv (in: s=0x41c, lpBuffers=0x1c32f1b0, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f1ac, lpFlags=0x1c32f1a8*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f1b0*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f1ac*=0x0, lpFlags=0x1c32f1a8*=0x0, lpOverlapped=0x26f5e78) returned 0 [0126.398] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0x0, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0126.497] WSASend (in: s=0x41c, lpBuffers=0x1c32ef00*=((len=0xc, buf=0x12721167*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c32eef8, dwFlags=0x0, lpOverlapped=0x26f5ef0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c32eef8*=0xc, lpOverlapped=0x26f5ef0) returned 0 [0126.497] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0x0, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0126.826] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\catalog.dat", nBufferLength=0x105, lpBuffer=0x1c32e7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\catalog.dat", lpFilePart=0x0) returned 0x56 [0126.826] SetErrorMode (uMode=0x1) returned 0x0 [0126.826] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\catalog.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\catalog.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x488 [0126.827] GetFileType (hFile=0x488) returned 0x1 [0126.828] SetErrorMode (uMode=0x0) returned 0x1 [0126.828] GetFileType (hFile=0x488) returned 0x1 [0126.828] WriteFile (in: hFile=0x488, lpBuffer=0x25ae4d0*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x1c32ec88, lpOverlapped=0x0 | out: lpBuffer=0x25ae4d0*, lpNumberOfBytesWritten=0x1c32ec88*=0xa0, lpOverlapped=0x0) returned 1 [0126.829] CloseHandle (hObject=0x488) returned 1 [0126.831] WSASend (in: s=0x41c, lpBuffers=0x1c32edf0*=((len=0x94, buf=0x12721167*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c32ede8, dwFlags=0x0, lpOverlapped=0x26f5ef0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c32ede8*=0x94, lpOverlapped=0x26f5ef0) returned 0 [0126.832] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0x0, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0127.024] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0x2da0, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0127.025] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0x0, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0127.132] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0x5f78, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0127.132] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0x0, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0127.261] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0xa460, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0127.261] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0x0, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0127.396] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0xe78b, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0127.396] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0x0, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0127.521] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0xea9c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0127.522] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0x5b4, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0127.523] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0x0, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0127.648] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0xf53c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0127.649] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0x0, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0127.785] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0xef88, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0127.786] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0x0, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0127.837] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0x0, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0127.910] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0xef88, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0127.911] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0x0, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0127.972] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0x0, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0128.048] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0x9f4c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0128.049] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0x0, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0128.055] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0x4fd8, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0128.056] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0x0, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0128.103] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0x0, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0128.157] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0x16d0, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0128.157] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0x0, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0128.180] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0x7d78, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0128.180] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0x0, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0128.185] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0x4a24, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0128.186] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0x0, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0128.232] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0x0, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0128.282] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0x13e0, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0128.283] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0x0, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0128.826] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\storage.dat", nBufferLength=0x105, lpBuffer=0x1c32e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\storage.dat", lpFilePart=0x0) returned 0x56 [0128.826] SetErrorMode (uMode=0x1) returned 0x0 [0128.826] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\storage.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\storage.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x488 [0128.828] GetFileType (hFile=0x488) returned 0x1 [0128.828] SetErrorMode (uMode=0x0) returned 0x1 [0128.828] GetFileType (hFile=0x488) returned 0x1 [0128.828] WriteFile (in: hFile=0x488, lpBuffer=0x12d67638*, nNumberOfBytesToWrite=0x93418, lpNumberOfBytesWritten=0x1c32ee38, lpOverlapped=0x0 | out: lpBuffer=0x12d67638*, lpNumberOfBytesWritten=0x1c32ee38*=0x93418, lpOverlapped=0x0) returned 1 [0128.841] CloseHandle (hObject=0x488) returned 1 [0128.861] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc200, lpName=0x0) returned 0x488 [0129.084] GetLastInputInfo (in: plii=0x1c32e3e0 | out: plii=0x1c32e3e0*(cbSize=0x8, dwTime=0x18d7033)) returned 1 [0129.098] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc800, lpName=0x0) returned 0x488 [0131.382] CoTaskMemAlloc (cb=0xe) returned 0x1b3cd930 [0131.382] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x7ffa15160000 [0131.383] CoTaskMemFree (pv=0x1b3cd930) [0131.451] CoTaskMemAlloc (cb=0x10) returned 0x1b3cd970 [0131.451] GetProcAddress (hModule=0x7ffa15160000, lpProcName="IsWow64Process") returned 0x7ffa15184850 [0131.451] CoTaskMemFree (pv=0x1b3cd970) [0131.584] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5a00, lpName=0x0) returned 0x490 [0131.636] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xe400, lpName=0x0) returned 0x490 [0132.042] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x9200, lpName=0x0) returned 0x490 [0132.097] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x28600, lpName=0x0) returned 0x490 [0132.187] SetProcessDPIAware () returned 1 [0132.189] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xe400, lpName=0x0) returned 0x490 [0133.112] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x89a00, lpName=0x0) returned 0x490 [0135.037] WSARecv (in: s=0x41c, lpBuffers=0x1c32f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32f23c, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32f240*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32f23c*=0xc, lpFlags=0x1c32f238*=0x0, lpOverlapped=0x26f5e78) returned 0 [0135.038] WSASend (in: s=0x41c, lpBuffers=0x1c32e910*=((len=0xc, buf=0x12721167*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c32e908, dwFlags=0x0, lpOverlapped=0x26f5ef0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c32e908*=0xc, lpOverlapped=0x26f5ef0) returned 0 [0135.039] WSARecv (in: s=0x41c, lpBuffers=0x1c32e9a0, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c32e99c, lpFlags=0x1c32e998*=0x0, lpOverlapped=0x26f5e78, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c32e9a0*=((len=0xffff, buf=0x12711168*)), lpNumberOfBytesRecvd=0x1c32e99c*=0x0, lpFlags=0x1c32e998*=0x0, lpOverlapped=0x26f5e78) returned 0 [0136.571] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe", nBufferLength=0x105, lpBuffer=0x1c32df80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3c0512176cbca3ce1b0abc5f505a3abbcd39909c20095d995f019197f42439d3.exe", lpFilePart=0x0) returned 0x62 Process: id = "2" image_name = "agpsvc.exe" filename = "c:\\program files\\agp service\\agpsvc.exe" page_root = "0xc7ab000" os_pid = "0x8cc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "autostart" parent_id = "0" os_parent_pid = "0x64c" cmd_line = "\"C:\\Program Files\\AGP Service\\agpsvc.exe\" " cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00011f3b" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1334 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1335 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1336 start_va = 0x50000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1337 start_va = 0x150000 end_va = 0x153fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 1338 start_va = 0x160000 end_va = 0x161fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 1339 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1340 start_va = 0x400000 end_va = 0x433fff monitored = 1 entry_point = 0x41e792 region_type = mapped_file name = "agpsvc.exe" filename = "\\Program Files\\AGP Service\\agpsvc.exe" (normalized: "c:\\program files\\agp service\\agpsvc.exe") Region: id = 1341 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1342 start_va = 0x7ff5fffd0000 end_va = 0x7ff5ffff2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffd0000" filename = "" Region: id = 1343 start_va = 0x7ffb8a4a0000 end_va = 0x7ffb8a660fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1481 start_va = 0x440000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 1482 start_va = 0x7ffb84a50000 end_va = 0x7ffb84ab7fff monitored = 1 entry_point = 0x7ffb84a54970 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll") Region: id = 1483 start_va = 0x7ffb8a1b0000 end_va = 0x7ffb8a25cfff monitored = 0 entry_point = 0x7ffb8a1c81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1484 start_va = 0x7ffb87210000 end_va = 0x7ffb873f7fff monitored = 0 entry_point = 0x7ffb8723ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1485 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1486 start_va = 0x7ff5ffed0000 end_va = 0x7ff5fffcffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5ffed0000" filename = "" Region: id = 1487 start_va = 0x440000 end_va = 0x4fdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1488 start_va = 0x5a0000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 1489 start_va = 0x6a0000 end_va = 0x84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 1490 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1491 start_va = 0x7ffb84930000 end_va = 0x7ffb849a8fff monitored = 0 entry_point = 0x7ffb8494fb90 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 1492 start_va = 0x7ff5ffe50000 end_va = 0x7ff5ffecdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Region: id = 1493 start_va = 0x7ffb88760000 end_va = 0x7ffb88806fff monitored = 0 entry_point = 0x7ffb887758d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1494 start_va = 0x7ffb88650000 end_va = 0x7ffb886ecfff monitored = 0 entry_point = 0x7ffb886578a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1495 start_va = 0x6a0000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 1496 start_va = 0x840000 end_va = 0x84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 1497 start_va = 0x7ffb8a370000 end_va = 0x7ffb8a3cafff monitored = 0 entry_point = 0x7ffb8a3838b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1498 start_va = 0x170000 end_va = 0x176fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 1499 start_va = 0x7ffb88970000 end_va = 0x7ffb88a8bfff monitored = 0 entry_point = 0x7ffb889b02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1500 start_va = 0x850000 end_va = 0x92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000850000" filename = "" Region: id = 1501 start_va = 0x180000 end_va = 0x186fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 1502 start_va = 0x7ffb849b0000 end_va = 0x7ffb84a4cfff monitored = 1 entry_point = 0x7ffb849b1010 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll") Region: id = 1503 start_va = 0x7ffb885b0000 end_va = 0x7ffb88601fff monitored = 0 entry_point = 0x7ffb885bf530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1504 start_va = 0x7ffb87f60000 end_va = 0x7ffb881dcfff monitored = 0 entry_point = 0x7ffb88034970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1505 start_va = 0x7ffb87660000 end_va = 0x7ffb876c9fff monitored = 0 entry_point = 0x7ffb87696d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1506 start_va = 0x7ffb88420000 end_va = 0x7ffb885a5fff monitored = 0 entry_point = 0x7ffb8846ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1507 start_va = 0x7ffb88810000 end_va = 0x7ffb88965fff monitored = 0 entry_point = 0x7ffb8881a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1508 start_va = 0x190000 end_va = 0x1c8fff monitored = 0 entry_point = 0x1912f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1509 start_va = 0x930000 end_va = 0xab7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000930000" filename = "" Region: id = 1510 start_va = 0x7ffb88610000 end_va = 0x7ffb8864afff monitored = 0 entry_point = 0x7ffb886112f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1511 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 1512 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 1513 start_va = 0xac0000 end_va = 0xc40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ac0000" filename = "" Region: id = 1514 start_va = 0xc50000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c50000" filename = "" Region: id = 1515 start_va = 0x1b0000 end_va = 0x1ddfff monitored = 1 entry_point = 0x1ce792 region_type = mapped_file name = "agpsvc.exe" filename = "\\Program Files\\AGP Service\\agpsvc.exe" (normalized: "c:\\program files\\agp service\\agpsvc.exe") Region: id = 1516 start_va = 0x7ffb86b30000 end_va = 0x7ffb86b3efff monitored = 0 entry_point = 0x7ffb86b33210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1517 start_va = 0x7ffb75bc0000 end_va = 0x7ffb75bc9fff monitored = 0 entry_point = 0x7ffb75bc1350 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1518 start_va = 0x2050000 end_va = 0x216ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 1519 start_va = 0x7ffb732e0000 end_va = 0x7ffb73c7ffff monitored = 1 entry_point = 0x7ffb73721c20 region_type = mapped_file name = "mscorwks.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorwks.dll") Region: id = 1520 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1521 start_va = 0x53370000 end_va = 0x53438fff monitored = 0 entry_point = 0x53372df0 region_type = mapped_file name = "msvcr80.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9193_none_88e4514b2faac6c7\\msvcr80.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9193_none_88e4514b2faac6c7\\msvcr80.dll") Region: id = 1522 start_va = 0x2170000 end_va = 0x234ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002170000" filename = "" Region: id = 1523 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1524 start_va = 0x1d0000 end_va = 0x1d2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 1525 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1526 start_va = 0x500000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 1527 start_va = 0x7ffb13b90000 end_va = 0x7ffb13b9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13b90000" filename = "" Region: id = 1528 start_va = 0x7ffb13ba0000 end_va = 0x7ffb13baffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13ba0000" filename = "" Region: id = 1529 start_va = 0x7ffb13bb0000 end_va = 0x7ffb13c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13bb0000" filename = "" Region: id = 1530 start_va = 0x7ffb13c50000 end_va = 0x7ffb13c5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13c50000" filename = "" Region: id = 1531 start_va = 0x7ffb13c60000 end_va = 0x7ffb13ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13c60000" filename = "" Region: id = 1532 start_va = 0x2050000 end_va = 0x214ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 1533 start_va = 0x2160000 end_va = 0x216ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 1534 start_va = 0x7ffb88bf0000 end_va = 0x7ffb8a14efff monitored = 0 entry_point = 0x7ffb88d511f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1535 start_va = 0x7ffb871c0000 end_va = 0x7ffb87202fff monitored = 0 entry_point = 0x7ffb871d4b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1536 start_va = 0x7ffb86b70000 end_va = 0x7ffb871b3fff monitored = 0 entry_point = 0x7ffb86d364b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 1537 start_va = 0x7ffb87490000 end_va = 0x7ffb87544fff monitored = 0 entry_point = 0x7ffb874d22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 1538 start_va = 0x7ffb86ae0000 end_va = 0x7ffb86b2afff monitored = 0 entry_point = 0x7ffb86ae35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1539 start_va = 0x7ffb86ac0000 end_va = 0x7ffb86ad3fff monitored = 0 entry_point = 0x7ffb86ac52e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1540 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1541 start_va = 0x2350000 end_va = 0x2686fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1542 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 1543 start_va = 0x2690000 end_va = 0x1a68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002690000" filename = "" Region: id = 1544 start_va = 0x1a690000 end_va = 0x1ad5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a690000" filename = "" Region: id = 1545 start_va = 0x2170000 end_va = 0x2276fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002170000" filename = "" Region: id = 1546 start_va = 0x2340000 end_va = 0x234ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002340000" filename = "" Region: id = 1547 start_va = 0x1ad60000 end_va = 0x1ae5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad60000" filename = "" Region: id = 1548 start_va = 0x7ffb72400000 end_va = 0x7ffb732ddfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\mscorlib\\00976757a0c560c95932437bdc9d474f\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\mscorlib\\00976757a0c560c95932437bdc9d474f\\mscorlib.ni.dll") Region: id = 1549 start_va = 0x7ffb88240000 end_va = 0x7ffb88382fff monitored = 0 entry_point = 0x7ffb88268210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1550 start_va = 0x850000 end_va = 0x90ffff monitored = 0 entry_point = 0x870da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1551 start_va = 0x920000 end_va = 0x92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 1552 start_va = 0x1ae60000 end_va = 0x1af3cfff monitored = 0 entry_point = 0x1aebe0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 1553 start_va = 0x7ffb85440000 end_va = 0x7ffb854d5fff monitored = 0 entry_point = 0x7ffb85465570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1554 start_va = 0x1ae60000 end_va = 0x1af8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae60000" filename = "" Region: id = 1555 start_va = 0x7ff5ffe40000 end_va = 0x7ff5ffecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff5ffe40000" filename = "" Region: id = 1556 start_va = 0x7ff5ffe30000 end_va = 0x7ff5ffe3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff5ffe30000" filename = "" Region: id = 1557 start_va = 0x520000 end_va = 0x522fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "l_intl.nls" filename = "\\Windows\\System32\\l_intl.nls" (normalized: "c:\\windows\\system32\\l_intl.nls") Region: id = 1558 start_va = 0x7ffb13cd0000 end_va = 0x7ffb13cdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13cd0000" filename = "" Region: id = 1559 start_va = 0x530000 end_va = 0x55dfff monitored = 1 entry_point = 0x54e792 region_type = mapped_file name = "agpsvc.exe" filename = "\\Program Files\\AGP Service\\agpsvc.exe" (normalized: "c:\\program files\\agp service\\agpsvc.exe") Region: id = 1560 start_va = 0x1af90000 end_va = 0x1b45dfff monitored = 0 entry_point = 0x1b40c76e region_type = mapped_file name = "system.windows.forms.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.windows.forms\\2.0.0.0__b77a5c561934e089\\system.windows.forms.dll") Region: id = 1561 start_va = 0x7ffb13ce0000 end_va = 0x7ffb13d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13ce0000" filename = "" Region: id = 1562 start_va = 0x7ffb13d50000 end_va = 0x7ffb13d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13d50000" filename = "" Region: id = 1563 start_va = 0x7ffb13d60000 end_va = 0x7ffb13d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13d60000" filename = "" Region: id = 1564 start_va = 0x7afd0000 end_va = 0x7b49dfff monitored = 0 entry_point = 0x7b44c76e region_type = mapped_file name = "system.windows.forms.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.windows.forms\\2.0.0.0__b77a5c561934e089\\system.windows.forms.dll") Region: id = 1565 start_va = 0x7ffb719d0000 end_va = 0x7ffb723fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System\\21161602d61e696b127fa8412fba51a5\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system\\21161602d61e696b127fa8412fba51a5\\system.ni.dll") Region: id = 1566 start_va = 0x7a0000 end_va = 0x83bfff monitored = 0 entry_point = 0x82921e region_type = mapped_file name = "system.drawing.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Drawing\\2.0.0.0__b03f5f7f11d50a3a\\System.Drawing.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.drawing\\2.0.0.0__b03f5f7f11d50a3a\\system.drawing.dll") Region: id = 1567 start_va = 0x7ffb13d70000 end_va = 0x7ffb13d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13d70000" filename = "" Region: id = 1568 start_va = 0x7ade0000 end_va = 0x7ae7bfff monitored = 0 entry_point = 0x7ae6921e region_type = mapped_file name = "system.drawing.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Drawing\\2.0.0.0__b03f5f7f11d50a3a\\System.Drawing.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.drawing\\2.0.0.0__b03f5f7f11d50a3a\\system.drawing.dll") Region: id = 1569 start_va = 0x7ffb13d90000 end_va = 0x7ffb13d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13d90000" filename = "" Region: id = 1570 start_va = 0x7ffb13da0000 end_va = 0x7ffb13daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13da0000" filename = "" Region: id = 1571 start_va = 0x1ae60000 end_va = 0x1af5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae60000" filename = "" Region: id = 1572 start_va = 0x1af80000 end_va = 0x1af8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af80000" filename = "" Region: id = 1573 start_va = 0x7ffb74150000 end_va = 0x7ffb742d2fff monitored = 1 entry_point = 0x7ffb74235f10 region_type = mapped_file name = "mscorjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorjit.dll") Region: id = 1574 start_va = 0x530000 end_va = 0x530fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 1575 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1576 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1577 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1578 start_va = 0x7ffb13db0000 end_va = 0x7ffb13deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13db0000" filename = "" Region: id = 1579 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1580 start_va = 0x850000 end_va = 0x8f5fff monitored = 0 entry_point = 0x8de14e region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.visualbasic\\8.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 1581 start_va = 0x7ffb13df0000 end_va = 0x7ffb13dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13df0000" filename = "" Region: id = 1582 start_va = 0x5e430000 end_va = 0x5e4d5fff monitored = 0 entry_point = 0x5e4be14e region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.visualbasic\\8.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 1583 start_va = 0x7ffb13e00000 end_va = 0x7ffb13e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13e00000" filename = "" Region: id = 1584 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1585 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 1586 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 1587 start_va = 0x910000 end_va = 0x91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000910000" filename = "" Region: id = 1588 start_va = 0x2150000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 1589 start_va = 0x910000 end_va = 0x91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000910000" filename = "" Region: id = 1590 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 1591 start_va = 0x2290000 end_va = 0x229ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002290000" filename = "" Region: id = 1592 start_va = 0x22a0000 end_va = 0x22affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 1593 start_va = 0x22b0000 end_va = 0x22bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 1594 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 1595 start_va = 0x22d0000 end_va = 0x22dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022d0000" filename = "" Region: id = 1596 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 1597 start_va = 0x22f0000 end_va = 0x22fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022f0000" filename = "" Region: id = 1598 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 1599 start_va = 0x7ffb13e10000 end_va = 0x7ffb13e1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13e10000" filename = "" Region: id = 1600 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1601 start_va = 0x910000 end_va = 0x91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000910000" filename = "" Region: id = 1602 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 1603 start_va = 0x2290000 end_va = 0x229ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002290000" filename = "" Region: id = 1604 start_va = 0x22a0000 end_va = 0x22affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 1605 start_va = 0x22b0000 end_va = 0x22bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 1606 start_va = 0x22d0000 end_va = 0x22dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022d0000" filename = "" Region: id = 1607 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 1608 start_va = 0x22f0000 end_va = 0x22fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022f0000" filename = "" Region: id = 1609 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 1610 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 1611 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1612 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 1613 start_va = 0x910000 end_va = 0x91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000910000" filename = "" Region: id = 1614 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1615 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1616 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1617 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 1618 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1619 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1620 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 1621 start_va = 0x2290000 end_va = 0x229ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002290000" filename = "" Region: id = 1622 start_va = 0x22a0000 end_va = 0x22affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 1623 start_va = 0x22b0000 end_va = 0x22bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 1624 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1625 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1626 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 1627 start_va = 0x2290000 end_va = 0x229ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002290000" filename = "" Region: id = 1628 start_va = 0x22a0000 end_va = 0x22affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 1629 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1630 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1631 start_va = 0x2290000 end_va = 0x229ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002290000" filename = "" Region: id = 1632 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1633 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1634 start_va = 0x7ffb13e20000 end_va = 0x7ffb13e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13e20000" filename = "" Region: id = 1635 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1636 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1637 start_va = 0x2290000 end_va = 0x229ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002290000" filename = "" Region: id = 1638 start_va = 0x22a0000 end_va = 0x22affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 1639 start_va = 0x22b0000 end_va = 0x22bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 1640 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 1641 start_va = 0x22d0000 end_va = 0x22dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022d0000" filename = "" Region: id = 1642 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 1643 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 1644 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 1645 start_va = 0x2150000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 1646 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1647 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 1648 start_va = 0x2150000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 1649 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1650 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 1651 start_va = 0x910000 end_va = 0x91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000910000" filename = "" Region: id = 1652 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 1653 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1654 start_va = 0x910000 end_va = 0x91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000910000" filename = "" Region: id = 1655 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 1656 start_va = 0x2290000 end_va = 0x229ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002290000" filename = "" Region: id = 1657 start_va = 0x22a0000 end_va = 0x22affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 1658 start_va = 0x22b0000 end_va = 0x22bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 1659 start_va = 0x22d0000 end_va = 0x22dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022d0000" filename = "" Region: id = 1660 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1661 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1662 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 1663 start_va = 0x2290000 end_va = 0x229ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002290000" filename = "" Region: id = 1664 start_va = 0x2280000 end_va = 0x2290fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002280000" filename = "" Region: id = 1665 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 1666 start_va = 0x22a0000 end_va = 0x22affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 1667 start_va = 0x22b0000 end_va = 0x22bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 1668 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1669 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1670 start_va = 0x22a0000 end_va = 0x22affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 1671 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 1672 start_va = 0x22d0000 end_va = 0x22dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022d0000" filename = "" Region: id = 1673 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 1674 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1675 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 1676 start_va = 0x22a0000 end_va = 0x22affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 1677 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 1678 start_va = 0x22d0000 end_va = 0x22dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022d0000" filename = "" Region: id = 1679 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 1680 start_va = 0x22f0000 end_va = 0x22fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022f0000" filename = "" Region: id = 1681 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 1682 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 1683 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 1684 start_va = 0x2330000 end_va = 0x233ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 1685 start_va = 0x1af60000 end_va = 0x1af6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af60000" filename = "" Region: id = 1686 start_va = 0x1af70000 end_va = 0x1af7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 1687 start_va = 0x1b460000 end_va = 0x1b46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b460000" filename = "" Region: id = 1688 start_va = 0x1b470000 end_va = 0x1b47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b470000" filename = "" Region: id = 1689 start_va = 0x1b480000 end_va = 0x1b48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b480000" filename = "" Region: id = 1690 start_va = 0x1b490000 end_va = 0x1b49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b490000" filename = "" Region: id = 1691 start_va = 0x7ffb84380000 end_va = 0x7ffb843a1fff monitored = 0 entry_point = 0x7ffb84381a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 1692 start_va = 0x540000 end_va = 0x547fff monitored = 0 entry_point = 0x543fae region_type = mapped_file name = "accessibility.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Accessibility\\2.0.0.0__b03f5f7f11d50a3a\\Accessibility.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\accessibility\\2.0.0.0__b03f5f7f11d50a3a\\accessibility.dll") Region: id = 1693 start_va = 0x7ffb13e30000 end_va = 0x7ffb13e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13e30000" filename = "" Region: id = 1694 start_va = 0x60000000 end_va = 0x60007fff monitored = 0 entry_point = 0x60003fae region_type = mapped_file name = "accessibility.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Accessibility\\2.0.0.0__b03f5f7f11d50a3a\\Accessibility.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\accessibility\\2.0.0.0__b03f5f7f11d50a3a\\accessibility.dll") Region: id = 1695 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1696 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 1697 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 1698 start_va = 0x2150000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 1699 start_va = 0x22a0000 end_va = 0x22affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 1700 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 1701 start_va = 0x22d0000 end_va = 0x22dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022d0000" filename = "" Region: id = 1702 start_va = 0x590000 end_va = 0x590fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1703 start_va = 0x590000 end_va = 0x591fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1704 start_va = 0x7ffb13e40000 end_va = 0x7ffb13e4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13e40000" filename = "" Region: id = 1705 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 1706 start_va = 0x910000 end_va = 0x91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000910000" filename = "" Region: id = 1707 start_va = 0x2150000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 1708 start_va = 0x22a0000 end_va = 0x22affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 1709 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 1710 start_va = 0x22d0000 end_va = 0x22dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022d0000" filename = "" Region: id = 1711 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1712 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1713 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1714 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 1715 start_va = 0x2150000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 1716 start_va = 0x2150000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 1717 start_va = 0x22a0000 end_va = 0x22affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 1718 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 1719 start_va = 0x22d0000 end_va = 0x22dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022d0000" filename = "" Region: id = 1720 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 1721 start_va = 0x22f0000 end_va = 0x22fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022f0000" filename = "" Region: id = 1722 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 1723 start_va = 0x7ffb88a90000 end_va = 0x7ffb88be9fff monitored = 0 entry_point = 0x7ffb88ad38e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1724 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1725 start_va = 0x550000 end_va = 0x550fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1726 start_va = 0x1b460000 end_va = 0x1b51bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001b460000" filename = "" Region: id = 1727 start_va = 0x550000 end_va = 0x553fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1728 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 1729 start_va = 0x22a0000 end_va = 0x22affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 1730 start_va = 0x22d0000 end_va = 0x22dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022d0000" filename = "" Region: id = 1731 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 1732 start_va = 0x22f0000 end_va = 0x22fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022f0000" filename = "" Region: id = 1733 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 1734 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 1735 start_va = 0x570000 end_va = 0x576fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1736 start_va = 0x22a0000 end_va = 0x22a6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 1737 start_va = 0x22d0000 end_va = 0x22d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000022d0000" filename = "" Region: id = 1738 start_va = 0x22f0000 end_va = 0x22f4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 1739 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 1740 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 1741 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 1742 start_va = 0x2330000 end_va = 0x233ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 1743 start_va = 0x1af60000 end_va = 0x1af6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af60000" filename = "" Region: id = 1744 start_va = 0x1af70000 end_va = 0x1af7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 1745 start_va = 0x1b520000 end_va = 0x1b52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b520000" filename = "" Region: id = 1746 start_va = 0x1b530000 end_va = 0x1b53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b530000" filename = "" Region: id = 1747 start_va = 0x1b540000 end_va = 0x1b54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b540000" filename = "" Region: id = 1748 start_va = 0x1b550000 end_va = 0x1b55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b550000" filename = "" Region: id = 1749 start_va = 0x1b560000 end_va = 0x1b56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b560000" filename = "" Region: id = 1750 start_va = 0x22b0000 end_va = 0x22bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 1751 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1752 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 1753 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 1754 start_va = 0x2330000 end_va = 0x233ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 1755 start_va = 0x1af60000 end_va = 0x1af6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af60000" filename = "" Region: id = 1756 start_va = 0x560000 end_va = 0x564fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 1757 start_va = 0x7ffb13e50000 end_va = 0x7ffb13e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13e50000" filename = "" Region: id = 1758 start_va = 0x7ffb13e60000 end_va = 0x7ffb13e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13e60000" filename = "" Region: id = 1759 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1760 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 1761 start_va = 0x7ffb13e70000 end_va = 0x7ffb13e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13e70000" filename = "" Region: id = 1762 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1763 start_va = 0x910000 end_va = 0x91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000910000" filename = "" Region: id = 1764 start_va = 0x2330000 end_va = 0x233ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 1765 start_va = 0x1af60000 end_va = 0x1af6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af60000" filename = "" Region: id = 1766 start_va = 0x1af70000 end_va = 0x1af7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 1767 start_va = 0x1b520000 end_va = 0x1b52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b520000" filename = "" Region: id = 1768 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 1769 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 1770 start_va = 0x2330000 end_va = 0x233ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 1771 start_va = 0x1af60000 end_va = 0x1af6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af60000" filename = "" Region: id = 1772 start_va = 0x1af70000 end_va = 0x1af7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 1773 start_va = 0x1b520000 end_va = 0x1b52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b520000" filename = "" Region: id = 1774 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1775 start_va = 0x2150000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 1776 start_va = 0x7ffb13e80000 end_va = 0x7ffb13e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13e80000" filename = "" Region: id = 1777 start_va = 0x7ffb864a0000 end_va = 0x7ffb864b6fff monitored = 0 entry_point = 0x7ffb864a79d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1778 start_va = 0x7ffb86130000 end_va = 0x7ffb86163fff monitored = 0 entry_point = 0x7ffb8614ae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1779 start_va = 0x7ffb86950000 end_va = 0x7ffb86978fff monitored = 0 entry_point = 0x7ffb86964530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1780 start_va = 0x7ffb865c0000 end_va = 0x7ffb865cafff monitored = 0 entry_point = 0x7ffb865c19a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1781 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1782 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 1783 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 1784 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 1785 start_va = 0x2150000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 1786 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 1787 start_va = 0x2330000 end_va = 0x233ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 1788 start_va = 0x1af60000 end_va = 0x1af6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af60000" filename = "" Region: id = 1789 start_va = 0x1af70000 end_va = 0x1af7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 1790 start_va = 0x1b520000 end_va = 0x1b52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b520000" filename = "" Region: id = 1791 start_va = 0x1b530000 end_va = 0x1b53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b530000" filename = "" Region: id = 1792 start_va = 0x1b540000 end_va = 0x1b54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b540000" filename = "" Region: id = 1793 start_va = 0x1b550000 end_va = 0x1b55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b550000" filename = "" Region: id = 1794 start_va = 0x1b560000 end_va = 0x1b56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b560000" filename = "" Region: id = 1795 start_va = 0x1b570000 end_va = 0x1b57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b570000" filename = "" Region: id = 1796 start_va = 0x1b580000 end_va = 0x1b58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b580000" filename = "" Region: id = 1797 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 1798 start_va = 0x910000 end_va = 0x91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000910000" filename = "" Region: id = 1799 start_va = 0x910000 end_va = 0x91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000910000" filename = "" Region: id = 1800 start_va = 0x2150000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 1801 start_va = 0x22b0000 end_va = 0x22bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 1802 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 1803 start_va = 0x2330000 end_va = 0x233ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 1804 start_va = 0x1af60000 end_va = 0x1af6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af60000" filename = "" Region: id = 1805 start_va = 0x1af70000 end_va = 0x1af7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 1806 start_va = 0x1b520000 end_va = 0x1b52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b520000" filename = "" Region: id = 1807 start_va = 0x1b530000 end_va = 0x1b53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b530000" filename = "" Region: id = 1808 start_va = 0x1b550000 end_va = 0x1b55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b550000" filename = "" Region: id = 1809 start_va = 0x1b560000 end_va = 0x1b56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b560000" filename = "" Region: id = 1810 start_va = 0x1b570000 end_va = 0x1b57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b570000" filename = "" Region: id = 1811 start_va = 0x1b580000 end_va = 0x1b58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b580000" filename = "" Region: id = 1812 start_va = 0x1b590000 end_va = 0x1b59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b590000" filename = "" Region: id = 1813 start_va = 0x1b5a0000 end_va = 0x1b5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b5a0000" filename = "" Region: id = 1814 start_va = 0x1b5b0000 end_va = 0x1b5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b5b0000" filename = "" Region: id = 1815 start_va = 0x1b5c0000 end_va = 0x1b5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b5c0000" filename = "" Region: id = 1816 start_va = 0x1b5d0000 end_va = 0x1b5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b5d0000" filename = "" Region: id = 1817 start_va = 0x1b5e0000 end_va = 0x1b5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b5e0000" filename = "" Region: id = 1818 start_va = 0x1b5f0000 end_va = 0x1b5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b5f0000" filename = "" Region: id = 1819 start_va = 0x1b600000 end_va = 0x1b60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b600000" filename = "" Region: id = 1820 start_va = 0x22b0000 end_va = 0x22bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 1821 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 1822 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 1823 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 1824 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1825 start_va = 0x1b520000 end_va = 0x1b61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b520000" filename = "" Region: id = 1826 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 1827 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 1828 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 1829 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 1830 start_va = 0x2330000 end_va = 0x233ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 1831 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1832 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 1833 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 1834 start_va = 0x2330000 end_va = 0x233ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 1835 start_va = 0x1af60000 end_va = 0x1af6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af60000" filename = "" Region: id = 1836 start_va = 0x1af70000 end_va = 0x1af7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 1837 start_va = 0x7ffb853b0000 end_va = 0x7ffb853b6fff monitored = 0 entry_point = 0x7ffb853b12f0 region_type = mapped_file name = "shfolder.dll" filename = "\\Windows\\System32\\shfolder.dll" (normalized: "c:\\windows\\system32\\shfolder.dll") Region: id = 1838 start_va = 0x22b0000 end_va = 0x22bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 1839 start_va = 0x910000 end_va = 0x91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000910000" filename = "" Region: id = 1840 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 1841 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1842 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 1843 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 1844 start_va = 0x2330000 end_va = 0x233ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 1845 start_va = 0x1af60000 end_va = 0x1af6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af60000" filename = "" Region: id = 1846 start_va = 0x1af70000 end_va = 0x1af7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 1847 start_va = 0x910000 end_va = 0x914fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sorttbls.nlp" filename = "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp" (normalized: "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp") Region: id = 1848 start_va = 0x1b620000 end_va = 0x1b660fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortkey.nlp" filename = "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp" (normalized: "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp") Region: id = 1849 start_va = 0x1b670000 end_va = 0x1b869fff monitored = 0 entry_point = 0x1b8482be region_type = mapped_file name = "system.xml.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.XML.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.xml\\2.0.0.0__b77a5c561934e089\\system.xml.dll") Region: id = 1850 start_va = 0x7ffb13e90000 end_va = 0x7ffb13ebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13e90000" filename = "" Region: id = 1851 start_va = 0x637a0000 end_va = 0x63999fff monitored = 0 entry_point = 0x639782be region_type = mapped_file name = "system.xml.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.XML.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.xml\\2.0.0.0__b77a5c561934e089\\system.xml.dll") Region: id = 1852 start_va = 0x1b870000 end_va = 0x1b8dbfff monitored = 0 entry_point = 0x1b8ccd0e region_type = mapped_file name = "system.configuration.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.configuration.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.configuration\\2.0.0.0__b03f5f7f11d50a3a\\system.configuration.dll") Region: id = 1853 start_va = 0x7ffb13ec0000 end_va = 0x7ffb13ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13ec0000" filename = "" Region: id = 1854 start_va = 0x64890000 end_va = 0x648fbfff monitored = 0 entry_point = 0x648ecd0e region_type = mapped_file name = "system.configuration.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.configuration.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.configuration\\2.0.0.0__b03f5f7f11d50a3a\\system.configuration.dll") Region: id = 1855 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 1856 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 1857 start_va = 0x2330000 end_va = 0x233ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 1858 start_va = 0x1af60000 end_va = 0x1af6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af60000" filename = "" Region: id = 1859 start_va = 0x1af70000 end_va = 0x1af7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 1860 start_va = 0x1b8e0000 end_va = 0x1b8effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8e0000" filename = "" Region: id = 1861 start_va = 0x1b8f0000 end_va = 0x1b8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8f0000" filename = "" Region: id = 1862 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1863 start_va = 0x7ffb13ed0000 end_va = 0x7ffb13edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13ed0000" filename = "" Region: id = 1864 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1865 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 1866 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1867 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 1868 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 1869 start_va = 0x1af60000 end_va = 0x1af6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af60000" filename = "" Region: id = 1870 start_va = 0x1af70000 end_va = 0x1af7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 1871 start_va = 0x1b8e0000 end_va = 0x1b8effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8e0000" filename = "" Region: id = 1872 start_va = 0x1b8f0000 end_va = 0x1b8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8f0000" filename = "" Region: id = 1873 start_va = 0x1b900000 end_va = 0x1b90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b900000" filename = "" Region: id = 1874 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 1875 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 1876 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 1877 start_va = 0x1af60000 end_va = 0x1af6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af60000" filename = "" Region: id = 1878 start_va = 0x22b0000 end_va = 0x22bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 1879 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 1880 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 1881 start_va = 0x1af60000 end_va = 0x1af6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af60000" filename = "" Region: id = 1882 start_va = 0x1af70000 end_va = 0x1af7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 1883 start_va = 0x1b8e0000 end_va = 0x1b8effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8e0000" filename = "" Region: id = 1884 start_va = 0x1b8f0000 end_va = 0x1b8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8f0000" filename = "" Region: id = 1885 start_va = 0x1b900000 end_va = 0x1b90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b900000" filename = "" Region: id = 1886 start_va = 0x1b910000 end_va = 0x1b91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b910000" filename = "" Region: id = 1887 start_va = 0x1b920000 end_va = 0x1b92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b920000" filename = "" Region: id = 1888 start_va = 0x1b930000 end_va = 0x1b93ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b930000" filename = "" Region: id = 1889 start_va = 0x1b940000 end_va = 0x1b94ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b940000" filename = "" Region: id = 1890 start_va = 0x1b950000 end_va = 0x1b95ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b950000" filename = "" Region: id = 1891 start_va = 0x1b960000 end_va = 0x1b96ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b960000" filename = "" Region: id = 1892 start_va = 0x1b970000 end_va = 0x1b97ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b970000" filename = "" Region: id = 1893 start_va = 0x1b980000 end_va = 0x1b98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b980000" filename = "" Region: id = 1894 start_va = 0x1b990000 end_va = 0x1b99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b990000" filename = "" Region: id = 1895 start_va = 0x1b9a0000 end_va = 0x1b9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9a0000" filename = "" Region: id = 1896 start_va = 0x1b9b0000 end_va = 0x1b9bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9b0000" filename = "" Region: id = 1897 start_va = 0x1b9c0000 end_va = 0x1b9cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9c0000" filename = "" Region: id = 1898 start_va = 0x1b9d0000 end_va = 0x1b9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9d0000" filename = "" Region: id = 1899 start_va = 0x1b9e0000 end_va = 0x1b9effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9e0000" filename = "" Region: id = 1900 start_va = 0x1b9f0000 end_va = 0x1b9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9f0000" filename = "" Region: id = 1901 start_va = 0x1ba00000 end_va = 0x1ba0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ba00000" filename = "" Region: id = 1902 start_va = 0x1ba10000 end_va = 0x1ba1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ba10000" filename = "" Region: id = 1903 start_va = 0x1ba20000 end_va = 0x1ba2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ba20000" filename = "" Region: id = 1904 start_va = 0x7ffb13ee0000 end_va = 0x7ffb13eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13ee0000" filename = "" Region: id = 1905 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1906 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1907 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1908 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 1909 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 1910 start_va = 0x2150000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 1911 start_va = 0x22b0000 end_va = 0x22bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 1912 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 1913 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 1914 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 1915 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 1916 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 1917 start_va = 0x2330000 end_va = 0x233ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 1918 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 1919 start_va = 0x2150000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 1920 start_va = 0x22b0000 end_va = 0x22bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 1921 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 1922 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 1923 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 1924 start_va = 0x2330000 end_va = 0x233ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 1925 start_va = 0x1af60000 end_va = 0x1af6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af60000" filename = "" Region: id = 1926 start_va = 0x1af70000 end_va = 0x1af7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 1927 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1928 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 1929 start_va = 0x2150000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 1930 start_va = 0x22b0000 end_va = 0x22bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 1931 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 1932 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 1933 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 1934 start_va = 0x2150000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 1935 start_va = 0x22b0000 end_va = 0x22bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 1936 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 1937 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 1938 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 1939 start_va = 0x2150000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 1940 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 1941 start_va = 0x22b0000 end_va = 0x22bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 1942 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 1943 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 1944 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 1945 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 1946 start_va = 0x2330000 end_va = 0x233ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 1947 start_va = 0x1af60000 end_va = 0x1af6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af60000" filename = "" Region: id = 1948 start_va = 0x1af70000 end_va = 0x1af7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 1949 start_va = 0x1b8e0000 end_va = 0x1b8effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8e0000" filename = "" Region: id = 1950 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 1951 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 1952 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 1953 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 1954 start_va = 0x2330000 end_va = 0x233ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 1955 start_va = 0x1af60000 end_va = 0x1af6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af60000" filename = "" Region: id = 1956 start_va = 0x1af70000 end_va = 0x1af7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 1957 start_va = 0x1b8e0000 end_va = 0x1b8effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8e0000" filename = "" Region: id = 1958 start_va = 0x1b8f0000 end_va = 0x1b8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8f0000" filename = "" Region: id = 1959 start_va = 0x1b900000 end_va = 0x1b90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b900000" filename = "" Region: id = 1960 start_va = 0x1b910000 end_va = 0x1b91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b910000" filename = "" Region: id = 1961 start_va = 0x1b920000 end_va = 0x1b92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b920000" filename = "" Region: id = 1962 start_va = 0x1b930000 end_va = 0x1b93ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b930000" filename = "" Region: id = 1963 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1964 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 1965 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 1966 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 1967 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 1968 start_va = 0x2330000 end_va = 0x233ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 1969 start_va = 0x1af60000 end_va = 0x1af6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af60000" filename = "" Region: id = 1970 start_va = 0x1af70000 end_va = 0x1af7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 1971 start_va = 0x1b8f0000 end_va = 0x1b8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8f0000" filename = "" Region: id = 1972 start_va = 0x1b900000 end_va = 0x1b90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b900000" filename = "" Region: id = 1973 start_va = 0x1b910000 end_va = 0x1b91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b910000" filename = "" Region: id = 1974 start_va = 0x1b920000 end_va = 0x1b92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b920000" filename = "" Region: id = 1975 start_va = 0x1b930000 end_va = 0x1b93ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b930000" filename = "" Region: id = 1976 start_va = 0x1b940000 end_va = 0x1b94ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b940000" filename = "" Region: id = 1977 start_va = 0x1b950000 end_va = 0x1b95ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b950000" filename = "" Region: id = 1978 start_va = 0x1b960000 end_va = 0x1b96ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b960000" filename = "" Region: id = 1979 start_va = 0x1b970000 end_va = 0x1b97ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b970000" filename = "" Region: id = 1980 start_va = 0x1b980000 end_va = 0x1b98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b980000" filename = "" Region: id = 1981 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1982 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 1983 start_va = 0x2150000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 1984 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 1985 start_va = 0x1b9b0000 end_va = 0x1baaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9b0000" filename = "" Region: id = 1986 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1987 start_va = 0x2150000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 1988 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 1989 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 1990 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 1991 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 1992 start_va = 0x2330000 end_va = 0x233ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 1993 start_va = 0x1af60000 end_va = 0x1af6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af60000" filename = "" Region: id = 1994 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1995 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 1996 start_va = 0x7ffb853a0000 end_va = 0x7ffb853a9fff monitored = 1 entry_point = 0x7ffb853a4710 region_type = mapped_file name = "culture.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Culture.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\culture.dll") Region: id = 1997 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 1998 start_va = 0x1b940000 end_va = 0x1b993fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorrc.dll") Region: id = 1999 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2000 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2001 start_va = 0x22b0000 end_va = 0x22b4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000022b0000" filename = "" Region: id = 2002 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2003 start_va = 0x1bab0000 end_va = 0x1bbaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bab0000" filename = "" Region: id = 2004 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2005 start_va = 0x1bbb0000 end_va = 0x1bcaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bbb0000" filename = "" Region: id = 2006 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 2007 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 2008 start_va = 0x2330000 end_va = 0x233ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 2009 start_va = 0x1af60000 end_va = 0x1af6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af60000" filename = "" Region: id = 2010 start_va = 0x1af70000 end_va = 0x1af7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 2011 start_va = 0x1b8e0000 end_va = 0x1b8effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8e0000" filename = "" Region: id = 2012 start_va = 0x2320000 end_va = 0x2333fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002320000" filename = "" Region: id = 2013 start_va = 0x7ffb13ef0000 end_va = 0x7ffb13efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13ef0000" filename = "" Region: id = 2014 start_va = 0x1bcb0000 end_va = 0x1bd8ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 2015 start_va = 0x7ffb867a0000 end_va = 0x7ffb867ccfff monitored = 0 entry_point = 0x7ffb867b9d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2016 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 2017 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2018 start_va = 0x2150000 end_va = 0x2152fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002150000" filename = "" Region: id = 2019 start_va = 0x1af60000 end_va = 0x1af6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af60000" filename = "" Region: id = 2020 start_va = 0x1af70000 end_va = 0x1af7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 2021 start_va = 0x1b8e0000 end_va = 0x1b8effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8e0000" filename = "" Region: id = 2022 start_va = 0x1b8f0000 end_va = 0x1b8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8f0000" filename = "" Region: id = 2023 start_va = 0x1b910000 end_va = 0x1b91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b910000" filename = "" Region: id = 2024 start_va = 0x1b920000 end_va = 0x1b92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b920000" filename = "" Region: id = 2025 start_va = 0x1b930000 end_va = 0x1b93ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b930000" filename = "" Region: id = 2026 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 2027 start_va = 0x1af70000 end_va = 0x1af7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 2028 start_va = 0x1b8e0000 end_va = 0x1b8effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8e0000" filename = "" Region: id = 2029 start_va = 0x1b8f0000 end_va = 0x1b8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8f0000" filename = "" Region: id = 2030 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2031 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2032 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 2033 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2034 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 2035 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 2036 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 2037 start_va = 0x1af60000 end_va = 0x1af6cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001af60000" filename = "" Region: id = 2038 start_va = 0x7ffb13f00000 end_va = 0x7ffb13f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13f00000" filename = "" Region: id = 2039 start_va = 0x1af70000 end_va = 0x1af7cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001af70000" filename = "" Region: id = 2040 start_va = 0x7ffb13f10000 end_va = 0x7ffb13f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13f10000" filename = "" Region: id = 2041 start_va = 0x1b8e0000 end_va = 0x1b8e5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001b8e0000" filename = "" Region: id = 2042 start_va = 0x1b8f0000 end_va = 0x1b8fefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001b8f0000" filename = "" Region: id = 2043 start_va = 0x1bd90000 end_va = 0x1be8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bd90000" filename = "" Region: id = 2044 start_va = 0x7ffb13f20000 end_va = 0x7ffb13f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13f20000" filename = "" Region: id = 2045 start_va = 0x1b900000 end_va = 0x1b909fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001b900000" filename = "" Region: id = 2046 start_va = 0x7ffb13f30000 end_va = 0x7ffb13f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13f30000" filename = "" Region: id = 2047 start_va = 0x1b910000 end_va = 0x1b938fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001b910000" filename = "" Region: id = 2048 start_va = 0x1b9a0000 end_va = 0x1b9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9a0000" filename = "" Region: id = 2049 start_va = 0x1be90000 end_va = 0x1be9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001be90000" filename = "" Region: id = 2050 start_va = 0x1bea0000 end_va = 0x1beaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bea0000" filename = "" Region: id = 2051 start_va = 0x580000 end_va = 0x58efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 2052 start_va = 0x7ffb13f40000 end_va = 0x7ffb13f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13f40000" filename = "" Region: id = 2053 start_va = 0x7ffb13f50000 end_va = 0x7ffb13f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13f50000" filename = "" Region: id = 2054 start_va = 0x1beb0000 end_va = 0x1bf39fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001beb0000" filename = "" Region: id = 2055 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 2056 start_va = 0x1bf40000 end_va = 0x1bf4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf40000" filename = "" Region: id = 2057 start_va = 0x1bf50000 end_va = 0x1bf5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf50000" filename = "" Region: id = 2058 start_va = 0x1bf60000 end_va = 0x1bf6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf60000" filename = "" Region: id = 2059 start_va = 0x1bf70000 end_va = 0x1bf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf70000" filename = "" Region: id = 2060 start_va = 0x7ffb13f60000 end_va = 0x7ffb13f6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13f60000" filename = "" Region: id = 2061 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2062 start_va = 0x7ffb87f50000 end_va = 0x7ffb87f57fff monitored = 0 entry_point = 0x7ffb87f510b0 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 2063 start_va = 0x7ffb13f70000 end_va = 0x7ffb13faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13f70000" filename = "" Region: id = 2064 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2065 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 2066 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 2067 start_va = 0x1be90000 end_va = 0x1be9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001be90000" filename = "" Region: id = 2068 start_va = 0x1bf60000 end_va = 0x1bf6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf60000" filename = "" Region: id = 2069 start_va = 0x1bf80000 end_va = 0x1bf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf80000" filename = "" Region: id = 2070 start_va = 0x1bf90000 end_va = 0x1bf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf90000" filename = "" Region: id = 2071 start_va = 0x1bfa0000 end_va = 0x1bfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfa0000" filename = "" Region: id = 2072 start_va = 0x1bfb0000 end_va = 0x1bfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfb0000" filename = "" Region: id = 2073 start_va = 0x1bfc0000 end_va = 0x1bfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfc0000" filename = "" Region: id = 2074 start_va = 0x1bfd0000 end_va = 0x1bfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfd0000" filename = "" Region: id = 2075 start_va = 0x1bfe0000 end_va = 0x1bfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfe0000" filename = "" Region: id = 2076 start_va = 0x1bff0000 end_va = 0x1bffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bff0000" filename = "" Region: id = 2077 start_va = 0x1c000000 end_va = 0x1c00ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c000000" filename = "" Region: id = 2078 start_va = 0x1c010000 end_va = 0x1c01ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c010000" filename = "" Region: id = 2079 start_va = 0x1c020000 end_va = 0x1c02ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c020000" filename = "" Region: id = 2080 start_va = 0x1c030000 end_va = 0x1c03ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c030000" filename = "" Region: id = 2081 start_va = 0x1c040000 end_va = 0x1c04ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c040000" filename = "" Region: id = 2082 start_va = 0x1c050000 end_va = 0x1c05ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c050000" filename = "" Region: id = 2083 start_va = 0x1c060000 end_va = 0x1c06ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c060000" filename = "" Region: id = 2084 start_va = 0x1c070000 end_va = 0x1c26ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c070000" filename = "" Region: id = 2085 start_va = 0x1c270000 end_va = 0x1c27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c270000" filename = "" Region: id = 2086 start_va = 0x1c280000 end_va = 0x1c28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c280000" filename = "" Region: id = 2087 start_va = 0x1c290000 end_va = 0x1c29ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c290000" filename = "" Region: id = 2088 start_va = 0x1c2a0000 end_va = 0x1c2affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c2a0000" filename = "" Region: id = 2089 start_va = 0x1c2b0000 end_va = 0x1c2bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c2b0000" filename = "" Region: id = 2090 start_va = 0x1c2c0000 end_va = 0x1c2cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c2c0000" filename = "" Region: id = 2091 start_va = 0x1c2d0000 end_va = 0x1c2dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c2d0000" filename = "" Region: id = 2092 start_va = 0x1c2e0000 end_va = 0x1c2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c2e0000" filename = "" Region: id = 2093 start_va = 0x1c2f0000 end_va = 0x1c2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c2f0000" filename = "" Region: id = 2094 start_va = 0x1c300000 end_va = 0x1c30ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c300000" filename = "" Region: id = 2095 start_va = 0x7ffb13fb0000 end_va = 0x7ffb13fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13fb0000" filename = "" Region: id = 2096 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 2097 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 2098 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 2099 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2100 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2101 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 2102 start_va = 0x1b9a0000 end_va = 0x1b9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9a0000" filename = "" Region: id = 2103 start_va = 0x1be90000 end_va = 0x1be9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001be90000" filename = "" Region: id = 2104 start_va = 0x1bea0000 end_va = 0x1beaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bea0000" filename = "" Region: id = 2105 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 2106 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 2107 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2108 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 2109 start_va = 0x1b9a0000 end_va = 0x1b9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9a0000" filename = "" Region: id = 2110 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 2111 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2112 start_va = 0x1be90000 end_va = 0x1be9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001be90000" filename = "" Region: id = 2113 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2114 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 2115 start_va = 0x1bea0000 end_va = 0x1beaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bea0000" filename = "" Region: id = 2116 start_va = 0x1bf40000 end_va = 0x1bf4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf40000" filename = "" Region: id = 2117 start_va = 0x1bf50000 end_va = 0x1bf5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf50000" filename = "" Region: id = 2118 start_va = 0x1bf60000 end_va = 0x1bf6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf60000" filename = "" Region: id = 2119 start_va = 0x1bf70000 end_va = 0x1bf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf70000" filename = "" Region: id = 2120 start_va = 0x1bf80000 end_va = 0x1bf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf80000" filename = "" Region: id = 2121 start_va = 0x1bf90000 end_va = 0x1bf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf90000" filename = "" Region: id = 2122 start_va = 0x1bfa0000 end_va = 0x1bfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfa0000" filename = "" Region: id = 2123 start_va = 0x1bfb0000 end_va = 0x1bfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfb0000" filename = "" Region: id = 2124 start_va = 0x1bfc0000 end_va = 0x1bfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfc0000" filename = "" Region: id = 2125 start_va = 0x1bfd0000 end_va = 0x1bfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfd0000" filename = "" Region: id = 2126 start_va = 0x1bfe0000 end_va = 0x1bfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfe0000" filename = "" Region: id = 2127 start_va = 0x1bff0000 end_va = 0x1bffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bff0000" filename = "" Region: id = 2128 start_va = 0x1c000000 end_va = 0x1c00ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c000000" filename = "" Region: id = 2129 start_va = 0x1c010000 end_va = 0x1c01ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c010000" filename = "" Region: id = 2130 start_va = 0x1c020000 end_va = 0x1c02ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c020000" filename = "" Region: id = 2131 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 2132 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2133 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 2134 start_va = 0x1b9a0000 end_va = 0x1b9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9a0000" filename = "" Region: id = 2135 start_va = 0x1bf50000 end_va = 0x1bf5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf50000" filename = "" Region: id = 2136 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 2137 start_va = 0x1b9a0000 end_va = 0x1b9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9a0000" filename = "" Region: id = 2138 start_va = 0x1bea0000 end_va = 0x1beaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bea0000" filename = "" Region: id = 2139 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 2140 start_va = 0x1b9a0000 end_va = 0x1b9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9a0000" filename = "" Region: id = 2141 start_va = 0x1bea0000 end_va = 0x1beaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bea0000" filename = "" Region: id = 2142 start_va = 0x1bf50000 end_va = 0x1bf5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf50000" filename = "" Region: id = 2143 start_va = 0x1bf60000 end_va = 0x1bf6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf60000" filename = "" Region: id = 2144 start_va = 0x1bf70000 end_va = 0x1bf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf70000" filename = "" Region: id = 2145 start_va = 0x1bf80000 end_va = 0x1bf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf80000" filename = "" Region: id = 2146 start_va = 0x1bf90000 end_va = 0x1bf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf90000" filename = "" Region: id = 2147 start_va = 0x1bfa0000 end_va = 0x1bfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfa0000" filename = "" Region: id = 2148 start_va = 0x1bfb0000 end_va = 0x1bfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfb0000" filename = "" Region: id = 2149 start_va = 0x1bfc0000 end_va = 0x1bfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfc0000" filename = "" Region: id = 2150 start_va = 0x1bfd0000 end_va = 0x1bfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfd0000" filename = "" Region: id = 2151 start_va = 0x1bfe0000 end_va = 0x1bfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfe0000" filename = "" Region: id = 2152 start_va = 0x1bff0000 end_va = 0x1bffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bff0000" filename = "" Region: id = 2153 start_va = 0x1c000000 end_va = 0x1c00ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c000000" filename = "" Region: id = 2154 start_va = 0x1c010000 end_va = 0x1c01ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c010000" filename = "" Region: id = 2155 start_va = 0x1c020000 end_va = 0x1c02ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c020000" filename = "" Region: id = 2156 start_va = 0x1c030000 end_va = 0x1c03ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c030000" filename = "" Region: id = 2157 start_va = 0x1c040000 end_va = 0x1c04ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c040000" filename = "" Region: id = 2158 start_va = 0x1c050000 end_va = 0x1c05ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c050000" filename = "" Region: id = 2159 start_va = 0x1c060000 end_va = 0x1c06ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c060000" filename = "" Region: id = 2160 start_va = 0x1c270000 end_va = 0x1c27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c270000" filename = "" Region: id = 2161 start_va = 0x1c290000 end_va = 0x1c29ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c290000" filename = "" Region: id = 2162 start_va = 0x1c2a0000 end_va = 0x1c2affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c2a0000" filename = "" Region: id = 2163 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 2164 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2165 start_va = 0x1be90000 end_va = 0x1be9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001be90000" filename = "" Region: id = 2166 start_va = 0x1bf40000 end_va = 0x1bf4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf40000" filename = "" Region: id = 2167 start_va = 0x1bf50000 end_va = 0x1bf5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf50000" filename = "" Region: id = 2168 start_va = 0x1bf60000 end_va = 0x1bf6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf60000" filename = "" Region: id = 2169 start_va = 0x1bf70000 end_va = 0x1bf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf70000" filename = "" Region: id = 2170 start_va = 0x1bf80000 end_va = 0x1bf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf80000" filename = "" Region: id = 2171 start_va = 0x1bf90000 end_va = 0x1bf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf90000" filename = "" Region: id = 2172 start_va = 0x1bfa0000 end_va = 0x1bfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfa0000" filename = "" Region: id = 2173 start_va = 0x1bfb0000 end_va = 0x1bfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfb0000" filename = "" Region: id = 2174 start_va = 0x1bfc0000 end_va = 0x1bfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfc0000" filename = "" Region: id = 2175 start_va = 0x1bfd0000 end_va = 0x1bfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfd0000" filename = "" Region: id = 2176 start_va = 0x1bfe0000 end_va = 0x1bfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfe0000" filename = "" Region: id = 2177 start_va = 0x1bff0000 end_va = 0x1bffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bff0000" filename = "" Region: id = 2178 start_va = 0x1c010000 end_va = 0x1c01ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c010000" filename = "" Region: id = 2179 start_va = 0x1c020000 end_va = 0x1c02ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c020000" filename = "" Region: id = 2180 start_va = 0x1c030000 end_va = 0x1c03ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c030000" filename = "" Region: id = 2181 start_va = 0x1c040000 end_va = 0x1c04ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c040000" filename = "" Region: id = 2182 start_va = 0x1c050000 end_va = 0x1c05ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c050000" filename = "" Region: id = 2183 start_va = 0x1c060000 end_va = 0x1c06ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c060000" filename = "" Region: id = 2184 start_va = 0x1c270000 end_va = 0x1c27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c270000" filename = "" Region: id = 2185 start_va = 0x1c290000 end_va = 0x1c29ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c290000" filename = "" Region: id = 2186 start_va = 0x1c2a0000 end_va = 0x1c2affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c2a0000" filename = "" Region: id = 2187 start_va = 0x1c2b0000 end_va = 0x1c2bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c2b0000" filename = "" Region: id = 2188 start_va = 0x1c2c0000 end_va = 0x1c2cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c2c0000" filename = "" Region: id = 2189 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2190 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2191 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 2192 start_va = 0x1b9a0000 end_va = 0x1b9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9a0000" filename = "" Region: id = 2193 start_va = 0x1be90000 end_va = 0x1be9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001be90000" filename = "" Region: id = 2194 start_va = 0x1bf40000 end_va = 0x1bf4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf40000" filename = "" Region: id = 2195 start_va = 0x1bf50000 end_va = 0x1bf5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf50000" filename = "" Region: id = 2196 start_va = 0x1bf60000 end_va = 0x1bf6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf60000" filename = "" Region: id = 2197 start_va = 0x1bf70000 end_va = 0x1bf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf70000" filename = "" Region: id = 2198 start_va = 0x1bf80000 end_va = 0x1bf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf80000" filename = "" Region: id = 2199 start_va = 0x1bf90000 end_va = 0x1bf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf90000" filename = "" Region: id = 2200 start_va = 0x1bfa0000 end_va = 0x1bfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfa0000" filename = "" Region: id = 2201 start_va = 0x1bfb0000 end_va = 0x1bfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfb0000" filename = "" Region: id = 2202 start_va = 0x1bfc0000 end_va = 0x1bfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfc0000" filename = "" Region: id = 2203 start_va = 0x1bfd0000 end_va = 0x1bfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfd0000" filename = "" Region: id = 2204 start_va = 0x1c270000 end_va = 0x1c36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c270000" filename = "" Region: id = 2205 start_va = 0x1bfe0000 end_va = 0x1bfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfe0000" filename = "" Region: id = 2206 start_va = 0x1bff0000 end_va = 0x1bffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bff0000" filename = "" Region: id = 2207 start_va = 0x1c000000 end_va = 0x1c00ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c000000" filename = "" Region: id = 2208 start_va = 0x1c040000 end_va = 0x1c04ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c040000" filename = "" Region: id = 2209 start_va = 0x1c050000 end_va = 0x1c05ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c050000" filename = "" Region: id = 2210 start_va = 0x1c060000 end_va = 0x1c06ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c060000" filename = "" Region: id = 2211 start_va = 0x1c370000 end_va = 0x1c37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c370000" filename = "" Region: id = 2212 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2213 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 2214 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2215 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 2216 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 2217 start_va = 0x1b9a0000 end_va = 0x1b9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9a0000" filename = "" Region: id = 2218 start_va = 0x1bea0000 end_va = 0x1beaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bea0000" filename = "" Region: id = 2219 start_va = 0x1bf40000 end_va = 0x1bf4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf40000" filename = "" Region: id = 2220 start_va = 0x1bf50000 end_va = 0x1bf5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf50000" filename = "" Region: id = 2221 start_va = 0x1bf60000 end_va = 0x1bf6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf60000" filename = "" Region: id = 2222 start_va = 0x1bf70000 end_va = 0x1bf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf70000" filename = "" Region: id = 2223 start_va = 0x1bf80000 end_va = 0x1bf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf80000" filename = "" Region: id = 2224 start_va = 0x1bf90000 end_va = 0x1bf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf90000" filename = "" Region: id = 2225 start_va = 0x1bfa0000 end_va = 0x1bfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfa0000" filename = "" Region: id = 2226 start_va = 0x1bfd0000 end_va = 0x1bfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfd0000" filename = "" Region: id = 2227 start_va = 0x1bfe0000 end_va = 0x1bfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfe0000" filename = "" Region: id = 2228 start_va = 0x1bff0000 end_va = 0x1bffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bff0000" filename = "" Region: id = 2229 start_va = 0x1c000000 end_va = 0x1c00ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c000000" filename = "" Region: id = 2230 start_va = 0x1c020000 end_va = 0x1c02ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c020000" filename = "" Region: id = 2231 start_va = 0x1bf70000 end_va = 0x1bf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf70000" filename = "" Region: id = 2232 start_va = 0x1bf80000 end_va = 0x1bf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf80000" filename = "" Region: id = 2233 start_va = 0x1bf90000 end_va = 0x1bf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf90000" filename = "" Region: id = 2234 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2235 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 2236 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2237 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 2238 start_va = 0x7ffb13fc0000 end_va = 0x7ffb13fcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13fc0000" filename = "" Region: id = 2239 start_va = 0x7ffb13fd0000 end_va = 0x7ffb13fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13fd0000" filename = "" Region: id = 2240 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 2241 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 2242 start_va = 0x1bea0000 end_va = 0x1beaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bea0000" filename = "" Region: id = 2243 start_va = 0x1bf50000 end_va = 0x1bf5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf50000" filename = "" Region: id = 2244 start_va = 0x1bf60000 end_va = 0x1bf6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf60000" filename = "" Region: id = 2245 start_va = 0x1bf70000 end_va = 0x1bf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf70000" filename = "" Region: id = 2246 start_va = 0x1bf80000 end_va = 0x1bf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf80000" filename = "" Region: id = 2247 start_va = 0x1bf90000 end_va = 0x1bf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf90000" filename = "" Region: id = 2248 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 2249 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 2250 start_va = 0x1b9a0000 end_va = 0x1b9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9a0000" filename = "" Region: id = 2251 start_va = 0x1bea0000 end_va = 0x1beaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bea0000" filename = "" Region: id = 2252 start_va = 0x1bf50000 end_va = 0x1bf5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf50000" filename = "" Region: id = 2253 start_va = 0x1bf70000 end_va = 0x1bf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf70000" filename = "" Region: id = 2254 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 2255 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 2256 start_va = 0x1b9a0000 end_va = 0x1b9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9a0000" filename = "" Region: id = 2257 start_va = 0x1bea0000 end_va = 0x1beaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bea0000" filename = "" Region: id = 2258 start_va = 0x1bf50000 end_va = 0x1bf5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf50000" filename = "" Region: id = 2259 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2260 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2261 start_va = 0x1b9a0000 end_va = 0x1b9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9a0000" filename = "" Region: id = 2262 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2263 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 2264 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 2265 start_va = 0x1bea0000 end_va = 0x1beaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bea0000" filename = "" Region: id = 2266 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2267 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 2268 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2269 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2270 start_va = 0x7ffb88390000 end_va = 0x7ffb883fafff monitored = 0 entry_point = 0x7ffb883a90c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2271 start_va = 0x7ffb863f0000 end_va = 0x7ffb8644bfff monitored = 0 entry_point = 0x7ffb86406f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 2272 start_va = 0x1be90000 end_va = 0x1beaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001be90000" filename = "" Region: id = 2273 start_va = 0x7ffb85530000 end_va = 0x7ffb855d9fff monitored = 0 entry_point = 0x7ffb85557910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 2274 start_va = 0x7ffb88410000 end_va = 0x7ffb88417fff monitored = 0 entry_point = 0x7ffb88411ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2275 start_va = 0x7ffb7ef80000 end_va = 0x7ffb7ef89fff monitored = 0 entry_point = 0x7ffb7ef814c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 2276 start_va = 0x7ffb7fd30000 end_va = 0x7ffb7fd67fff monitored = 0 entry_point = 0x7ffb7fd48cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 2277 start_va = 0x7ffb7fb80000 end_va = 0x7ffb7fbe6fff monitored = 0 entry_point = 0x7ffb7fb863e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2278 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2279 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 2280 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2281 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 2282 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 2283 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 2284 start_va = 0x1b9a0000 end_va = 0x1b9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9a0000" filename = "" Region: id = 2285 start_va = 0x1bf40000 end_va = 0x1bf4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf40000" filename = "" Region: id = 2286 start_va = 0x1bf50000 end_va = 0x1bf5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf50000" filename = "" Region: id = 2287 start_va = 0x1bf60000 end_va = 0x1bf6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf60000" filename = "" Region: id = 2288 start_va = 0x1c370000 end_va = 0x1c46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c370000" filename = "" Region: id = 2289 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2290 start_va = 0x1bf40000 end_va = 0x1bf4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf40000" filename = "" Region: id = 2291 start_va = 0x1bf70000 end_va = 0x1bf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf70000" filename = "" Region: id = 2292 start_va = 0x1bf80000 end_va = 0x1bf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf80000" filename = "" Region: id = 2293 start_va = 0x1bf90000 end_va = 0x1bf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf90000" filename = "" Region: id = 2294 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2295 start_va = 0x1bf40000 end_va = 0x1bf4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf40000" filename = "" Region: id = 2296 start_va = 0x1bf70000 end_va = 0x1bf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf70000" filename = "" Region: id = 2297 start_va = 0x1bf80000 end_va = 0x1bf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf80000" filename = "" Region: id = 2298 start_va = 0x1bf90000 end_va = 0x1bf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf90000" filename = "" Region: id = 2299 start_va = 0x1bfa0000 end_va = 0x1bfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfa0000" filename = "" Region: id = 2300 start_va = 0x1bfb0000 end_va = 0x1bfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfb0000" filename = "" Region: id = 2301 start_va = 0x1bfc0000 end_va = 0x1bfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfc0000" filename = "" Region: id = 2302 start_va = 0x1bfd0000 end_va = 0x1bfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfd0000" filename = "" Region: id = 2303 start_va = 0x1bfe0000 end_va = 0x1bfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfe0000" filename = "" Region: id = 2304 start_va = 0x1bff0000 end_va = 0x1bffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bff0000" filename = "" Region: id = 2305 start_va = 0x1c000000 end_va = 0x1c00ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c000000" filename = "" Region: id = 2306 start_va = 0x1c010000 end_va = 0x1c01ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c010000" filename = "" Region: id = 2307 start_va = 0x1c020000 end_va = 0x1c02ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c020000" filename = "" Region: id = 2308 start_va = 0x1c030000 end_va = 0x1c03ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c030000" filename = "" Region: id = 2309 start_va = 0x1c040000 end_va = 0x1c04ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c040000" filename = "" Region: id = 2310 start_va = 0x1c050000 end_va = 0x1c05ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c050000" filename = "" Region: id = 2311 start_va = 0x1c060000 end_va = 0x1c06ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c060000" filename = "" Region: id = 2312 start_va = 0x1c470000 end_va = 0x1c47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c470000" filename = "" Region: id = 2313 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2314 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2315 start_va = 0x1bf40000 end_va = 0x1bf4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf40000" filename = "" Region: id = 2316 start_va = 0x1bf50000 end_va = 0x1bf5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf50000" filename = "" Region: id = 2317 start_va = 0x1bf70000 end_va = 0x1bf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf70000" filename = "" Region: id = 2318 start_va = 0x1bf80000 end_va = 0x1bf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf80000" filename = "" Region: id = 2319 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2320 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2321 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 2322 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 2323 start_va = 0x1b9a0000 end_va = 0x1b9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9a0000" filename = "" Region: id = 2324 start_va = 0x1bf90000 end_va = 0x1bf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf90000" filename = "" Region: id = 2325 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 2326 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2327 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 2328 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2329 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 2330 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 2331 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 2332 start_va = 0x1b9a0000 end_va = 0x1b9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9a0000" filename = "" Region: id = 2333 start_va = 0x1bf40000 end_va = 0x1bf4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf40000" filename = "" Region: id = 2334 start_va = 0x1bf50000 end_va = 0x1bf5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf50000" filename = "" Region: id = 2335 start_va = 0x1bf60000 end_va = 0x1bf6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf60000" filename = "" Region: id = 2336 start_va = 0x1bf70000 end_va = 0x1bf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf70000" filename = "" Region: id = 2337 start_va = 0x1bf80000 end_va = 0x1bf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf80000" filename = "" Region: id = 2338 start_va = 0x1bf90000 end_va = 0x1bf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf90000" filename = "" Region: id = 2339 start_va = 0x1bfa0000 end_va = 0x1bfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfa0000" filename = "" Region: id = 2340 start_va = 0x1bfb0000 end_va = 0x1bfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfb0000" filename = "" Region: id = 2341 start_va = 0x1bfc0000 end_va = 0x1bfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfc0000" filename = "" Region: id = 2342 start_va = 0x1bfd0000 end_va = 0x1bfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfd0000" filename = "" Region: id = 2343 start_va = 0x1bfe0000 end_va = 0x1bfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfe0000" filename = "" Region: id = 2344 start_va = 0x1bff0000 end_va = 0x1bffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bff0000" filename = "" Region: id = 2345 start_va = 0x1c000000 end_va = 0x1c00ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c000000" filename = "" Region: id = 2346 start_va = 0x1c010000 end_va = 0x1c01ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c010000" filename = "" Region: id = 2347 start_va = 0x1c020000 end_va = 0x1c02ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c020000" filename = "" Region: id = 2348 start_va = 0x1c030000 end_va = 0x1c03ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c030000" filename = "" Region: id = 2349 start_va = 0x1c040000 end_va = 0x1c04ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c040000" filename = "" Region: id = 2350 start_va = 0x1c050000 end_va = 0x1c05ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c050000" filename = "" Region: id = 2351 start_va = 0x1c060000 end_va = 0x1c06ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c060000" filename = "" Region: id = 2352 start_va = 0x1c470000 end_va = 0x1c47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c470000" filename = "" Region: id = 2353 start_va = 0x1c480000 end_va = 0x1c48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c480000" filename = "" Region: id = 2354 start_va = 0x1c490000 end_va = 0x1c49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c490000" filename = "" Region: id = 2355 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 2356 start_va = 0x1bf60000 end_va = 0x1bf6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf60000" filename = "" Region: id = 2357 start_va = 0x1bf40000 end_va = 0x1bf4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf40000" filename = "" Region: id = 2358 start_va = 0x1bf60000 end_va = 0x1bf6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf60000" filename = "" Region: id = 2359 start_va = 0x1bf70000 end_va = 0x1bf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf70000" filename = "" Region: id = 2360 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 2361 start_va = 0x1bf40000 end_va = 0x1bf4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf40000" filename = "" Region: id = 2362 start_va = 0x7ffb8a3d0000 end_va = 0x7ffb8a490fff monitored = 0 entry_point = 0x7ffb8a3f0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2363 start_va = 0x1bf40000 end_va = 0x1bf4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf40000" filename = "" Region: id = 2364 start_va = 0x1bf60000 end_va = 0x1bf6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf60000" filename = "" Region: id = 2365 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 2366 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 2367 start_va = 0x1b9a0000 end_va = 0x1b9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9a0000" filename = "" Region: id = 2368 start_va = 0x1bf70000 end_va = 0x1bf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf70000" filename = "" Region: id = 2369 start_va = 0x1bf80000 end_va = 0x1bf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf80000" filename = "" Region: id = 2370 start_va = 0x1bf90000 end_va = 0x1bf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf90000" filename = "" Region: id = 2371 start_va = 0x1bfa0000 end_va = 0x1bfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfa0000" filename = "" Region: id = 2372 start_va = 0x1bfb0000 end_va = 0x1bfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfb0000" filename = "" Region: id = 2373 start_va = 0x1bfc0000 end_va = 0x1bfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfc0000" filename = "" Region: id = 2374 start_va = 0x1bfd0000 end_va = 0x1bfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfd0000" filename = "" Region: id = 2375 start_va = 0x1bfe0000 end_va = 0x1bfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfe0000" filename = "" Region: id = 2376 start_va = 0x1bff0000 end_va = 0x1bffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bff0000" filename = "" Region: id = 2377 start_va = 0x1c000000 end_va = 0x1c00ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c000000" filename = "" Region: id = 2378 start_va = 0x1c010000 end_va = 0x1c01ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c010000" filename = "" Region: id = 2379 start_va = 0x1c020000 end_va = 0x1c02ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c020000" filename = "" Region: id = 2380 start_va = 0x1c030000 end_va = 0x1c03ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c030000" filename = "" Region: id = 2381 start_va = 0x1c040000 end_va = 0x1c04ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c040000" filename = "" Region: id = 2382 start_va = 0x1c050000 end_va = 0x1c05ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c050000" filename = "" Region: id = 2383 start_va = 0x1c060000 end_va = 0x1c06ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c060000" filename = "" Region: id = 2384 start_va = 0x1c470000 end_va = 0x1c47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c470000" filename = "" Region: id = 2385 start_va = 0x1c480000 end_va = 0x1c48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c480000" filename = "" Region: id = 2386 start_va = 0x1c490000 end_va = 0x1c49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c490000" filename = "" Region: id = 2387 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 2388 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2389 start_va = 0x1bf40000 end_va = 0x1bf4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf40000" filename = "" Region: id = 2390 start_va = 0x1bf70000 end_va = 0x1bf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf70000" filename = "" Region: id = 2391 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2392 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 2393 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 2394 start_va = 0x1bf40000 end_va = 0x1bf4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf40000" filename = "" Region: id = 2395 start_va = 0x1bf70000 end_va = 0x1bf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf70000" filename = "" Region: id = 2396 start_va = 0x1bf80000 end_va = 0x1bf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf80000" filename = "" Region: id = 2397 start_va = 0x7ffb86010000 end_va = 0x7ffb86040fff monitored = 0 entry_point = 0x7ffb86017d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2398 start_va = 0x7ffb7f4c0000 end_va = 0x7ffb7f55bfff monitored = 0 entry_point = 0x7ffb7f5196a0 region_type = mapped_file name = "efswrt.dll" filename = "\\Windows\\System32\\efswrt.dll" (normalized: "c:\\windows\\system32\\efswrt.dll") Region: id = 2399 start_va = 0x7ffb81400000 end_va = 0x7ffb81535fff monitored = 0 entry_point = 0x7ffb8142f350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 2400 start_va = 0x7ffb7d4b0000 end_va = 0x7ffb7d4fffff monitored = 0 entry_point = 0x7ffb7d4b2580 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\System32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll") Region: id = 2401 start_va = 0x1bf80000 end_va = 0x1bfe1fff monitored = 0 entry_point = 0x1bfdcd3e region_type = mapped_file name = "system.management.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management\\2.0.0.0__b03f5f7f11d50a3a\\system.management.dll") Region: id = 2402 start_va = 0x7ffb13fe0000 end_va = 0x7ffb13feffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13fe0000" filename = "" Region: id = 2403 start_va = 0x67510000 end_va = 0x67571fff monitored = 0 entry_point = 0x6756cd3e region_type = mapped_file name = "system.management.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management\\2.0.0.0__b03f5f7f11d50a3a\\system.management.dll") Region: id = 2404 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2405 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 2406 start_va = 0x1c470000 end_va = 0x1c54cfff monitored = 0 entry_point = 0x1c4ce0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 2407 start_va = 0x1c470000 end_va = 0x1c56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c470000" filename = "" Region: id = 2408 start_va = 0x1c570000 end_va = 0x1c66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c570000" filename = "" Region: id = 2409 start_va = 0x1c670000 end_va = 0x1c76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c670000" filename = "" Region: id = 2410 start_va = 0x7ffb13ff0000 end_va = 0x7ffb13ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb13ff0000" filename = "" Region: id = 2411 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 2412 start_va = 0x1bf50000 end_va = 0x1bf5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf50000" filename = "" Region: id = 2413 start_va = 0x1bf60000 end_va = 0x1bf6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf60000" filename = "" Region: id = 2414 start_va = 0x1bff0000 end_va = 0x1bffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bff0000" filename = "" Region: id = 2415 start_va = 0x1c000000 end_va = 0x1c00ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c000000" filename = "" Region: id = 2416 start_va = 0x1c010000 end_va = 0x1c01ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c010000" filename = "" Region: id = 2417 start_va = 0x1c020000 end_va = 0x1c02ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c020000" filename = "" Region: id = 2418 start_va = 0x1c030000 end_va = 0x1c03ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c030000" filename = "" Region: id = 2419 start_va = 0x1c040000 end_va = 0x1c04ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c040000" filename = "" Region: id = 2420 start_va = 0x1c050000 end_va = 0x1c05ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c050000" filename = "" Region: id = 2421 start_va = 0x1c060000 end_va = 0x1c06ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c060000" filename = "" Region: id = 2422 start_va = 0x1c770000 end_va = 0x1c77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c770000" filename = "" Region: id = 2423 start_va = 0x1c780000 end_va = 0x1c78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c780000" filename = "" Region: id = 2424 start_va = 0x1c790000 end_va = 0x1c79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c790000" filename = "" Region: id = 2425 start_va = 0x1c7a0000 end_va = 0x1c7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c7a0000" filename = "" Region: id = 2426 start_va = 0x1c7b0000 end_va = 0x1c7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c7b0000" filename = "" Region: id = 2427 start_va = 0x1c7c0000 end_va = 0x1c7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c7c0000" filename = "" Region: id = 2428 start_va = 0x1c7d0000 end_va = 0x1c7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c7d0000" filename = "" Region: id = 2429 start_va = 0x1c7e0000 end_va = 0x1c7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c7e0000" filename = "" Region: id = 2430 start_va = 0x1c7f0000 end_va = 0x1c7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c7f0000" filename = "" Region: id = 2431 start_va = 0x1c800000 end_va = 0x1c80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c800000" filename = "" Region: id = 2432 start_va = 0x1c810000 end_va = 0x1c81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c810000" filename = "" Region: id = 2433 start_va = 0x1c820000 end_va = 0x1c82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c820000" filename = "" Region: id = 2434 start_va = 0x1c830000 end_va = 0x1c83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c830000" filename = "" Region: id = 2435 start_va = 0x1c840000 end_va = 0x1c84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c840000" filename = "" Region: id = 2436 start_va = 0x1c850000 end_va = 0x1c85ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c850000" filename = "" Region: id = 2437 start_va = 0x1c860000 end_va = 0x1c86ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 2438 start_va = 0x1c870000 end_va = 0x1c87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c870000" filename = "" Region: id = 2439 start_va = 0x1c880000 end_va = 0x1c88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c880000" filename = "" Region: id = 2440 start_va = 0x7ffb853a0000 end_va = 0x7ffb853acfff monitored = 1 entry_point = 0x7ffb853a5470 region_type = mapped_file name = "wminet_utils.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\WMINet_Utils.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\wminet_utils.dll") Region: id = 2441 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 2442 start_va = 0x7ffb14000000 end_va = 0x7ffb1400ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb14000000" filename = "" Region: id = 2443 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 2444 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2445 start_va = 0x22e0000 end_va = 0x22e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000022e0000" filename = "" Region: id = 2446 start_va = 0x7ffb87cf0000 end_va = 0x7ffb87d96fff monitored = 0 entry_point = 0x7ffb87cfb4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2447 start_va = 0x2300000 end_va = 0x2300fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002300000" filename = "" Region: id = 2448 start_va = 0x7ffb750c0000 end_va = 0x7ffb750e4fff monitored = 0 entry_point = 0x7ffb750c9900 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 2449 start_va = 0x7ffb76740000 end_va = 0x7ffb767befff monitored = 0 entry_point = 0x7ffb76757110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 2450 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 2451 start_va = 0x1b9a0000 end_va = 0x1b9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9a0000" filename = "" Region: id = 2452 start_va = 0x1bf40000 end_va = 0x1bf4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf40000" filename = "" Region: id = 2453 start_va = 0x1bf50000 end_va = 0x1bf5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf50000" filename = "" Region: id = 2454 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 2455 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2456 start_va = 0x1b9a0000 end_va = 0x1b9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9a0000" filename = "" Region: id = 2457 start_va = 0x7ffb75500000 end_va = 0x7ffb75510fff monitored = 0 entry_point = 0x7ffb75502fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 2805 start_va = 0x1c850000 end_va = 0x1c94ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c850000" filename = "" Region: id = 2806 start_va = 0x7ffb750f0000 end_va = 0x7ffb75103fff monitored = 0 entry_point = 0x7ffb750f1800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 2807 start_va = 0x7ffb75110000 end_va = 0x7ffb75205fff monitored = 0 entry_point = 0x7ffb75149590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 2810 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 2811 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2812 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 2813 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 2814 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 2815 start_va = 0x1bf40000 end_va = 0x1bf4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf40000" filename = "" Region: id = 2816 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 2817 start_va = 0x1bf40000 end_va = 0x1bf4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf40000" filename = "" Region: id = 2818 start_va = 0x1bf60000 end_va = 0x1bf6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf60000" filename = "" Region: id = 2819 start_va = 0x1bf70000 end_va = 0x1bf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf70000" filename = "" Region: id = 2820 start_va = 0x1bff0000 end_va = 0x1bffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bff0000" filename = "" Region: id = 2821 start_va = 0x1c000000 end_va = 0x1c00ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c000000" filename = "" Region: id = 2822 start_va = 0x1c010000 end_va = 0x1c01ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c010000" filename = "" Region: id = 2823 start_va = 0x1c020000 end_va = 0x1c02ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c020000" filename = "" Region: id = 2824 start_va = 0x1c030000 end_va = 0x1c03ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c030000" filename = "" Region: id = 2825 start_va = 0x1c040000 end_va = 0x1c04ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c040000" filename = "" Region: id = 2826 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 2827 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 2828 start_va = 0x1b9a0000 end_va = 0x1b9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9a0000" filename = "" Region: id = 2829 start_va = 0x1bf40000 end_va = 0x1bf4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf40000" filename = "" Region: id = 2830 start_va = 0x1bf50000 end_va = 0x1bf5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf50000" filename = "" Region: id = 2831 start_va = 0x1bf60000 end_va = 0x1bf6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf60000" filename = "" Region: id = 2832 start_va = 0x1bf70000 end_va = 0x1bf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf70000" filename = "" Region: id = 2833 start_va = 0x1bff0000 end_va = 0x1bffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bff0000" filename = "" Region: id = 2834 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 2835 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2836 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 2837 start_va = 0x1b9a0000 end_va = 0x1b9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9a0000" filename = "" Region: id = 2838 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 2839 start_va = 0x22c0000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2840 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 2841 start_va = 0x1b9a0000 end_va = 0x1b9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9a0000" filename = "" Region: id = 2883 start_va = 0x1c950000 end_va = 0x1ca4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c950000" filename = "" Region: id = 3246 start_va = 0x6a0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 3247 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3248 start_va = 0x6c0000 end_va = 0x6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 3249 start_va = 0x6d0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 3250 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Thread: id = 11 os_tid = 0x860 [0209.962] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0210.180] GetVersionExW (in: lpVersionInformation=0x14e850*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14e850*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0210.186] GetVersionExW (in: lpVersionInformation=0x14e850*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14e850*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0210.218] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service\\", nBufferLength=0x105, lpBuffer=0x14e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service\\", lpFilePart=0x0) returned 0x1d [0210.326] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe", nBufferLength=0x105, lpBuffer=0x14e450, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service\\agpsvc.exe", lpFilePart=0x0) returned 0x27 [0210.340] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe", nBufferLength=0x105, lpBuffer=0x14e390, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service\\agpsvc.exe", lpFilePart=0x0) returned 0x27 [0210.345] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service\\", nBufferLength=0x105, lpBuffer=0x14e2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service\\", lpFilePart=0x0) returned 0x1d [0210.365] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service\\", nBufferLength=0x105, lpBuffer=0x14e490, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service\\", lpFilePart=0x0) returned 0x1d [0210.365] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service\\", nBufferLength=0x105, lpBuffer=0x14e390, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service\\", lpFilePart=0x0) returned 0x1d [0214.371] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc14c [0214.371] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc14d [0215.272] GetSystemMetrics (nIndex=75) returned 1 [0216.261] AdjustWindowRectEx (in: lpRect=0x14e2f0, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x14e2f0) returned 1 [0216.345] GetCurrentProcess () returned 0xffffffffffffffff [0216.345] GetCurrentThread () returned 0xfffffffffffffffe [0216.345] GetCurrentProcess () returned 0xffffffffffffffff [0216.390] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14e040, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x14e040*=0x260) returned 1 [0216.454] GetCurrentThreadId () returned 0x860 [0216.950] GetModuleHandleW (lpModuleName="user32.dll") returned 0x7ffb88810000 [0216.957] GetACP () returned 0x4e4 [0216.975] CoTaskMemAlloc (cb=0x10) returned 0x668400 [0216.975] GetProcAddress (hModule=0x7ffb88810000, lpProcName="DefWindowProcW") returned 0x7ffb8a544a40 [0216.976] CoTaskMemFree (pv=0x668400) [0216.994] GetStockObject (i=5) returned 0x1900015 [0217.062] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0217.112] CoTaskMemAlloc (cb=0x4c) returned 0x5d59a0 [0217.112] RegisterClassW (lpWndClass=0x14dd70) returned 0xc14e [0217.112] CoTaskMemFree (pv=0x5d59a0) [0217.113] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0217.125] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.378734a", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x5013c [0217.137] SetWindowLongPtrW (hWnd=0x5013c, nIndex=-4, dwNewLong=0x7ffb8a544a40) returned 0x2160a4c [0217.179] GetWindowLongPtrW (hWnd=0x5013c, nIndex=-4) returned 0x7ffb8a544a40 [0217.205] GetVersionExW (in: lpVersionInformation=0x14aaf0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14aaf0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0217.218] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cfb8 | out: phkResult=0x14cfb8*=0x268) returned 0x0 [0217.222] RegQueryValueExW (in: hKey=0x268, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x14cf3c, lpData=0x0, lpcbData=0x14cf38*=0x0 | out: lpType=0x14cf3c*=0x0, lpData=0x0, lpcbData=0x14cf38*=0x0) returned 0x2 [0217.222] RegQueryValueExW (in: hKey=0x268, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x14cf3c, lpData=0x0, lpcbData=0x14cf38*=0x0 | out: lpType=0x14cf3c*=0x0, lpData=0x0, lpcbData=0x14cf38*=0x0) returned 0x2 [0217.223] RegCloseKey (hKey=0x268) returned 0x0 [0217.273] SetWindowLongPtrW (hWnd=0x5013c, nIndex=-4, dwNewLong=0x2160a9c) returned 0x7ffb8a544a40 [0217.273] GetWindowLongPtrW (hWnd=0x5013c, nIndex=-4) returned 0x2160a9c [0217.273] GetWindowLongPtrW (hWnd=0x5013c, nIndex=-16) returned 0x6c10000 [0217.450] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc150 [0217.457] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013c, Msg=0x24, wParam=0x0, lParam=0x14d750) returned 0x0 [0217.461] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc14f [0217.463] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013c, Msg=0x81, wParam=0x0, lParam=0x14d6d0) returned 0x1 [0217.464] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013c, Msg=0x83, wParam=0x0, lParam=0x14d770) returned 0x0 [0217.475] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013c, Msg=0x1, wParam=0x0, lParam=0x14d6d0) returned 0x0 [0217.542] GetClientRect (in: hWnd=0x5013c, lpRect=0x14cf00 | out: lpRect=0x14cf00) returned 1 [0217.549] GetWindowRect (in: hWnd=0x5013c, lpRect=0x14cf00 | out: lpRect=0x14cf00) returned 1 [0217.833] GetParent (hWnd=0x5013c) returned 0x0 [0217.860] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x14df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x64 [0217.903] IsAppThemed () returned 0x1 [0217.925] CoTaskMemAlloc (cb=0xca) returned 0x1ae80a00 [0217.925] CreateActCtxA (pActCtx=0x14e3f8) returned 0x5fd908 [0217.959] CoTaskMemFree (pv=0x1ae80a00) [0218.045] GetCurrentActCtx (in: lphActCtx=0x14edf0 | out: lphActCtx=0x14edf0*=0x0) returned 1 [0218.061] ActivateActCtx (in: hActCtx=0x5fd908, lpCookie=0x14ee30 | out: hActCtx=0x5fd908, lpCookie=0x14ee30) returned 1 [0218.149] GetCurrentActCtx (in: lphActCtx=0x14e8a0 | out: lphActCtx=0x14e8a0*=0x5fd908) returned 1 [0218.207] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0218.207] CreateWindowExW (dwExStyle=0x10000, lpClassName="WindowsForms10.Window.8.app.0.378734a", lpWindowName=0x0, dwStyle=0x22cf0000, X=-2147483648, Y=-2147483648, nWidth=300, nHeight=300, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x1 [0218.214] SetWindowLongPtrW (hWnd=0x5013e, nIndex=-4, dwNewLong=0x7ffb8a544a40) returned 0x2160a4c [0218.214] GetWindowLongPtrW (hWnd=0x5013e, nIndex=-4) returned 0x7ffb8a544a40 [0218.215] SetWindowLongPtrW (hWnd=0x5013e, nIndex=-4, dwNewLong=0x2160aec) returned 0x7ffb8a544a40 [0218.215] GetWindowLongPtrW (hWnd=0x5013e, nIndex=-4) returned 0x2160aec [0218.215] GetWindowLongPtrW (hWnd=0x5013e, nIndex=-16) returned 0x26cf0000 [0218.261] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x81, wParam=0x0, lParam=0x14ded0) returned 0x1 [0218.267] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x83, wParam=0x0, lParam=0x14df70) returned 0x0 [0218.275] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x1, wParam=0x0, lParam=0x14ded0) returned 0x0 [0218.275] GetClientRect (in: hWnd=0x5013e, lpRect=0x14d6c0 | out: lpRect=0x14d6c0) returned 1 [0218.275] GetWindowRect (in: hWnd=0x5013e, lpRect=0x14d6c0 | out: lpRect=0x14d6c0) returned 1 [0218.299] GetWindowTextLengthW (hWnd=0x5013e) returned 0 [0218.299] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0218.299] GetSystemMetrics (nIndex=42) returned 0 [0218.305] CoTaskMemAlloc (cb=0x6) returned 0x5ee2a0 [0218.305] GetWindowTextW (in: hWnd=0x5013e, lpString=0x5ee2a0, nMaxCount=1 | out: lpString="") returned 0 [0218.305] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0xd, wParam=0x1, lParam=0x5ee2a0) returned 0x0 [0218.305] CoTaskMemFree (pv=0x5ee2a0) [0218.375] GetProcessWindowStation () returned 0xcc [0218.379] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0218.380] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0218.380] GetClassInfoW (in: hInstance=0x400000, lpClassName=".NET-BroadcastEventWindow.2.0.0.0.378734a.0", lpWndClass=0x26a0c58 | out: lpWndClass=0x26a0c58) returned 0 [0218.384] CoTaskMemAlloc (cb=0x58) returned 0x1ae6f790 [0218.384] RegisterClassW (lpWndClass=0x14d2d0) returned 0xc151 [0218.384] CoTaskMemFree (pv=0x1ae6f790) [0218.388] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.2.0.0.0.378734a.0", lpWindowName=".NET-BroadcastEventWindow.2.0.0.0.378734a.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x40032 [0218.389] NtdllDefWindowProc_W (hWnd=0x40032, Msg=0x81, wParam=0x0, lParam=0x14cac0) returned 0x1 [0218.389] NtdllDefWindowProc_W (hWnd=0x40032, Msg=0x83, wParam=0x0, lParam=0x14cb70) returned 0x0 [0218.390] NtdllDefWindowProc_W (hWnd=0x40032, Msg=0x1, wParam=0x0, lParam=0x14ca60) returned 0x0 [0218.390] NtdllDefWindowProc_W (hWnd=0x40032, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0218.390] NtdllDefWindowProc_W (hWnd=0x40032, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0218.464] GetStartupInfoW (in: lpStartupInfo=0x26a1248 | out: lpStartupInfo=0x26a1248*(cb=0x68, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Program Files\\AGP Service\\agpsvc.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0218.476] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x46, wParam=0x0, lParam=0x14df50) returned 0x0 [0218.476] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x83, wParam=0x1, lParam=0x14df20) returned 0x0 [0218.502] GetWindowPlacement (in: hWnd=0x5013e, lpwndpl=0x14d9a0 | out: lpwndpl=0x14d9a0) returned 1 [0218.506] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x47, wParam=0x0, lParam=0x14df50) returned 0x0 [0218.510] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x3, wParam=0x0, lParam=0x83008300) returned 0x0 [0218.510] GetClientRect (in: hWnd=0x5013e, lpRect=0x14cb30 | out: lpRect=0x14cb30) returned 1 [0218.510] GetWindowRect (in: hWnd=0x5013e, lpRect=0x14cb30 | out: lpRect=0x14cb30) returned 1 [0218.511] GetWindowTextLengthW (hWnd=0x5013e) returned 0 [0218.511] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0218.511] GetSystemMetrics (nIndex=42) returned 0 [0218.511] CoTaskMemAlloc (cb=0x6) returned 0x5ee160 [0218.511] GetWindowTextW (in: hWnd=0x5013e, lpString=0x5ee160, nMaxCount=1 | out: lpString="") returned 0 [0218.511] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0xd, wParam=0x1, lParam=0x5ee160) returned 0x0 [0218.511] CoTaskMemFree (pv=0x5ee160) [0218.528] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x5, wParam=0x1, lParam=0x0) returned 0x0 [0218.532] GetClientRect (in: hWnd=0x5013e, lpRect=0x14d730 | out: lpRect=0x14d730) returned 1 [0218.532] GetWindowRect (in: hWnd=0x5013e, lpRect=0x14d730 | out: lpRect=0x14d730) returned 1 [0218.542] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0218.542] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0218.542] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0218.548] GetParent (hWnd=0x5013e) returned 0x0 [0218.553] GetStockObject (i=5) returned 0x1900015 [0218.553] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0218.553] CoTaskMemAlloc (cb=0x4c) returned 0x5f7590 [0218.553] RegisterClassW (lpWndClass=0x14e530) returned 0xc152 [0218.553] CoTaskMemFree (pv=0x5f7590) [0218.553] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0218.554] CreateWindowExW (dwExStyle=0x80, lpClassName="WindowsForms10.Window.0.app.0.378734a", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x3018c [0218.554] SetWindowLongPtrW (hWnd=0x3018c, nIndex=-4, dwNewLong=0x7ffb8a544a40) returned 0x216079c [0218.554] GetWindowLongPtrW (hWnd=0x3018c, nIndex=-4) returned 0x7ffb8a544a40 [0218.554] SetWindowLongPtrW (hWnd=0x3018c, nIndex=-4, dwNewLong=0x21607ec) returned 0x7ffb8a544a40 [0218.554] GetWindowLongPtrW (hWnd=0x3018c, nIndex=-4) returned 0x21607ec [0218.554] GetWindowLongPtrW (hWnd=0x3018c, nIndex=-16) returned 0x4c00000 [0218.555] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x3018c, Msg=0x24, wParam=0x0, lParam=0x14df10) returned 0x0 [0218.555] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x3018c, Msg=0x81, wParam=0x0, lParam=0x14de90) returned 0x1 [0218.556] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x3018c, Msg=0x83, wParam=0x0, lParam=0x14df30) returned 0x0 [0218.556] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x3018c, Msg=0x1, wParam=0x0, lParam=0x14de90) returned 0x0 [0218.557] SetWindowLongPtrW (hWnd=0x5013e, nIndex=-8, dwNewLong=0x3018c) returned 0x0 [0218.646] GetSystemMetrics (nIndex=11) returned 32 [0218.646] GetSystemMetrics (nIndex=12) returned 32 [0218.650] GetDC (hWnd=0x0) returned 0xa0100d0 [0218.661] GetDeviceCaps (hdc=0xa0100d0, index=12) returned 32 [0218.661] GetDeviceCaps (hdc=0xa0100d0, index=14) returned 1 [0218.685] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1 [0218.728] CreateIconFromResourceEx (presbits=0x26a4360, dwResSize=0x10a8, fIcon=1, dwVer=0x30000, cxDesired=0, cyDesired=0, Flags=0x0) returned 0x701b5 [0218.731] GetSystemMetrics (nIndex=49) returned 16 [0218.731] GetSystemMetrics (nIndex=50) returned 16 [0218.744] CreateIconFromResourceEx (presbits=0x26a5460, dwResSize=0x468, fIcon=1, dwVer=0x30000, cxDesired=0, cyDesired=0, Flags=0x0) returned 0x7019b [0218.761] SendMessageW (hWnd=0x5013e, Msg=0x80, wParam=0x0, lParam=0x7019b) returned 0x0 [0218.761] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x80, wParam=0x0, lParam=0x7019b) returned 0x0 [0218.762] SendMessageW (hWnd=0x5013e, Msg=0x80, wParam=0x1, lParam=0x701b5) returned 0x0 [0218.762] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x80, wParam=0x1, lParam=0x701b5) returned 0x0 [0218.788] GetSystemMenu (hWnd=0x5013e, bRevert=0) returned 0x40079 [0218.800] GetWindowPlacement (in: hWnd=0x5013e, lpwndpl=0x14e740 | out: lpwndpl=0x14e740) returned 1 [0218.806] EnableMenuItem (hMenu=0x40079, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0218.806] EnableMenuItem (hMenu=0x40079, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0218.806] EnableMenuItem (hMenu=0x40079, uIDEnableItem=0xf120, uEnable=0x0) returned 0 [0218.807] EnableMenuItem (hMenu=0x40079, uIDEnableItem=0xf000, uEnable=0x1) returned 0 [0218.848] SetWindowLongPtrW (hWnd=0x5013e, nIndex=-8, dwNewLong=0x3018c) returned 0x3018c [0218.852] SendMessageW (hWnd=0x3018c, Msg=0x80, wParam=0x1, lParam=0x701b5) returned 0x0 [0218.852] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x3018c, Msg=0x80, wParam=0x1, lParam=0x701b5) returned 0x0 [0218.855] GetWindowLongPtrW (hWnd=0x5013e, nIndex=-16) returned 0x26cf0000 [0218.855] GetWindowTextLengthW (hWnd=0x5013e) returned 0 [0218.855] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0218.855] GetSystemMetrics (nIndex=42) returned 0 [0218.855] CoTaskMemAlloc (cb=0x6) returned 0x5ee1b0 [0218.855] GetWindowTextW (in: hWnd=0x5013e, lpString=0x5ee1b0, nMaxCount=1 | out: lpString="") returned 0 [0218.855] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0xd, wParam=0x1, lParam=0x5ee1b0) returned 0x0 [0218.855] CoTaskMemFree (pv=0x5ee1b0) [0218.855] GetWindowTextLengthW (hWnd=0x5013e) returned 0 [0218.855] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0218.855] GetSystemMetrics (nIndex=42) returned 0 [0218.855] CoTaskMemAlloc (cb=0x6) returned 0x5edf90 [0218.855] GetWindowTextW (in: hWnd=0x5013e, lpString=0x5edf90, nMaxCount=1 | out: lpString="") returned 0 [0218.856] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0xd, wParam=0x1, lParam=0x5edf90) returned 0x0 [0218.856] CoTaskMemFree (pv=0x5edf90) [0218.856] GetWindowLongPtrW (hWnd=0x5013e, nIndex=-16) returned 0x26cf0000 [0218.859] GetWindowLongPtrW (hWnd=0x5013e, nIndex=-20) returned 0x10100 [0218.862] SetWindowLongPtrW (hWnd=0x5013e, nIndex=-16, dwNewLong=0x22cf0000) returned 0x26cf0000 [0218.862] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x7c, wParam=0xfffffffffffffff0, lParam=0x14e760) returned 0x0 [0218.862] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x7d, wParam=0xfffffffffffffff0, lParam=0x14e760) returned 0x0 [0218.863] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x7019b [0218.867] SetWindowLongPtrW (hWnd=0x5013e, nIndex=-20, dwNewLong=0x10000) returned 0x10100 [0218.867] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x7c, wParam=0xffffffffffffffec, lParam=0x14e760) returned 0x0 [0218.867] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x7d, wParam=0xffffffffffffffec, lParam=0x14e760) returned 0x0 [0218.874] SetWindowPos (hWnd=0x5013e, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0218.875] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x46, wParam=0x0, lParam=0x14e810) returned 0x0 [0218.875] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x83, wParam=0x1, lParam=0x14e7e0) returned 0x0 [0218.876] GetWindowPlacement (in: hWnd=0x5013e, lpwndpl=0x14e260 | out: lpwndpl=0x14e260) returned 1 [0218.877] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x47, wParam=0x0, lParam=0x14e810) returned 0x0 [0218.877] GetClientRect (in: hWnd=0x5013e, lpRect=0x14dff0 | out: lpRect=0x14dff0) returned 1 [0218.877] GetWindowRect (in: hWnd=0x5013e, lpRect=0x14dff0 | out: lpRect=0x14dff0) returned 1 [0218.896] RedrawWindow (hWnd=0x5013e, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0218.903] GetSystemMenu (hWnd=0x5013e, bRevert=0) returned 0x40079 [0218.903] GetWindowPlacement (in: hWnd=0x5013e, lpwndpl=0x14e740 | out: lpwndpl=0x14e740) returned 1 [0218.903] EnableMenuItem (hMenu=0x40079, uIDEnableItem=0xf020, uEnable=0x1) returned 1 [0218.903] EnableMenuItem (hMenu=0x40079, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0218.903] EnableMenuItem (hMenu=0x40079, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0218.903] EnableMenuItem (hMenu=0x40079, uIDEnableItem=0xf120, uEnable=0x0) returned 0 [0218.903] EnableMenuItem (hMenu=0x40079, uIDEnableItem=0xf000, uEnable=0x1) returned 1 [0218.905] ShowWindow (hWnd=0x5013e, nCmdShow=2) returned 0 [0218.905] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x46, wParam=0x0, lParam=0x14ea60) returned 0x0 [0218.926] GetWindowPlacement (in: hWnd=0x5013e, lpwndpl=0x14e4b0 | out: lpwndpl=0x14e4b0) returned 1 [0218.926] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x47, wParam=0x0, lParam=0x14ea60) returned 0x0 [0218.926] GetClientRect (in: hWnd=0x5013e, lpRect=0x14e240 | out: lpRect=0x14e240) returned 1 [0218.926] GetWindowRect (in: hWnd=0x5013e, lpRect=0x14e240 | out: lpRect=0x14e240) returned 1 [0218.938] GetWindowTextLengthW (hWnd=0x5013e) returned 0 [0218.938] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0218.938] GetSystemMetrics (nIndex=42) returned 0 [0218.938] CoTaskMemAlloc (cb=0x6) returned 0x5ee1b0 [0218.938] GetWindowTextW (in: hWnd=0x5013e, lpString=0x5ee1b0, nMaxCount=1 | out: lpString="") returned 0 [0218.938] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0xd, wParam=0x1, lParam=0x5ee1b0) returned 0x0 [0218.939] CoTaskMemFree (pv=0x5ee1b0) [0218.942] SendMessageW (hWnd=0x5013e, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0218.945] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0218.980] GetWindowThreadProcessId (in: hWnd=0x5013e, lpdwProcessId=0x14e210 | out: lpdwProcessId=0x14e210) returned 0x860 [0218.980] GetCurrentThreadId () returned 0x860 [0218.983] RegisterClipboardFormatW (lpszFormat="WindowsForms12_ThreadCallbackMessage") returned 0xc153 [0218.984] PostMessageW (hWnd=0x5013e, Msg=0xc153, wParam=0x0, lParam=0x0) returned 1 [0219.068] OleInitialize (pvReserved=0x0) returned 0x0 [0219.074] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x14ebb0 | out: lplpMessageFilter=0x14ebb0*=0x0) returned 0x0 [0219.127] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 1 [0219.130] IsWindowUnicode (hWnd=0x5013e) returned 1 [0219.133] GetMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14ea90) returned 1 [0219.145] TranslateMessage (lpMsg=0x14eaa0) returned 0 [0219.150] DispatchMessageW (lpMsg=0x14eaa0) returned 0x0 [0219.151] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0 [0219.151] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 1 [0219.151] IsWindowUnicode (hWnd=0x3018c) returned 1 [0219.151] GetMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14ea90) returned 1 [0219.151] TranslateMessage (lpMsg=0x14eaa0) returned 0 [0219.151] DispatchMessageW (lpMsg=0x14eaa0) returned 0x0 [0219.151] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x3018c, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0 [0219.151] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 1 [0219.151] IsWindowUnicode (hWnd=0x5013e) returned 1 [0219.151] GetMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14ea90) returned 1 [0219.151] TranslateMessage (lpMsg=0x14eaa0) returned 0 [0219.151] DispatchMessageW (lpMsg=0x14eaa0) returned 0x1 [0219.170] GetFocus () returned 0x0 [0219.170] ShowWindow (hWnd=0x5013e, nCmdShow=0) returned 1 [0219.170] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0 [0219.170] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x46, wParam=0x0, lParam=0x14d660) returned 0x0 [0219.172] GetWindowPlacement (in: hWnd=0x5013e, lpwndpl=0x14d0b0 | out: lpwndpl=0x14d0b0) returned 1 [0219.172] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x47, wParam=0x0, lParam=0x14d660) returned 0x0 [0219.172] GetClientRect (in: hWnd=0x5013e, lpRect=0x14ce40 | out: lpRect=0x14ce40) returned 1 [0219.172] GetWindowRect (in: hWnd=0x5013e, lpRect=0x14ce40 | out: lpRect=0x14ce40) returned 1 [0219.173] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x5, wParam=0x1, lParam=0x0) returned 0x0 [0219.173] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x3, wParam=0x0, lParam=0xffffffff83008300) returned 0x0 [0219.173] GetClientRect (in: hWnd=0x5013e, lpRect=0x14cf10 | out: lpRect=0x14cf10) returned 1 [0219.173] GetWindowRect (in: hWnd=0x5013e, lpRect=0x14cf10 | out: lpRect=0x14cf10) returned 1 [0219.235] CoTaskMemAlloc (cb=0x20c) returned 0x5fdf60 [0219.235] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x5fdf60, nSize=0x104 | out: lpFilename="C:\\Program Files\\AGP Service\\agpsvc.exe" (normalized: "c:\\program files\\agp service\\agpsvc.exe")) returned 0x27 [0219.235] CoTaskMemFree (pv=0x5fdf60) [0219.245] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service", nBufferLength=0x105, lpBuffer=0x14d340, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service", lpFilePart=0x0) returned 0x1c [0219.245] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service", nBufferLength=0x105, lpBuffer=0x14d480, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service", lpFilePart=0x0) returned 0x1c [0219.246] SetCurrentDirectoryW (lpPathName="C:\\Program Files\\AGP Service" (normalized: "c:\\program files\\agp service")) returned 1 [0219.258] FindResourceExA (hModule=0x0, lpType=0xa, lpName=0x1, wLanguage=0x0) returned 0x422048 [0219.259] LoadResource (hModule=0x0, hResInfo=0x422048) returned 0x422058 [0219.260] SizeofResource (hModule=0x0, hResInfo=0x422048) returned 0x10808 [0219.261] LockResource (hResData=0x422058) returned 0x422058 [0219.295] GetVersionExW (in: lpVersionInformation=0x14d4f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14d4f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0219.327] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x14d780 | out: pfEnabled=0x14d780) returned 0x0 [0220.050] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe", nBufferLength=0x105, lpBuffer=0x14bfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service\\agpsvc.exe", lpFilePart=0x0) returned 0x27 [0220.224] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe", nBufferLength=0x105, lpBuffer=0x14bf40, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service\\agpsvc.exe", lpFilePart=0x0) returned 0x27 [0220.312] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="Global\\{48fc9f6c-a1d6-42de-93fe-7ff2a24a16fa}") returned 0x2c8 [0220.328] CoTaskMemAlloc (cb=0x21) returned 0x1ae6f550 [0220.328] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Cryptography", ulOptions=0x0, samDesired=0x20119, phkResult=0x14d728 | out: phkResult=0x14d728*=0x2cc) returned 0x0 [0220.329] CoTaskMemFree (pv=0x1ae6f550) [0220.332] CoTaskMemAlloc (cb=0xd) returned 0x1ae85ce0 [0220.332] RegQueryValueExA (in: hKey=0x2cc, lpValueName="MachineGuid", lpReserved=0x0, lpType=0x14d6ec, lpData=0x0, lpcbData=0x14d6e8*=0x0 | out: lpType=0x14d6ec*=0x1, lpData=0x0, lpcbData=0x14d6e8*=0x25) returned 0x0 [0220.332] CoTaskMemFree (pv=0x1ae85ce0) [0220.332] CoTaskMemFree (pv=0x0) [0220.332] CoTaskMemAlloc (cb=0xd) returned 0x1ae86020 [0220.332] CoTaskMemAlloc (cb=0x29) returned 0x5e31e0 [0220.333] RegQueryValueExA (in: hKey=0x2cc, lpValueName="MachineGuid", lpReserved=0x0, lpType=0x14d6ec, lpData=0x5e31e0, lpcbData=0x14d6e8*=0x25 | out: lpType=0x14d6ec*=0x1, lpData="03845cb8-7441-4a2f-8c0f-c90408af5778", lpcbData=0x14d6e8*=0x25) returned 0x0 [0220.333] CoTaskMemFree (pv=0x1ae86020) [0220.333] CoTaskMemFree (pv=0x5e31e0) [0220.334] RegCloseKey (hKey=0x2cc) returned 0x0 [0220.336] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d6f8 | out: phkResult=0x14d6f8*=0x2cc) returned 0x0 [0220.337] RegQueryValueExW (in: hKey=0x2cc, lpValueName="EnableLUA", lpReserved=0x0, lpType=0x14d67c, lpData=0x0, lpcbData=0x14d678*=0x0 | out: lpType=0x14d67c*=0x4, lpData=0x0, lpcbData=0x14d678*=0x4) returned 0x0 [0220.337] RegQueryValueExW (in: hKey=0x2cc, lpValueName="EnableLUA", lpReserved=0x0, lpType=0x14d680, lpData=0x14d67c, lpcbData=0x14d678*=0x4 | out: lpType=0x14d680*=0x4, lpData=0x14d67c*=0x1, lpcbData=0x14d678*=0x4) returned 0x0 [0220.379] GetVersionExW (in: lpVersionInformation=0x14d5d0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14d5d0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0220.382] GetCurrentProcess () returned 0xffffffffffffffff [0220.383] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14d668 | out: TokenHandle=0x14d668*=0x2d0) returned 1 [0220.387] GetTokenInformation (in: TokenHandle=0x2d0, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14d588 | out: TokenInformation=0x0, ReturnLength=0x14d588) returned 0 [0220.388] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x5ee160 [0220.388] GetTokenInformation (in: TokenHandle=0x2d0, TokenInformationClass=0x8, TokenInformation=0x5ee160, TokenInformationLength=0x4, ReturnLength=0x14d588 | out: TokenInformation=0x5ee160, ReturnLength=0x14d588) returned 1 [0220.395] DuplicateTokenEx (in: hExistingToken=0x2d0, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x14d6e8 | out: phNewToken=0x14d6e8*=0x2d4) returned 1 [0220.395] GetTokenInformation (in: TokenHandle=0x2d0, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14d588 | out: TokenInformation=0x0, ReturnLength=0x14d588) returned 0 [0220.395] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x5ee2e0 [0220.395] GetTokenInformation (in: TokenHandle=0x2d0, TokenInformationClass=0x8, TokenInformation=0x5ee2e0, TokenInformationLength=0x4, ReturnLength=0x14d588 | out: TokenInformation=0x5ee2e0, ReturnLength=0x14d588) returned 1 [0220.396] CheckTokenMembership (in: TokenHandle=0x2d4, SidToCheck=0x271d720*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x14d6f8 | out: IsMember=0x14d6f8) returned 1 [0220.396] CloseHandle (hObject=0x2d4) returned 1 [0220.414] GetCurrentProcess () returned 0xffffffffffffffff [0220.472] CoTaskMemAlloc (cb=0x20c) returned 0x5fe180 [0220.472] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5fe180 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0220.473] CoTaskMemFree (pv=0x5fe180) [0220.473] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x14d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0220.475] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778", nBufferLength=0x105, lpBuffer=0x14d360, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778", lpFilePart=0x0) returned 0x4a [0220.476] SetErrorMode (uMode=0x1) returned 0x0 [0220.476] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778"), fInfoLevelId=0x0, lpFileInformation=0x14d480 | out: lpFileInformation=0x14d480*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe5f456f1, ftCreationTime.dwHighDateTime=0x1d8a905, ftLastAccessTime.dwLowDateTime=0xe5f91b8d, ftLastAccessTime.dwHighDateTime=0x1d8a905, ftLastWriteTime.dwLowDateTime=0xe5f91b8d, ftLastWriteTime.dwHighDateTime=0x1d8a905, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0220.478] SetErrorMode (uMode=0x0) returned 0x1 [0220.478] SetErrorMode (uMode=0x1) returned 0x0 [0220.478] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming"), fInfoLevelId=0x0, lpFileInformation=0x14d480 | out: lpFileInformation=0x14d480*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe5f456f1, ftLastAccessTime.dwHighDateTime=0x1d8a905, ftLastWriteTime.dwLowDateTime=0xe5f456f1, ftLastWriteTime.dwHighDateTime=0x1d8a905, nFileSizeHigh=0x0, nFileSizeLow=0x3000)) returned 1 [0220.479] SetErrorMode (uMode=0x0) returned 0x1 [0220.479] SetErrorMode (uMode=0x1) returned 0x0 [0220.479] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), fInfoLevelId=0x0, lpFileInformation=0x14d480 | out: lpFileInformation=0x14d480*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0220.479] SetErrorMode (uMode=0x0) returned 0x1 [0220.479] SetErrorMode (uMode=0x1) returned 0x0 [0220.479] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX" (normalized: "c:\\users\\rdhj0cnfevzx"), fInfoLevelId=0x0, lpFileInformation=0x14d480 | out: lpFileInformation=0x14d480*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ce179de, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xb510ab5, ftLastAccessTime.dwHighDateTime=0x1d8a906, ftLastWriteTime.dwLowDateTime=0xb510ab5, ftLastWriteTime.dwHighDateTime=0x1d8a906, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0220.479] SetErrorMode (uMode=0x0) returned 0x1 [0220.479] SetErrorMode (uMode=0x1) returned 0x0 [0220.479] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x14d480 | out: lpFileInformation=0x14d480*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x3ce179de, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3ce179de, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0220.479] SetErrorMode (uMode=0x0) returned 0x1 [0220.495] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\run.dat", nBufferLength=0x105, lpBuffer=0x14d350, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\run.dat", lpFilePart=0x0) returned 0x52 [0220.495] SetErrorMode (uMode=0x1) returned 0x0 [0220.496] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\run.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\run.dat"), fInfoLevelId=0x0, lpFileInformation=0x14d560 | out: lpFileInformation=0x14d560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5f91b8d, ftCreationTime.dwHighDateTime=0x1d8a905, ftLastAccessTime.dwLowDateTime=0xe5f91b8d, ftLastAccessTime.dwHighDateTime=0x1d8a905, ftLastWriteTime.dwLowDateTime=0xe5f91b8d, ftLastWriteTime.dwHighDateTime=0x1d8a905, nFileSizeHigh=0x0, nFileSizeLow=0x8)) returned 1 [0220.498] SetErrorMode (uMode=0x0) returned 0x1 [0220.505] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\run.dat", nBufferLength=0x105, lpBuffer=0x14d070, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\run.dat", lpFilePart=0x0) returned 0x52 [0220.505] SetErrorMode (uMode=0x1) returned 0x0 [0220.507] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\run.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\run.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d4 [0220.507] GetFileType (hFile=0x2d4) returned 0x1 [0220.508] SetErrorMode (uMode=0x0) returned 0x1 [0220.508] GetFileType (hFile=0x2d4) returned 0x1 [0220.508] GetFileSize (in: hFile=0x2d4, lpFileSizeHigh=0x14d6d8 | out: lpFileSizeHigh=0x14d6d8*=0x0) returned 0x8 [0220.509] ReadFile (in: hFile=0x2d4, lpBuffer=0x271ffc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5b8, lpOverlapped=0x0 | out: lpBuffer=0x271ffc8*, lpNumberOfBytesRead=0x14d5b8*=0x8, lpOverlapped=0x0) returned 1 [0220.511] CloseHandle (hObject=0x2d4) returned 1 [0220.549] CoTaskMemAlloc (cb=0x20c) returned 0x5fdf60 [0220.549] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x5fdf60 | out: pszPath="C:\\Program Files") returned 0x0 [0220.550] CoTaskMemFree (pv=0x5fdf60) [0220.550] GetFullPathNameW (in: lpFileName="C:\\Program Files", nBufferLength=0x105, lpBuffer=0x14d310, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files", lpFilePart=0x0) returned 0x10 [0220.576] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\Exceptions\\1.2.2.0", nBufferLength=0x105, lpBuffer=0x14d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\Exceptions\\1.2.2.0", lpFilePart=0x0) returned 0x5d [0220.576] SetErrorMode (uMode=0x1) returned 0x0 [0220.576] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\Exceptions\\1.2.2.0" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\exceptions\\1.2.2.0"), fInfoLevelId=0x0, lpFileInformation=0x14d640 | out: lpFileInformation=0x14d640*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0220.578] SetErrorMode (uMode=0x0) returned 0x1 [0220.634] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d7b8 | out: phkResult=0x14d7b8*=0x2d4) returned 0x0 [0220.635] RegQueryValueExW (in: hKey=0x2d4, lpValueName="AGP Service", lpReserved=0x0, lpType=0x14d73c, lpData=0x0, lpcbData=0x14d738*=0x0 | out: lpType=0x14d73c*=0x1, lpData=0x0, lpcbData=0x14d738*=0x50) returned 0x0 [0220.635] CoTaskMemAlloc (cb=0x54) returned 0x1ae96710 [0220.635] RegQueryValueExW (in: hKey=0x2d4, lpValueName="AGP Service", lpReserved=0x0, lpType=0x14d70c, lpData=0x1ae96710, lpcbData=0x14d708*=0x50 | out: lpType=0x14d70c*=0x1, lpData="C:\\Program Files\\AGP Service\\agpsvc.exe", lpcbData=0x14d708*=0x50) returned 0x0 [0220.635] CoTaskMemFree (pv=0x1ae96710) [0220.719] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe", nBufferLength=0x105, lpBuffer=0x14d230, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service\\agpsvc.exe", lpFilePart=0x0) returned 0x27 [0220.726] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe.config", nBufferLength=0x105, lpBuffer=0x14d120, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service\\agpsvc.exe.config", lpFilePart=0x0) returned 0x2e [0220.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x14d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30 [0220.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x14d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45 [0220.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x14cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45 [0220.841] SetErrorMode (uMode=0x1) returned 0x0 [0220.841] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0220.842] GetFileType (hFile=0x2f4) returned 0x1 [0220.842] SetErrorMode (uMode=0x0) returned 0x1 [0220.842] GetFileType (hFile=0x2f4) returned 0x1 [0221.186] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14d3e8 | out: lpFileSizeHigh=0x14d3e8*=0x0) returned 0x65b3 [0221.187] ReadFile (in: hFile=0x2f4, lpBuffer=0x272ad68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d308, lpOverlapped=0x0 | out: lpBuffer=0x272ad68*, lpNumberOfBytesRead=0x14d308*=0x1000, lpOverlapped=0x0) returned 1 [0221.958] ReadFile (in: hFile=0x2f4, lpBuffer=0x272ad68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d248, lpOverlapped=0x0 | out: lpBuffer=0x272ad68*, lpNumberOfBytesRead=0x14d248*=0x1000, lpOverlapped=0x0) returned 1 [0222.004] ReadFile (in: hFile=0x2f4, lpBuffer=0x272ad68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d248, lpOverlapped=0x0 | out: lpBuffer=0x272ad68*, lpNumberOfBytesRead=0x14d248*=0x1000, lpOverlapped=0x0) returned 1 [0222.004] ReadFile (in: hFile=0x2f4, lpBuffer=0x272ad68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d248, lpOverlapped=0x0 | out: lpBuffer=0x272ad68*, lpNumberOfBytesRead=0x14d248*=0x1000, lpOverlapped=0x0) returned 1 [0222.004] ReadFile (in: hFile=0x2f4, lpBuffer=0x272ad68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d248, lpOverlapped=0x0 | out: lpBuffer=0x272ad68*, lpNumberOfBytesRead=0x14d248*=0x1000, lpOverlapped=0x0) returned 1 [0222.008] ReadFile (in: hFile=0x2f4, lpBuffer=0x272ad68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d248, lpOverlapped=0x0 | out: lpBuffer=0x272ad68*, lpNumberOfBytesRead=0x14d248*=0x1000, lpOverlapped=0x0) returned 1 [0222.008] ReadFile (in: hFile=0x2f4, lpBuffer=0x272ad68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d248, lpOverlapped=0x0 | out: lpBuffer=0x272ad68*, lpNumberOfBytesRead=0x14d248*=0x5b3, lpOverlapped=0x0) returned 1 [0222.009] ReadFile (in: hFile=0x2f4, lpBuffer=0x272ad68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d3b8, lpOverlapped=0x0 | out: lpBuffer=0x272ad68*, lpNumberOfBytesRead=0x14d3b8*=0x0, lpOverlapped=0x0) returned 1 [0222.013] CloseHandle (hObject=0x2f4) returned 1 [0222.016] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe.config", nBufferLength=0x105, lpBuffer=0x14d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service\\agpsvc.exe.config", lpFilePart=0x0) returned 0x2e [0222.016] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe.config", nBufferLength=0x105, lpBuffer=0x14cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service\\agpsvc.exe.config", lpFilePart=0x0) returned 0x2e [0222.016] SetErrorMode (uMode=0x1) returned 0x0 [0222.016] CreateFileW (lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe.config" (normalized: "c:\\program files\\agp service\\agpsvc.exe.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0222.121] SetErrorMode (uMode=0x0) returned 0x1 [0222.125] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe", nBufferLength=0x105, lpBuffer=0x14d300, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service\\agpsvc.exe", lpFilePart=0x0) returned 0x27 [0222.161] CoTaskMemAlloc (cb=0x39) returned 0x1aea3420 [0222.161] DeleteFileA (lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe:Zone.Identifier" (normalized: "c:\\program files\\agp service\\agpsvc.exe:zone.identifier")) returned 0 [0222.162] CoTaskMemFree (pv=0x1aea3420) [0222.261] GetSystemInfo (in: lpSystemInfo=0x14c840 | out: lpSystemInfo=0x14c840*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0222.371] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\catalog.dat", nBufferLength=0x105, lpBuffer=0x14d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\catalog.dat", lpFilePart=0x0) returned 0x56 [0222.371] SetErrorMode (uMode=0x1) returned 0x0 [0222.372] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\catalog.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\catalog.dat"), fInfoLevelId=0x0, lpFileInformation=0x14d3f0 | out: lpFileInformation=0x14d3f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1962fe2, ftCreationTime.dwHighDateTime=0x1d8a905, ftLastAccessTime.dwLowDateTime=0xf1962fe2, ftLastAccessTime.dwHighDateTime=0x1d8a905, ftLastWriteTime.dwLowDateTime=0xf1962fe2, ftLastWriteTime.dwHighDateTime=0x1d8a905, nFileSizeHigh=0x0, nFileSizeLow=0xa0)) returned 1 [0222.373] SetErrorMode (uMode=0x0) returned 0x1 [0222.373] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\catalog.dat", nBufferLength=0x105, lpBuffer=0x14cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\catalog.dat", lpFilePart=0x0) returned 0x56 [0222.373] SetErrorMode (uMode=0x1) returned 0x0 [0222.373] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\catalog.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\catalog.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x320 [0222.373] GetFileType (hFile=0x320) returned 0x1 [0222.373] SetErrorMode (uMode=0x0) returned 0x1 [0222.374] GetFileType (hFile=0x320) returned 0x1 [0222.374] GetFileSize (in: hFile=0x320, lpFileSizeHigh=0x14d568 | out: lpFileSizeHigh=0x14d568*=0x0) returned 0xa0 [0222.374] ReadFile (in: hFile=0x320, lpBuffer=0x27536b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d448, lpOverlapped=0x0 | out: lpBuffer=0x27536b8*, lpNumberOfBytesRead=0x14d448*=0xa0, lpOverlapped=0x0) returned 1 [0222.377] CloseHandle (hObject=0x320) returned 1 [0222.485] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\storage.dat", nBufferLength=0x105, lpBuffer=0x14d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\storage.dat", lpFilePart=0x0) returned 0x56 [0222.485] SetErrorMode (uMode=0x1) returned 0x0 [0222.486] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\storage.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\storage.dat"), fInfoLevelId=0x0, lpFileInformation=0x14d3d0 | out: lpFileInformation=0x14d3d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2c76133, ftCreationTime.dwHighDateTime=0x1d8a905, ftLastAccessTime.dwLowDateTime=0xf2c76133, ftLastAccessTime.dwHighDateTime=0x1d8a905, ftLastWriteTime.dwLowDateTime=0xf2cc248f, ftLastWriteTime.dwHighDateTime=0x1d8a905, nFileSizeHigh=0x0, nFileSizeLow=0x93418)) returned 1 [0222.486] SetErrorMode (uMode=0x0) returned 0x1 [0222.486] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\storage.dat", nBufferLength=0x105, lpBuffer=0x14cee0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\storage.dat", lpFilePart=0x0) returned 0x56 [0222.486] SetErrorMode (uMode=0x1) returned 0x0 [0222.486] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\storage.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\storage.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x320 [0222.486] GetFileType (hFile=0x320) returned 0x1 [0222.486] SetErrorMode (uMode=0x0) returned 0x1 [0222.487] GetFileType (hFile=0x320) returned 0x1 [0222.487] GetFileSize (in: hFile=0x320, lpFileSizeHigh=0x14d548 | out: lpFileSizeHigh=0x14d548*=0x0) returned 0x93418 [0222.489] ReadFile (in: hFile=0x320, lpBuffer=0x126b6ff8, nNumberOfBytesToRead=0x93418, lpNumberOfBytesRead=0x14d428, lpOverlapped=0x0 | out: lpBuffer=0x126b6ff8*, lpNumberOfBytesRead=0x14d428*=0x93418, lpOverlapped=0x0) returned 1 [0222.516] CloseHandle (hObject=0x320) returned 1 [0222.990] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4e00, lpName=0x0) returned 0x320 [0223.188] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin", nBufferLength=0x105, lpBuffer=0x14d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin", lpFilePart=0x0) returned 0x57 [0223.188] SetErrorMode (uMode=0x1) returned 0x0 [0223.188] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\settings.bin"), fInfoLevelId=0x0, lpFileInformation=0x14d5d0 | out: lpFileInformation=0x14d5d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6ad55b8, ftCreationTime.dwHighDateTime=0x1d8a905, ftLastAccessTime.dwLowDateTime=0xf6ad55b8, ftLastAccessTime.dwHighDateTime=0x1d8a905, ftLastWriteTime.dwLowDateTime=0xf6ad55b8, ftLastWriteTime.dwHighDateTime=0x1d8a905, nFileSizeHigh=0x0, nFileSizeLow=0x8)) returned 1 [0223.189] SetErrorMode (uMode=0x0) returned 0x1 [0223.189] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin", nBufferLength=0x105, lpBuffer=0x14d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin", lpFilePart=0x0) returned 0x57 [0223.189] SetErrorMode (uMode=0x1) returned 0x0 [0223.189] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\settings.bin"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x320 [0223.189] GetFileType (hFile=0x320) returned 0x1 [0223.189] SetErrorMode (uMode=0x0) returned 0x1 [0223.189] GetFileType (hFile=0x320) returned 0x1 [0223.189] GetFileSize (in: hFile=0x320, lpFileSizeHigh=0x14d748 | out: lpFileSizeHigh=0x14d748*=0x0) returned 0x8 [0223.190] ReadFile (in: hFile=0x320, lpBuffer=0x27c03a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d628, lpOverlapped=0x0 | out: lpBuffer=0x27c03a0*, lpNumberOfBytesRead=0x14d628*=0x8, lpOverlapped=0x0) returned 1 [0223.192] CloseHandle (hObject=0x320) returned 1 [0223.302] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x13200, lpName=0x0) returned 0x33c [0223.559] CoTaskMemAlloc (cb=0x204) returned 0x1ae83300 [0223.559] GetUserNameW (in: lpBuffer=0x1ae83300, pcbBuffer=0x14c9e8 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x14c9e8) returned 1 [0223.572] CoTaskMemFree (pv=0x1ae83300) [0223.630] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\Logs\\RDhJ0CNFevzX", nBufferLength=0x105, lpBuffer=0x14c600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\Logs\\RDhJ0CNFevzX", lpFilePart=0x0) returned 0x5c [0223.630] SetErrorMode (uMode=0x1) returned 0x0 [0223.630] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\Logs\\RDhJ0CNFevzX" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\logs\\rdhj0cnfevzx"), fInfoLevelId=0x0, lpFileInformation=0x14c720 | out: lpFileInformation=0x14c720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe864ff66, ftCreationTime.dwHighDateTime=0x1d8a905, ftLastAccessTime.dwLowDateTime=0xe864ff66, ftLastAccessTime.dwHighDateTime=0x1d8a905, ftLastWriteTime.dwLowDateTime=0xe864ff66, ftLastWriteTime.dwHighDateTime=0x1d8a905, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0223.633] SetErrorMode (uMode=0x0) returned 0x1 [0223.633] SetErrorMode (uMode=0x1) returned 0x0 [0223.633] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\Logs" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\logs"), fInfoLevelId=0x0, lpFileInformation=0x14c720 | out: lpFileInformation=0x14c720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe864ff66, ftCreationTime.dwHighDateTime=0x1d8a905, ftLastAccessTime.dwLowDateTime=0xe864ff66, ftLastAccessTime.dwHighDateTime=0x1d8a905, ftLastWriteTime.dwLowDateTime=0xe864ff66, ftLastWriteTime.dwHighDateTime=0x1d8a905, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0223.633] SetErrorMode (uMode=0x0) returned 0x1 [0223.633] SetErrorMode (uMode=0x1) returned 0x0 [0223.633] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778"), fInfoLevelId=0x0, lpFileInformation=0x14c720 | out: lpFileInformation=0x14c720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe5f456f1, ftCreationTime.dwHighDateTime=0x1d8a905, ftLastAccessTime.dwLowDateTime=0xe5f91b8d, ftLastAccessTime.dwHighDateTime=0x1d8a905, ftLastWriteTime.dwLowDateTime=0xe5f91b8d, ftLastWriteTime.dwHighDateTime=0x1d8a905, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0223.633] SetErrorMode (uMode=0x0) returned 0x1 [0223.633] SetErrorMode (uMode=0x1) returned 0x0 [0223.633] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming"), fInfoLevelId=0x0, lpFileInformation=0x14c720 | out: lpFileInformation=0x14c720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe5f456f1, ftLastAccessTime.dwHighDateTime=0x1d8a905, ftLastWriteTime.dwLowDateTime=0xe5f456f1, ftLastWriteTime.dwHighDateTime=0x1d8a905, nFileSizeHigh=0x0, nFileSizeLow=0x3000)) returned 1 [0223.634] SetErrorMode (uMode=0x0) returned 0x1 [0223.634] SetErrorMode (uMode=0x1) returned 0x0 [0223.634] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), fInfoLevelId=0x0, lpFileInformation=0x14c720 | out: lpFileInformation=0x14c720*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0223.634] SetErrorMode (uMode=0x0) returned 0x1 [0223.634] SetErrorMode (uMode=0x1) returned 0x0 [0223.634] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX" (normalized: "c:\\users\\rdhj0cnfevzx"), fInfoLevelId=0x0, lpFileInformation=0x14c720 | out: lpFileInformation=0x14c720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ce179de, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xb510ab5, ftLastAccessTime.dwHighDateTime=0x1d8a906, ftLastWriteTime.dwLowDateTime=0xb510ab5, ftLastWriteTime.dwHighDateTime=0x1d8a906, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0223.634] SetErrorMode (uMode=0x0) returned 0x1 [0223.634] SetErrorMode (uMode=0x1) returned 0x0 [0223.634] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x14c720 | out: lpFileInformation=0x14c720*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x3ce179de, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3ce179de, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0223.634] SetErrorMode (uMode=0x0) returned 0x1 [0223.717] SetErrorMode (uMode=0x1) returned 0x0 [0223.717] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe.config" (normalized: "c:\\program files\\agp service\\agpsvc.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x143650 | out: lpFileInformation=0x143650*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0223.717] SetErrorMode (uMode=0x0) returned 0x1 [0223.763] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3000, lpName=0x0) returned 0x2d4 [0224.072] GetWindowThreadProcessId (in: hWnd=0x5013e, lpdwProcessId=0x14c900 | out: lpdwProcessId=0x14c900) returned 0x860 [0224.072] GetCurrentThreadId () returned 0x860 [0224.081] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0224.081] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.378734a", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x301b4 [0224.085] SetWindowLongPtrW (hWnd=0x301b4, nIndex=-4, dwNewLong=0x7ffb8a544a40) returned 0x216079c [0224.085] GetWindowLongPtrW (hWnd=0x301b4, nIndex=-4) returned 0x7ffb8a544a40 [0224.086] SetWindowLongPtrW (hWnd=0x301b4, nIndex=-4, dwNewLong=0x216698c) returned 0x7ffb8a544a40 [0224.086] GetWindowLongPtrW (hWnd=0x301b4, nIndex=-4) returned 0x216698c [0224.086] GetWindowLongPtrW (hWnd=0x301b4, nIndex=-16) returned 0x4c00000 [0224.088] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x301b4, Msg=0x24, wParam=0x0, lParam=0x14bfc0) returned 0x0 [0224.088] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x301b4, Msg=0x81, wParam=0x0, lParam=0x14bf40) returned 0x1 [0224.090] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x301b4, Msg=0x83, wParam=0x0, lParam=0x14bfe0) returned 0x0 [0224.091] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x301b4, Msg=0x1, wParam=0x0, lParam=0x14bf40) returned 0x0 [0224.097] CoTaskMemAlloc (cb=0x10) returned 0x1ae996a0 [0224.097] RegisterRawInputDevices (pRawInputDevices=0x1ae996a0, uiNumDevices=0x1, cbSize=0x10) returned 1 [0224.098] CoTaskMemFree (pv=0x1ae996a0) [0224.124] SetClipboardViewer (hWndNewViewer=0x301b4) returned 0x0 [0224.175] SendMessageA (hWnd=0x0, Msg=0x308, wParam=0x0, lParam=0x0) returned 0x0 [0224.175] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x301b4, Msg=0x308, wParam=0x0, lParam=0x0) returned 0x0 [0224.190] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc200, lpName=0x0) returned 0x2d4 [0224.286] GetLastInputInfo (in: plii=0x14ca40 | out: plii=0x14ca40*(cbSize=0x8, dwTime=0x11c9b)) returned 1 [0224.288] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xc800, lpName=0x0) returned 0x2d4 [0224.321] CoTaskMemAlloc (cb=0xe) returned 0x1ae85f80 [0224.321] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x7ffb8a1b0000 [0224.321] CoTaskMemFree (pv=0x1ae85f80) [0224.327] CoTaskMemAlloc (cb=0x10) returned 0x1ae86060 [0224.327] GetProcAddress (hModule=0x7ffb8a1b0000, lpProcName="IsWow64Process") returned 0x7ffb8a1d4850 [0224.327] CoTaskMemFree (pv=0x1ae86060) [0224.333] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5a00, lpName=0x0) returned 0x2d4 [0224.341] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xe400, lpName=0x0) returned 0x2d4 [0224.362] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x9200, lpName=0x0) returned 0x36c [0224.371] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x28600, lpName=0x0) returned 0x36c [0224.539] SetProcessDPIAware () returned 1 [0224.541] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xe400, lpName=0x0) returned 0x36c [0224.734] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x89a00, lpName=0x0) returned 0x36c [0224.927] CoCreateGuid (in: pguid=0x14d8f0 | out: pguid=0x14d8f0*(Data1=0x9aa31bfc, Data2=0x1e8b, Data3=0x475e, Data4=([0]=0xa2, [1]=0xf4, [2]=0x5f, [3]=0x61, [4]=0xa7, [5]=0xac, [6]=0x63, [7]=0x74))) returned 0x0 [0225.027] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x14c778 | out: phkResult=0x14c778*=0x370) returned 0x0 [0225.027] RegQueryValueExW (in: hKey=0x370, lpValueName="InstallationType", lpReserved=0x0, lpType=0x14c6fc, lpData=0x0, lpcbData=0x14c6f8*=0x0 | out: lpType=0x14c6fc*=0x1, lpData=0x0, lpcbData=0x14c6f8*=0xe) returned 0x0 [0225.027] CoTaskMemAlloc (cb=0x12) returned 0x1aea0c30 [0225.027] RegQueryValueExW (in: hKey=0x370, lpValueName="InstallationType", lpReserved=0x0, lpType=0x14c6cc, lpData=0x1aea0c30, lpcbData=0x14c6c8*=0xe | out: lpType=0x14c6cc*=0x1, lpData="Client", lpcbData=0x14c6c8*=0xe) returned 0x0 [0225.027] CoTaskMemFree (pv=0x1aea0c30) [0225.028] RegCloseKey (hKey=0x370) returned 0x0 [0225.040] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 1 [0225.040] IsWindowUnicode (hWnd=0x301b4) returned 1 [0225.040] GetMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14ea90) returned 1 [0225.040] TranslateMessage (lpMsg=0x14eaa0) returned 0 [0225.040] DispatchMessageW (lpMsg=0x14eaa0) returned 0x0 [0225.040] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x301b4, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0 [0225.040] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 0 [0225.043] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 0 [0225.043] WaitMessage () returned 1 [0233.508] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 1 [0233.508] IsWindowUnicode (hWnd=0x5013e) returned 1 [0233.508] GetMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14ea90) returned 1 [0233.508] TranslateMessage (lpMsg=0x14eaa0) returned 0 [0233.508] DispatchMessageW (lpMsg=0x14eaa0) returned 0x0 [0233.516] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 0 [0233.516] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 0 [0233.516] WaitMessage () returned 1 [0233.943] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 1 [0233.943] IsWindowUnicode (hWnd=0x5013e) returned 1 [0233.943] GetMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14ea90) returned 1 [0233.943] TranslateMessage (lpMsg=0x14eaa0) returned 0 [0233.943] DispatchMessageW (lpMsg=0x14eaa0) returned 0x0 [0233.944] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 0 [0233.944] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 0 [0233.944] WaitMessage () returned 1 [0294.883] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 0 [0294.884] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x301b4, Msg=0x1a, wParam=0x0, lParam=0x14e8f8) returned 0x0 [0294.885] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 0 [0294.885] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x3018c, Msg=0x1a, wParam=0x0, lParam=0x14e8f8) returned 0x0 [0294.885] WaitMessage () returned 1 [0294.885] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 1 [0294.888] lstrlenW (lpString="devices") returned 7 [0294.890] CoTaskMemAlloc (cb=0x12) returned 0x1af5b5c0 [0294.890] lstrcpyW (in: lpString1=0x1af5b5c0, lpString2="devices" | out: lpString1="devices") returned="devices" [0294.890] CoTaskMemFree (pv=0x1af5b5c0) [0294.891] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x1af5b680 [0294.892] RtlMoveMemory (in: Destination=0x1af5b680, Source=0x293f700, Length=0x10 | out: Destination=0x1af5b680) [0294.894] PostMessageW (hWnd=0x40032, Msg=0x201a, wParam=0x0, lParam=0x1af5b680) returned 1 [0294.895] NtdllDefWindowProc_W (hWnd=0x40032, Msg=0x1a, wParam=0x0, lParam=0x14e8f8) returned 0x0 [0294.901] IsWindowUnicode (hWnd=0x40032) returned 1 [0294.901] GetMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x14ea90) returned 1 [0294.901] TranslateMessage (lpMsg=0x14eaa0) returned 0 [0294.901] DispatchMessageW (lpMsg=0x14eaa0) returned 0x0 [0294.902] lstrlenW (lpString="devices") returned 7 [0294.902] CoTaskMemAlloc (cb=0x12) returned 0x1af5b640 [0294.902] lstrcpyW (in: lpString1=0x1af5b640, lpString2="devices" | out: lpString1="devices") returned="devices" [0294.902] CoTaskMemFree (pv=0x1af5b640) [0294.902] lstrlenW (lpString="devices") returned 7 [0294.902] CoTaskMemAlloc (cb=0x12) returned 0x1af5b4e0 [0294.902] lstrcpyW (in: lpString1=0x1af5b4e0, lpString2="devices" | out: lpString1="devices") returned="devices" [0294.902] CoTaskMemFree (pv=0x1af5b4e0) [0294.902] lstrlenW (lpString="devices") returned 7 [0294.902] CoTaskMemAlloc (cb=0x12) returned 0x1af5b140 [0294.902] lstrcpyW (in: lpString1=0x1af5b140, lpString2="devices" | out: lpString1="devices") returned="devices" [0294.902] CoTaskMemFree (pv=0x1af5b140) [0294.903] lstrlenW (lpString="devices") returned 7 [0294.903] CoTaskMemAlloc (cb=0x12) returned 0x1af5b640 [0294.903] lstrcpyW (in: lpString1=0x1af5b640, lpString2="devices" | out: lpString1="devices") returned="devices" [0294.903] CoTaskMemFree (pv=0x1af5b640) [0294.930] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe", nBufferLength=0x105, lpBuffer=0x14dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service\\agpsvc.exe", lpFilePart=0x0) returned 0x27 [0294.930] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe", nBufferLength=0x105, lpBuffer=0x14dc10, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service\\agpsvc.exe", lpFilePart=0x0) returned 0x27 [0294.930] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe", nBufferLength=0x105, lpBuffer=0x14dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service\\agpsvc.exe", lpFilePart=0x0) returned 0x27 [0294.931] SetErrorMode (uMode=0x1) returned 0x0 [0294.931] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe" (normalized: "c:\\program files\\agp service\\agpsvc.exe"), fInfoLevelId=0x0, lpFileInformation=0x14ded0 | out: lpFileInformation=0x14ded0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe628fc23, ftCreationTime.dwHighDateTime=0x1d8a905, ftLastAccessTime.dwLowDateTime=0xe628fc23, ftLastAccessTime.dwHighDateTime=0x1d8a905, ftLastWriteTime.dwLowDateTime=0xb5013b00, ftLastWriteTime.dwHighDateTime=0x1d8a8ea, nFileSizeHigh=0x0, nFileSizeLow=0x2d600)) returned 1 [0294.932] SetErrorMode (uMode=0x0) returned 0x1 [0294.934] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Program Files\\AGP Service\\agpsvc.exe", lpdwHandle=0x14e140 | out: lpdwHandle=0x14e140) returned 0x0 [0294.962] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\ClientLoaderForm\\ClientLoaderForm\\1.0.0.0", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e1e8 | out: phkResult=0x14e1e8*=0x0) returned 0x2 [0295.059] GetWindowThreadProcessId (in: hWnd=0x5013c, lpdwProcessId=0x14e0b0 | out: lpdwProcessId=0x14e0b0) returned 0x860 [0295.059] GetCurrentThreadId () returned 0x860 [0295.113] LocalFree (hMem=0x1af5b680) returned 0x0 [0295.113] NtdllDefWindowProc_W (hWnd=0x40032, Msg=0x201a, wParam=0x0, lParam=0x1af5b680) returned 0x0 [0295.113] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 0 [0295.113] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 0 [0295.123] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x1a, wParam=0x0, lParam=0x14e8f8) returned 0x0 [0295.167] SystemParametersInfoW (in: uiAction=0x26, uiParam=0x0, pvParam=0x14e3d0, fWinIni=0x0 | out: pvParam=0x14e3d0) returned 1 [0295.173] WaitMessage () returned 1 [0295.207] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 0 [0295.207] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x301b4, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0295.207] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 0 [0295.207] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x3018c, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0295.208] WaitMessage () returned 1 [0295.208] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 0 [0295.208] NtdllDefWindowProc_W (hWnd=0x40032, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0295.212] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 0 [0295.212] WaitMessage () returned 1 [0295.228] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 0 [0295.228] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 0 [0295.232] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0295.237] WaitMessage () returned 1 [0295.498] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 0 [0295.498] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x301b4, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0295.499] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 0 [0295.499] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x3018c, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0295.499] WaitMessage () returned 1 [0295.499] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 0 [0295.499] NtdllDefWindowProc_W (hWnd=0x40032, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0295.505] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 0 [0295.505] WaitMessage () returned 1 [0295.519] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 0 [0295.521] PeekMessageW (in: lpMsg=0x14ea90, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x14ea90) returned 0 [0295.521] CallWindowProcW (lpPrevWndFunc=0x7ffb8a544a40, hWnd=0x5013e, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0295.523] WaitMessage () Thread: id = 12 os_tid = 0x748 Thread: id = 13 os_tid = 0x8c8 Thread: id = 14 os_tid = 0x868 [0210.061] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0223.666] CloseHandle (hObject=0x2d0) returned 1 [0223.667] RegCloseKey (hKey=0x2cc) returned 0x0 [0223.668] RegCloseKey (hKey=0x2d4) returned 0x0 [0223.669] LocalFree (hMem=0x5ee2e0) returned 0x0 [0223.669] LocalFree (hMem=0x5ee160) returned 0x0 [0228.394] CloseHandle (hObject=0x3c0) returned 1 [0228.394] CloseHandle (hObject=0x39c) returned 1 [0228.394] CloseHandle (hObject=0x3bc) returned 1 [0228.395] CloseHandle (hObject=0x3b8) returned 1 [0228.395] CloseHandle (hObject=0x394) returned 1 [0228.398] CloseHandle (hObject=0x3b4) returned 1 [0229.764] CloseHandle (hObject=0x3dc) returned 1 [0229.764] CloseHandle (hObject=0x3d8) returned 1 [0229.765] CloseHandle (hObject=0x3b4) returned 1 [0229.765] CloseHandle (hObject=0x394) returned 1 [0240.580] CoGetContextToken (in: pToken=0x1ae5f710 | out: pToken=0x1ae5f710) returned 0x0 [0240.580] CoGetContextToken (in: pToken=0x1ae5f630 | out: pToken=0x1ae5f630) returned 0x0 [0240.580] WbemLocator:IUnknown:Release (This=0x1ae73d70) returned 0x0 [0240.580] CoGetContextToken (in: pToken=0x1ae5f630 | out: pToken=0x1ae5f630) returned 0x0 [0240.580] WbemLocator:IUnknown:Release (This=0x1aeb7fb0) returned 0x0 [0240.581] CoGetContextToken (in: pToken=0x1ae5f630 | out: pToken=0x1ae5f630) returned 0x0 [0240.581] IUnknown:Release (This=0x1af56cb0) returned 0x1 [0240.581] CoGetContextToken (in: pToken=0x1ae5f630 | out: pToken=0x1ae5f630) returned 0x0 [0240.581] IUnknown:Release (This=0x1af5a2e0) returned 0x1 [0240.581] CoGetContextToken (in: pToken=0x1ae5f630 | out: pToken=0x1ae5f630) returned 0x0 [0240.581] WbemLocator:IUnknown:Release (This=0x1af5b600) returned 0x0 [0240.643] IUnknown:Release (This=0x1af5a2e0) returned 0x0 [0240.672] CoGetContextToken (in: pToken=0x1ae5f540 | out: pToken=0x1ae5f540) returned 0x0 [0240.672] WbemLocator:IUnknown:Release (This=0x1ae934d8) returned 0x1 [0240.672] IUnknown:Release (This=0x1ae83650) returned 0x0 [0240.675] CloseHandle (hObject=0x470) returned 1 [0241.025] CoGetContextToken (in: pToken=0x1ae5f710 | out: pToken=0x1ae5f710) returned 0x0 [0241.025] CoGetContextToken (in: pToken=0x1ae5f630 | out: pToken=0x1ae5f630) returned 0x0 [0241.025] WbemDefPath:IUnknown:Release (This=0x1ae72030) returned 0x1 [0241.026] WbemDefPath:IUnknown:Release (This=0x1ae72030) returned 0x0 [0241.026] CoGetContextToken (in: pToken=0x1ae5f630 | out: pToken=0x1ae5f630) returned 0x0 [0241.026] WbemLocator:IUnknown:Release (This=0x1ae93198) returned 0x1 [0241.026] WbemLocator:IUnknown:Release (This=0x1c086800) returned 0x0 [0241.027] IUnknown:Release (This=0x1af56cb0) returned 0x0 [0241.028] CoGetContextToken (in: pToken=0x1ae5f540 | out: pToken=0x1ae5f540) returned 0x0 [0241.028] WbemLocator:IUnknown:Release (This=0x1c089da8) returned 0x1 [0241.028] IUnknown:Release (This=0x1af27750) returned 0x0 [0241.030] CoGetContextToken (in: pToken=0x1ae5f540 | out: pToken=0x1ae5f540) returned 0x0 [0241.030] WbemLocator:IUnknown:Release (This=0x1ae92978) returned 0x1 [0241.030] IUnknown:Release (This=0x5f9210) returned 0x0 [0241.032] CloseHandle (hObject=0x4bc) returned 1 [0241.032] CloseHandle (hObject=0x51c) returned 1 [0243.116] CoGetContextToken (in: pToken=0x1ae5f710 | out: pToken=0x1ae5f710) returned 0x0 [0243.116] CoGetContextToken (in: pToken=0x1ae5f630 | out: pToken=0x1ae5f630) returned 0x0 [0243.116] WbemDefPath:IUnknown:Release (This=0x1ae729f0) returned 0x1 [0243.116] WbemDefPath:IUnknown:Release (This=0x1ae729f0) returned 0x0 [0243.116] CoGetContextToken (in: pToken=0x1ae5f630 | out: pToken=0x1ae5f630) returned 0x0 [0243.116] WbemLocator:IUnknown:Release (This=0x1ae92b18) returned 0x1 [0243.116] WbemLocator:IUnknown:Release (This=0x1c0854e0) returned 0x0 [0243.119] CoGetContextToken (in: pToken=0x1ae5f630 | out: pToken=0x1ae5f630) returned 0x0 [0243.119] WbemDefPath:IUnknown:Release (This=0x1ae72ab0) returned 0x1 [0243.119] WbemDefPath:IUnknown:Release (This=0x1ae72ab0) returned 0x0 [0243.119] CoGetContextToken (in: pToken=0x1ae5f630 | out: pToken=0x1ae5f630) returned 0x0 [0243.119] WbemLocator:IUnknown:Release (This=0x1c089c08) returned 0x1 [0243.119] WbemLocator:IUnknown:Release (This=0x1c084fd0) returned 0x0 Thread: id = 15 os_tid = 0x804 [0222.314] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0242.508] SetThreadExecutionState (esFlags=0xffffffff80000001) returned 0x80000000 [0262.532] SetThreadExecutionState (esFlags=0xffffffff80000001) returned 0x80000001 [0282.538] SetThreadExecutionState (esFlags=0xffffffff80000001) returned 0x80000001 [0302.546] SetThreadExecutionState (esFlags=0xffffffff80000001) returned 0x80000001 Thread: id = 16 os_tid = 0x81c [0223.205] CoGetContextToken (in: pToken=0x1bbafc10 | out: pToken=0x1bbafc10) returned 0x0 [0223.205] CObjectContext::QueryInterface () returned 0x0 [0223.205] CObjectContext::GetCurrentThreadType () returned 0x0 [0223.205] Release () returned 0x0 [0223.205] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 17 os_tid = 0x808 Thread: id = 18 os_tid = 0x788 [0224.392] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0224.903] GetForegroundWindow () returned 0x10080 [0224.977] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0224.994] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x1be8e4f0 | out: lpLuid=0x1be8e4f0*(LowPart=0x14, HighPart=0)) returned 1 [0225.048] GetCurrentProcess () returned 0xffffffffffffffff [0225.049] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x1be8e510 | out: TokenHandle=0x1be8e510*=0x394) returned 1 [0225.050] AdjustTokenPrivileges (in: TokenHandle=0x394, DisableAllPrivileges=0, NewState=0x27ced38*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0225.054] CloseHandle (hObject=0x394) returned 1 [0225.067] EnumProcesses (in: lpidProcess=0x27cfc20, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27cfc20, lpcbNeeded=0x1be8f460) returned 1 [0225.081] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a30, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12700a30, ResultLength=0x1be8f400*=0xfc88) returned 0x0 [0225.118] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0225.210] CoTaskMemAlloc (cb=0x204) returned 0x1ae78c70 [0225.210] GetWindowTextW (in: hWnd=0x10080, lpString=0x1ae78c70, nMaxCount=256 | out: lpString="") returned 0 [0225.210] CoTaskMemFree (pv=0x1ae78c70) [0226.298] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe.config", nBufferLength=0x105, lpBuffer=0x1be8ebb0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service\\agpsvc.exe.config", lpFilePart=0x0) returned 0x2e [0226.299] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe", nBufferLength=0x105, lpBuffer=0x1be8eb60, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service\\agpsvc.exe", lpFilePart=0x0) returned 0x27 [0226.731] GetCurrentProcess () returned 0xffffffffffffffff [0226.731] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1be8ec78 | out: TokenHandle=0x1be8ec78*=0x394) returned 1 [0226.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x1be8e8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30 [0226.827] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1be8ed20 | out: lpFileInformation=0x1be8ed20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe007f322, ftCreationTime.dwHighDateTime=0x1d705cc, ftLastAccessTime.dwLowDateTime=0xdda88158, ftLastAccessTime.dwHighDateTime=0x1d705cc, ftLastWriteTime.dwLowDateTime=0xe842278f, ftLastWriteTime.dwHighDateTime=0x1d705cc, nFileSizeHigh=0x0, nFileSizeLow=0x65b3)) returned 1 [0226.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1be8e870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45 [0226.857] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1be8ecd0 | out: lpFileInformation=0x1be8ecd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe007f322, ftCreationTime.dwHighDateTime=0x1d705cc, ftLastAccessTime.dwLowDateTime=0xdda88158, ftLastAccessTime.dwHighDateTime=0x1d705cc, ftLastWriteTime.dwLowDateTime=0xe842278f, ftLastWriteTime.dwHighDateTime=0x1d705cc, nFileSizeHigh=0x0, nFileSizeLow=0x65b3)) returned 1 [0226.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1be8e6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45 [0226.857] SetErrorMode (uMode=0x1) returned 0x0 [0226.857] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x39c [0226.858] GetFileType (hFile=0x39c) returned 0x1 [0226.858] SetErrorMode (uMode=0x0) returned 0x1 [0226.858] GetFileType (hFile=0x39c) returned 0x1 [0226.869] GetFileSize (in: hFile=0x39c, lpFileSizeHigh=0x1be8ecc8 | out: lpFileSizeHigh=0x1be8ecc8*=0x0) returned 0x65b3 [0226.870] ReadFile (in: hFile=0x39c, lpBuffer=0x27f1770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1be8ebe8, lpOverlapped=0x0 | out: lpBuffer=0x27f1770*, lpNumberOfBytesRead=0x1be8ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0227.185] ReadFile (in: hFile=0x39c, lpBuffer=0x27f1770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1be8e8c8, lpOverlapped=0x0 | out: lpBuffer=0x27f1770*, lpNumberOfBytesRead=0x1be8e8c8*=0x1000, lpOverlapped=0x0) returned 1 [0227.191] ReadFile (in: hFile=0x39c, lpBuffer=0x27f1770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1be8e718, lpOverlapped=0x0 | out: lpBuffer=0x27f1770*, lpNumberOfBytesRead=0x1be8e718*=0x1000, lpOverlapped=0x0) returned 1 [0227.191] ReadFile (in: hFile=0x39c, lpBuffer=0x27f1770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1be8e718, lpOverlapped=0x0 | out: lpBuffer=0x27f1770*, lpNumberOfBytesRead=0x1be8e718*=0x1000, lpOverlapped=0x0) returned 1 [0227.192] ReadFile (in: hFile=0x39c, lpBuffer=0x27f1770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1be8e718, lpOverlapped=0x0 | out: lpBuffer=0x27f1770*, lpNumberOfBytesRead=0x1be8e718*=0x1000, lpOverlapped=0x0) returned 1 [0227.795] ReadFile (in: hFile=0x39c, lpBuffer=0x27f1770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1be8e868, lpOverlapped=0x0 | out: lpBuffer=0x27f1770*, lpNumberOfBytesRead=0x1be8e868*=0x1000, lpOverlapped=0x0) returned 1 [0227.796] ReadFile (in: hFile=0x39c, lpBuffer=0x27f1770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1be8e688, lpOverlapped=0x0 | out: lpBuffer=0x27f1770*, lpNumberOfBytesRead=0x1be8e688*=0x5b3, lpOverlapped=0x0) returned 1 [0227.796] ReadFile (in: hFile=0x39c, lpBuffer=0x27f1770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1be8e838, lpOverlapped=0x0 | out: lpBuffer=0x27f1770*, lpNumberOfBytesRead=0x1be8e838*=0x0, lpOverlapped=0x0) returned 1 [0227.799] CloseHandle (hObject=0x39c) returned 1 [0227.813] GetCurrentProcess () returned 0xffffffffffffffff [0227.813] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1be8eec8 | out: TokenHandle=0x1be8eec8*=0x39c) returned 1 [0227.831] GetCurrentProcess () returned 0xffffffffffffffff [0227.832] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1be8eec8 | out: TokenHandle=0x1be8eec8*=0x3b4) returned 1 [0227.885] GetCurrentProcess () returned 0xffffffffffffffff [0227.885] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1be8ec78 | out: TokenHandle=0x1be8ec78*=0x3b8) returned 1 [0227.886] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe.config" (normalized: "c:\\program files\\agp service\\agpsvc.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x1be8ed20 | out: lpFileInformation=0x1be8ed20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0227.887] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe.config", nBufferLength=0x105, lpBuffer=0x1be8e870, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service\\agpsvc.exe.config", lpFilePart=0x0) returned 0x2e [0227.889] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe.config" (normalized: "c:\\program files\\agp service\\agpsvc.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x1be8ecd0 | out: lpFileInformation=0x1be8ecd0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0227.890] GetCurrentProcess () returned 0xffffffffffffffff [0227.890] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1be8eec8 | out: TokenHandle=0x1be8eec8*=0x3bc) returned 1 [0227.894] GetCurrentProcess () returned 0xffffffffffffffff [0227.894] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1be8eec8 | out: TokenHandle=0x1be8eec8*=0x3c0) returned 1 [0228.688] GetCurrentProcess () returned 0xffffffffffffffff [0228.688] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1be8ebc8 | out: TokenHandle=0x1be8ebc8*=0x3b4) returned 1 [0229.273] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1be8ebc8 | out: TokenHandle=0x1be8ebc8*=0x394) returned 1 [0229.311] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x1be8f348 | out: lpWSAData=0x1be8f348) returned 0 [0229.325] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3d8 [0229.364] setsockopt (s=0x3d8, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0229.364] closesocket (s=0x3d8) returned 0 [0229.365] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3d8 [0229.366] setsockopt (s=0x3d8, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0229.366] closesocket (s=0x3d8) returned 0 [0229.377] GetCurrentProcess () returned 0xffffffffffffffff [0229.378] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1be8ec58 | out: TokenHandle=0x1be8ec58*=0x3d8) returned 1 [0229.391] GetCurrentProcess () returned 0xffffffffffffffff [0229.391] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1be8ec58 | out: TokenHandle=0x1be8ec58*=0x3dc) returned 1 [0229.504] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe", nBufferLength=0x105, lpBuffer=0x1be8eb80, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service\\agpsvc.exe", lpFilePart=0x0) returned 0x27 [0229.521] GetCurrentProcessId () returned 0x8cc [0229.528] CoTaskMemAlloc (cb=0x204) returned 0x1aec7280 [0229.529] GetComputerNameW (in: lpBuffer=0x1aec7280, nSize=0x287f140 | out: lpBuffer="XC64ZB", nSize=0x287f140) returned 1 [0229.529] CoTaskMemFree (pv=0x1aec7280) [0229.531] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1be8f0a8 | out: phkResult=0x1be8f0a8*=0x3e0) returned 0x0 [0229.532] RegQueryValueExW (in: hKey=0x3e0, lpValueName="Library", lpReserved=0x0, lpType=0x1be8f00c, lpData=0x0, lpcbData=0x1be8f008*=0x0 | out: lpType=0x1be8f00c*=0x2, lpData=0x0, lpcbData=0x1be8f008*=0x48) returned 0x0 [0229.532] CoTaskMemAlloc (cb=0x4c) returned 0x1ae96650 [0229.532] RegQueryValueExW (in: hKey=0x3e0, lpValueName="Library", lpReserved=0x0, lpType=0x1be8efdc, lpData=0x1ae96650, lpcbData=0x1be8efd8*=0x48 | out: lpType=0x1be8efdc*=0x2, lpData="%systemroot%\\system32\\netfxperf.dll", lpcbData=0x1be8efd8*=0x48) returned 0x0 [0229.532] CoTaskMemFree (pv=0x1ae96650) [0229.532] RegQueryValueExW (in: hKey=0x3e0, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1be8f02c, lpData=0x0, lpcbData=0x1be8f028*=0x0 | out: lpType=0x1be8f02c*=0x4, lpData=0x0, lpcbData=0x1be8f028*=0x4) returned 0x0 [0229.532] RegQueryValueExW (in: hKey=0x3e0, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1be8f030, lpData=0x1be8f02c, lpcbData=0x1be8f028*=0x4 | out: lpType=0x1be8f030*=0x4, lpData=0x1be8f02c*=0x1, lpcbData=0x1be8f028*=0x4) returned 0x0 [0229.533] RegQueryValueExW (in: hKey=0x3e0, lpValueName="First Counter", lpReserved=0x0, lpType=0x1be8f02c, lpData=0x0, lpcbData=0x1be8f028*=0x0 | out: lpType=0x1be8f02c*=0x4, lpData=0x0, lpcbData=0x1be8f028*=0x4) returned 0x0 [0229.533] RegQueryValueExW (in: hKey=0x3e0, lpValueName="First Counter", lpReserved=0x0, lpType=0x1be8f030, lpData=0x1be8f02c, lpcbData=0x1be8f028*=0x4 | out: lpType=0x1be8f030*=0x4, lpData=0x1be8f02c*=0x1770, lpcbData=0x1be8f028*=0x4) returned 0x0 [0229.533] RegCloseKey (hKey=0x3e0) returned 0x0 [0229.535] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1be8f068 | out: phkResult=0x1be8f068*=0x3e0) returned 0x0 [0229.535] RegQueryValueExW (in: hKey=0x3e0, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1be8efec, lpData=0x0, lpcbData=0x1be8efe8*=0x0 | out: lpType=0x1be8efec*=0x4, lpData=0x0, lpcbData=0x1be8efe8*=0x4) returned 0x0 [0229.535] RegQueryValueExW (in: hKey=0x3e0, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1be8eff0, lpData=0x1be8efec, lpcbData=0x1be8efe8*=0x4 | out: lpType=0x1be8eff0*=0x4, lpData=0x1be8efec*=0x3, lpcbData=0x1be8efe8*=0x4) returned 0x0 [0229.535] RegQueryValueExW (in: hKey=0x3e0, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1be8efec, lpData=0x0, lpcbData=0x1be8efe8*=0x0 | out: lpType=0x1be8efec*=0x4, lpData=0x0, lpcbData=0x1be8efe8*=0x4) returned 0x0 [0229.535] RegQueryValueExW (in: hKey=0x3e0, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1be8eff0, lpData=0x1be8efec, lpcbData=0x1be8efe8*=0x4 | out: lpType=0x1be8eff0*=0x4, lpData=0x1be8efec*=0x20000, lpcbData=0x1be8efe8*=0x4) returned 0x0 [0229.535] RegQueryValueExW (in: hKey=0x3e0, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1be8efec, lpData=0x0, lpcbData=0x1be8efe8*=0x0 | out: lpType=0x1be8efec*=0x3, lpData=0x0, lpcbData=0x1be8efe8*=0xaa) returned 0x0 [0229.535] RegQueryValueExW (in: hKey=0x3e0, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1be8efec, lpData=0x28823a8, lpcbData=0x1be8efe8*=0xaa | out: lpType=0x1be8efec*=0x3, lpData=0x28823a8*, lpcbData=0x1be8efe8*=0xaa) returned 0x0 [0229.540] ConvertStringSecurityDescriptorToSecurityDescriptorW (in: StringSecurityDescriptor="D:(A;OICI;FRFWGRGW;;;AU)(A;OICI;FRFWGRGW;;;S-1-5-33)", StringSDRevision=0x1, SecurityDescriptor=0x1be8f000, SecurityDescriptorSize=0x0 | out: SecurityDescriptor=0x1be8f000*=0x0*(Revision=0x1, Sbz1=0x0, Control=0x8004, Owner=0x0*(Revision=0x0, SubAuthorityCount=0x0, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x14), Group=0x30000200000014*(Revision=0x14, SubAuthorityCount=0x0, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x2, [3]=0x0, [4]=0x30, [5]=0x0), SubAuthority=0x2), Sacl=0x14030000000002*(AclRevision=0x2, Sbz1=0x0, AclSize=0x0, AceCount=0x300, Sbz2=0x14), Dacl=0x101c012019f*(AclRevision=0x9f, Sbz1=0x1, AclSize=0xc012, AceCount=0x101, Sbz2=0x0)), SecurityDescriptorSize=0x0) returned 1 [0229.546] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x1be8efa0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x3e4 [0229.548] MapViewOfFile (hFileMappingObject=0x3e4, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x1be90000 [0229.550] VirtualQuery (in: lpAddress=0x1be90000, lpBuffer=0x1be8ef98, dwLength=0x30 | out: lpBuffer=0x1be8ef98*(BaseAddress=0x1be90000, AllocationBase=0x1be90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000, __alignment2=0x0)) returned 0x30 [0229.550] RegCloseKey (hKey=0x3e0) returned 0x0 [0229.551] GetVersionExW (in: lpVersionInformation=0x1be8df70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1be8df70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0229.551] GetVersionExW (in: lpVersionInformation=0x1be8df40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1be8df40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0229.551] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2882ef8, cbSid=0x1be8ef80 | out: pSid=0x2882ef8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1be8ef80) returned 1 [0229.552] CreateMutexW (lpMutexAttributes=0x2883100, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3e0 [0229.555] WaitForSingleObject (hHandle=0x3e0, dwMilliseconds=0x1f4) returned 0x0 [0229.555] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2883418, cbSid=0x1be8eee0 | out: pSid=0x2883418*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1be8eee0) returned 1 [0229.555] CreateMutexW (lpMutexAttributes=0x28835d0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0 [0229.557] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3e8 [0229.557] WaitForSingleObject (hHandle=0x3e8, dwMilliseconds=0x1f4) returned 0x0 [0229.558] ReleaseMutex (hMutex=0x3e8) returned 1 [0229.559] CloseHandle (hObject=0x3e8) returned 1 [0229.559] GetCurrentProcessId () returned 0x8cc [0229.563] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8cc) returned 0x0 [0229.565] ReleaseMutex (hMutex=0x3e0) returned 1 [0229.565] CloseHandle (hObject=0x3e0) returned 1 [0229.565] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x28842a8, cbSid=0x1be8ef80 | out: pSid=0x28842a8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1be8ef80) returned 1 [0229.565] CreateMutexW (lpMutexAttributes=0x2884460, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3e0 [0229.565] WaitForSingleObject (hHandle=0x3e0, dwMilliseconds=0x1f4) returned 0x0 [0229.567] ReleaseMutex (hMutex=0x3e0) returned 1 [0229.567] CloseHandle (hObject=0x3e0) returned 1 [0229.567] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2884f30, cbSid=0x1be8ef80 | out: pSid=0x2884f30*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1be8ef80) returned 1 [0229.568] CreateMutexW (lpMutexAttributes=0x28850e8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3e0 [0229.568] WaitForSingleObject (hHandle=0x3e0, dwMilliseconds=0x1f4) returned 0x0 [0229.569] ReleaseMutex (hMutex=0x3e0) returned 1 [0229.569] CloseHandle (hObject=0x3e0) returned 1 [0229.569] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2885bb0, cbSid=0x1be8ef80 | out: pSid=0x2885bb0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1be8ef80) returned 1 [0229.570] CreateMutexW (lpMutexAttributes=0x2885d68, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3e0 [0229.570] WaitForSingleObject (hHandle=0x3e0, dwMilliseconds=0x1f4) returned 0x0 [0229.571] ReleaseMutex (hMutex=0x3e0) returned 1 [0229.571] CloseHandle (hObject=0x3e0) returned 1 [0229.571] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2886828, cbSid=0x1be8ef80 | out: pSid=0x2886828*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1be8ef80) returned 1 [0229.571] CreateMutexW (lpMutexAttributes=0x28869e0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3e0 [0229.571] WaitForSingleObject (hHandle=0x3e0, dwMilliseconds=0x1f4) returned 0x0 [0229.572] ReleaseMutex (hMutex=0x3e0) returned 1 [0229.572] CloseHandle (hObject=0x3e0) returned 1 [0229.575] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2887498, cbSid=0x1be8ef30 | out: pSid=0x2887498*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1be8ef30) returned 1 [0229.575] CreateMutexW (lpMutexAttributes=0x2887650, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3e0 [0229.575] WaitForSingleObject (hHandle=0x3e0, dwMilliseconds=0x1f4) returned 0x0 [0229.576] ReleaseMutex (hMutex=0x3e0) returned 1 [0229.576] CloseHandle (hObject=0x3e0) returned 1 [0229.577] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2888120, cbSid=0x1be8ef30 | out: pSid=0x2888120*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1be8ef30) returned 1 [0229.577] CreateMutexW (lpMutexAttributes=0x28882d8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3e0 [0229.577] WaitForSingleObject (hHandle=0x3e0, dwMilliseconds=0x1f4) returned 0x0 [0229.578] ReleaseMutex (hMutex=0x3e0) returned 1 [0229.578] CloseHandle (hObject=0x3e0) returned 1 [0229.578] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2888d78, cbSid=0x1be8ef30 | out: pSid=0x2888d78*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1be8ef30) returned 1 [0229.578] CreateMutexW (lpMutexAttributes=0x2888f30, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3e0 [0229.579] WaitForSingleObject (hHandle=0x3e0, dwMilliseconds=0x1f4) returned 0x0 [0229.579] ReleaseMutex (hMutex=0x3e0) returned 1 [0229.579] CloseHandle (hObject=0x3e0) returned 1 [0229.580] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x28899e0, cbSid=0x1be8ef30 | out: pSid=0x28899e0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1be8ef30) returned 1 [0229.580] CreateMutexW (lpMutexAttributes=0x2889b98, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3e0 [0229.580] WaitForSingleObject (hHandle=0x3e0, dwMilliseconds=0x1f4) returned 0x0 [0229.581] ReleaseMutex (hMutex=0x3e0) returned 1 [0229.581] CloseHandle (hObject=0x3e0) returned 1 [0229.581] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x288a640, cbSid=0x1be8ef30 | out: pSid=0x288a640*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1be8ef30) returned 1 [0229.581] CreateMutexW (lpMutexAttributes=0x288a7f8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3e0 [0229.581] WaitForSingleObject (hHandle=0x3e0, dwMilliseconds=0x1f4) returned 0x0 [0229.582] ReleaseMutex (hMutex=0x3e0) returned 1 [0229.582] CloseHandle (hObject=0x3e0) returned 1 [0229.586] CoTaskMemAlloc (cb=0x22) returned 0x1ae6f5e0 [0229.587] getaddrinfo (in: pNodeName="trustedvpnconnection.anondns.net", pServiceName=0x0, pHints=0x1be8f420*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x1be8f418 | out: ppResult=0x1be8f418*=0x1ae8d130*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="trustedvpnconnection.anondns.net", ai_addr=0x1ae736f0*(sa_family=2, sin_port=0x0, sin_addr="107.150.23.184"), ai_next=0x0)) returned 0 [0229.684] CoTaskMemFree (pv=0x1ae6f5e0) [0229.684] CoTaskMemFree (pv=0x0) [0229.686] FreeAddrInfoW (pAddrInfo=0x1ae8d130*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="牴獵整癤湰潣湮捥楴湯愮潮摮獮渮瑥", ai_addr=0x1ae736f0*(sa_family=2, sin_port=0x0, sin_addr="107.150.23.184"), ai_next=0x0)) [0229.732] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x410 [0229.780] setsockopt (s=0x410, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0229.869] bind (s=0x410, addr=0x27e09a0*(sa_family=2, sin_port=0x0, sin_addr="0.0.0.0"), namelen=16) returned 0 [0229.876] WSAIoctl (in: s=0x410, dwIoControlCode=0xc8000006, lpvInBuffer=0x1be8f378, cbInBuffer=0x10, lpvOutBuffer=0x1be8f370, cbOutBuffer=0x8, lpcbBytesReturned=0x1be8f368, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x1be8f370, lpcbBytesReturned=0x1be8f368, lpOverlapped=0x0) returned 0 [0229.949] ConnectEx (in: s=0x410, name=0x27e0748*(sa_family=2, sin_port=0x9828, sin_addr="107.150.23.184"), namelen=16, lpSendBuffer=0x0, dwSendDataLength=0x0, lpdwBytesSent=0x1be8f448, lpOverlapped=0x27ce240 | out: lpdwBytesSent=0x1be8f448*=0x0) returned 0 [0229.951] GetForegroundWindow () returned 0x10080 [0229.951] CoTaskMemAlloc (cb=0x204) returned 0x1aec7280 [0229.951] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aec7280, nMaxCount=256 | out: lpString="") returned 0 [0229.951] CoTaskMemFree (pv=0x1aec7280) [0229.951] GetForegroundWindow () returned 0x10080 [0229.952] CoTaskMemAlloc (cb=0x204) returned 0x1aec7280 [0229.952] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aec7280, nMaxCount=256 | out: lpString="") returned 0 [0229.952] CoTaskMemFree (pv=0x1aec7280) [0230.032] GetForegroundWindow () returned 0x10080 [0230.032] CoTaskMemAlloc (cb=0x204) returned 0x1aec7280 [0230.032] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aec7280, nMaxCount=256 | out: lpString="") returned 0 [0230.033] CoTaskMemFree (pv=0x1aec7280) [0230.033] GetForegroundWindow () returned 0x100d4 [0230.034] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0230.034] EnumProcesses (in: lpidProcess=0x27e1760, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27e1760, lpcbNeeded=0x1be8f450) returned 1 [0230.035] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12720a48, ResultLength=0x1be8f3f0*=0xfaf8) returned 0x0 [0230.039] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0230.040] CoTaskMemAlloc (cb=0x204) returned 0x1aec7280 [0230.040] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1aec7280, nMaxCount=256 | out: lpString="FolderView") returned 10 [0230.043] CoTaskMemFree (pv=0x1aec7280) [0230.103] GetForegroundWindow () returned 0x10080 [0230.103] CoTaskMemAlloc (cb=0x204) returned 0x1aec7280 [0230.103] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aec7280, nMaxCount=256 | out: lpString="") returned 0 [0230.104] CoTaskMemFree (pv=0x1aec7280) [0230.104] GetForegroundWindow () returned 0x10080 [0230.104] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0230.104] EnumProcesses (in: lpidProcess=0x27ffd80, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27ffd80, lpcbNeeded=0x1be8f450) returned 1 [0230.105] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12740a78, ResultLength=0x1be8f3f0*=0xfaa8) returned 0x0 [0230.106] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0230.106] CoTaskMemAlloc (cb=0x204) returned 0x1aec7280 [0230.106] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aec7280, nMaxCount=256 | out: lpString="") returned 0 [0230.107] CoTaskMemFree (pv=0x1aec7280) [0230.168] GetForegroundWindow () returned 0x10080 [0230.168] CoTaskMemAlloc (cb=0x204) returned 0x1aec7280 [0230.168] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aec7280, nMaxCount=256 | out: lpString="") returned 0 [0230.168] CoTaskMemFree (pv=0x1aec7280) [0230.169] GetForegroundWindow () returned 0x10080 [0230.169] CoTaskMemAlloc (cb=0x204) returned 0x1aec7280 [0230.169] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aec7280, nMaxCount=256 | out: lpString="") returned 0 [0230.169] CoTaskMemFree (pv=0x1aec7280) [0230.304] GetForegroundWindow () returned 0x100d4 [0230.304] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0230.304] EnumProcesses (in: lpidProcess=0x281e5b0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x281e5b0, lpcbNeeded=0x1be8f460) returned 1 [0230.305] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12760aa8, ResultLength=0x1be8f400*=0xfaf8) returned 0x0 [0230.305] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0230.305] CoTaskMemAlloc (cb=0x204) returned 0x1aeb8530 [0230.305] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1aeb8530, nMaxCount=256 | out: lpString="FolderView") returned 10 [0230.306] CoTaskMemFree (pv=0x1aeb8530) [0230.306] GetForegroundWindow () returned 0x10080 [0230.307] CoTaskMemAlloc (cb=0x204) returned 0x1aeb8530 [0230.307] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aeb8530, nMaxCount=256 | out: lpString="") returned 0 [0230.308] CoTaskMemFree (pv=0x1aeb8530) [0230.402] GetForegroundWindow () returned 0x10080 [0230.402] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0230.402] EnumProcesses (in: lpidProcess=0x283ccd8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x283ccd8, lpcbNeeded=0x1be8f460) returned 1 [0230.403] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12780ad8, ResultLength=0x1be8f400*=0xfa58) returned 0x0 [0230.404] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0230.404] CoTaskMemAlloc (cb=0x204) returned 0x1aeb8530 [0230.404] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aeb8530, nMaxCount=256 | out: lpString="") returned 0 [0230.404] CoTaskMemFree (pv=0x1aeb8530) [0230.405] GetLastInputInfo (in: plii=0x1be8f580 | out: plii=0x1be8f580*(cbSize=0x8, dwTime=0x14466)) returned 1 [0230.405] GetForegroundWindow () returned 0x10080 [0230.405] CoTaskMemAlloc (cb=0x204) returned 0x1aeb8530 [0230.405] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aeb8530, nMaxCount=256 | out: lpString="") returned 0 [0230.405] CoTaskMemFree (pv=0x1aeb8530) [0230.496] GetForegroundWindow () returned 0x10080 [0230.497] CoTaskMemAlloc (cb=0x204) returned 0x1aeb8530 [0230.497] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aeb8530, nMaxCount=256 | out: lpString="") returned 0 [0230.497] CoTaskMemFree (pv=0x1aeb8530) [0230.498] GetForegroundWindow () returned 0x100d4 [0230.498] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0230.498] EnumProcesses (in: lpidProcess=0x285b4c0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x285b4c0, lpcbNeeded=0x1be8f450) returned 1 [0230.499] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127a0b08, ResultLength=0x1be8f3f0*=0xfa58) returned 0x0 [0230.499] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0230.499] CoTaskMemAlloc (cb=0x204) returned 0x1aeb8530 [0230.499] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1aeb8530, nMaxCount=256 | out: lpString="FolderView") returned 10 [0230.500] CoTaskMemFree (pv=0x1aeb8530) [0230.591] GetForegroundWindow () returned 0x10080 [0230.591] CoTaskMemAlloc (cb=0x204) returned 0x1aeb8530 [0230.591] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aeb8530, nMaxCount=256 | out: lpString="") returned 0 [0230.591] CoTaskMemFree (pv=0x1aeb8530) [0230.592] GetForegroundWindow () returned 0x10080 [0230.592] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0230.592] EnumProcesses (in: lpidProcess=0x28799c0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x28799c0, lpcbNeeded=0x1be8f450) returned 1 [0230.596] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127c0b38, ResultLength=0x1be8f3f0*=0xfa58) returned 0x0 [0230.596] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0230.597] CoTaskMemAlloc (cb=0x204) returned 0x1aeb8530 [0230.597] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aeb8530, nMaxCount=256 | out: lpString="") returned 0 [0230.597] CoTaskMemFree (pv=0x1aeb8530) [0230.684] GetForegroundWindow () returned 0x10080 [0230.684] CoTaskMemAlloc (cb=0x204) returned 0x1aeb8530 [0230.684] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aeb8530, nMaxCount=256 | out: lpString="") returned 0 [0230.684] CoTaskMemFree (pv=0x1aeb8530) [0230.685] GetForegroundWindow () returned 0x10080 [0230.685] CoTaskMemAlloc (cb=0x204) returned 0x1aeb8530 [0230.685] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aeb8530, nMaxCount=256 | out: lpString="") returned 0 [0230.685] CoTaskMemFree (pv=0x1aeb8530) [0230.861] GetForegroundWindow () returned 0x100d4 [0230.861] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0230.861] EnumProcesses (in: lpidProcess=0x28b71d0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28b71d0, lpcbNeeded=0x1be8f460) returned 1 [0230.865] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800b98, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12800b98, ResultLength=0x1be8f400*=0xfa58) returned 0x0 [0230.866] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0230.868] CoTaskMemAlloc (cb=0x204) returned 0x1aeb8530 [0230.868] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1aeb8530, nMaxCount=256 | out: lpString="FolderView") returned 10 [0230.869] CoTaskMemFree (pv=0x1aeb8530) [0230.870] GetForegroundWindow () returned 0x10080 [0230.870] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0230.870] EnumProcesses (in: lpidProcess=0x28d5420, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x28d5420, lpcbNeeded=0x1be8f450) returned 1 [0230.871] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820bc8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12820bc8, ResultLength=0x1be8f3f0*=0xfa58) returned 0x0 [0230.871] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0230.871] CoTaskMemAlloc (cb=0x204) returned 0x1aeb8530 [0230.871] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aeb8530, nMaxCount=256 | out: lpString="") returned 0 [0230.872] CoTaskMemFree (pv=0x1aeb8530) [0231.057] GetForegroundWindow () returned 0x10080 [0231.057] CoTaskMemAlloc (cb=0x204) returned 0x1aeb8530 [0231.057] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aeb8530, nMaxCount=256 | out: lpString="") returned 0 [0231.057] CoTaskMemFree (pv=0x1aeb8530) [0231.058] GetForegroundWindow () returned 0x10080 [0231.058] CoTaskMemAlloc (cb=0x204) returned 0x1aeb8530 [0231.058] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aeb8530, nMaxCount=256 | out: lpString="") returned 0 [0231.059] CoTaskMemFree (pv=0x1aeb8530) [0231.261] GetForegroundWindow () returned 0x10080 [0231.261] CoTaskMemAlloc (cb=0x204) returned 0x1af1b0c0 [0231.261] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1b0c0, nMaxCount=256 | out: lpString="") returned 0 [0231.262] CoTaskMemFree (pv=0x1af1b0c0) [0231.263] GetForegroundWindow () returned 0x100d4 [0231.263] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0231.263] EnumProcesses (in: lpidProcess=0x2912ec8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2912ec8, lpcbNeeded=0x1be8f450) returned 1 [0231.266] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12860c28, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12860c28, ResultLength=0x1be8f3f0*=0xfa08) returned 0x0 [0231.267] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0231.267] CoTaskMemAlloc (cb=0x204) returned 0x1af1c350 [0231.267] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1af1c350, nMaxCount=256 | out: lpString="FolderView") returned 10 [0231.267] CoTaskMemFree (pv=0x1af1c350) [0231.588] WSASend (in: s=0x410, lpBuffers=0x1be8f2e0*=((len=0xc, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1be8f2d8, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1be8f2d8*=0xc, lpOverlapped=0x27ce1c8) returned 0 [0231.589] GetForegroundWindow () returned 0x10080 [0231.589] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0231.589] EnumProcesses (in: lpidProcess=0x296d958, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x296d958, lpcbNeeded=0x1be8f460) returned 1 [0231.590] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c0cb8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x128c0cb8, ResultLength=0x1be8f400*=0xfa08) returned 0x0 [0231.597] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0231.597] CoTaskMemAlloc (cb=0x204) returned 0x1af1b900 [0231.597] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1b900, nMaxCount=256 | out: lpString="") returned 0 [0231.597] CoTaskMemFree (pv=0x1af1b900) [0231.598] GetForegroundWindow () returned 0x10080 [0231.598] CoTaskMemAlloc (cb=0x204) returned 0x1af1c770 [0231.598] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1c770, nMaxCount=256 | out: lpString="") returned 0 [0231.598] CoTaskMemFree (pv=0x1af1c770) [0231.728] GetForegroundWindow () returned 0x10080 [0231.729] CoTaskMemAlloc (cb=0x204) returned 0x1af1bb10 [0231.729] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1bb10, nMaxCount=256 | out: lpString="") returned 0 [0231.729] CoTaskMemFree (pv=0x1af1bb10) [0231.730] GetForegroundWindow () returned 0x10080 [0231.730] CoTaskMemAlloc (cb=0x204) returned 0x1af1b6f0 [0231.730] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1b6f0, nMaxCount=256 | out: lpString="") returned 0 [0231.730] CoTaskMemFree (pv=0x1af1b6f0) [0231.884] GetForegroundWindow () returned 0x100d4 [0231.885] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0231.885] EnumProcesses (in: lpidProcess=0x27c3360, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27c3360, lpcbNeeded=0x1be8f460) returned 1 [0231.887] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x129bd8f0, ResultLength=0x1be8f400*=0xfa08) returned 0x0 [0231.890] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0231.890] CoTaskMemAlloc (cb=0x204) returned 0x1af1bf30 [0231.890] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1af1bf30, nMaxCount=256 | out: lpString="FolderView") returned 10 [0231.890] CoTaskMemFree (pv=0x1af1bf30) [0231.892] GetForegroundWindow () returned 0x10080 [0231.892] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0231.892] EnumProcesses (in: lpidProcess=0x27e1cc8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27e1cc8, lpcbNeeded=0x1be8f450) returned 1 [0231.894] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x129dd920, ResultLength=0x1be8f3f0*=0xfa08) returned 0x0 [0231.896] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0231.896] CoTaskMemAlloc (cb=0x204) returned 0x1af1c770 [0231.897] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1c770, nMaxCount=256 | out: lpString="") returned 0 [0231.897] CoTaskMemFree (pv=0x1af1c770) [0232.130] GetForegroundWindow () returned 0x10080 [0232.130] CoTaskMemAlloc (cb=0x204) returned 0x1af1bb10 [0232.130] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1bb10, nMaxCount=256 | out: lpString="") returned 0 [0232.131] CoTaskMemFree (pv=0x1af1bb10) [0232.132] GetForegroundWindow () returned 0x10080 [0232.132] CoTaskMemAlloc (cb=0x204) returned 0x1af1bb10 [0232.132] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1bb10, nMaxCount=256 | out: lpString="") returned 0 [0232.132] CoTaskMemFree (pv=0x1af1bb10) [0232.318] GetForegroundWindow () returned 0x10080 [0232.319] CoTaskMemAlloc (cb=0x204) returned 0x1af1c560 [0232.319] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1c560, nMaxCount=256 | out: lpString="") returned 0 [0232.319] CoTaskMemFree (pv=0x1af1c560) [0232.320] GetForegroundWindow () returned 0x100d4 [0232.320] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0232.320] EnumProcesses (in: lpidProcess=0x2821a90, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2821a90, lpcbNeeded=0x1be8f450) returned 1 [0232.323] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12a1d980, ResultLength=0x1be8f3f0*=0xf9b8) returned 0x0 [0232.326] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0232.326] CoTaskMemAlloc (cb=0x204) returned 0x1af1c980 [0232.326] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1af1c980, nMaxCount=256 | out: lpString="FolderView") returned 10 [0232.326] CoTaskMemFree (pv=0x1af1c980) [0232.485] GetForegroundWindow () returned 0x10080 [0232.485] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0232.485] EnumProcesses (in: lpidProcess=0x287be88, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x287be88, lpcbNeeded=0x1be8f460) returned 1 [0232.487] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7da10, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12a7da10, ResultLength=0x1be8f400*=0xf968) returned 0x0 [0232.489] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0232.490] CoTaskMemAlloc (cb=0x204) returned 0x1af1c770 [0232.490] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1c770, nMaxCount=256 | out: lpString="") returned 0 [0232.490] CoTaskMemFree (pv=0x1af1c770) [0232.491] GetLastInputInfo (in: plii=0x1be8f580 | out: plii=0x1be8f580*(cbSize=0x8, dwTime=0x1464b)) returned 1 [0232.492] GetForegroundWindow () returned 0x10080 [0232.492] CoTaskMemAlloc (cb=0x204) returned 0x1af1c980 [0232.492] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1c980, nMaxCount=256 | out: lpString="") returned 0 [0232.492] CoTaskMemFree (pv=0x1af1c980) [0232.667] GetForegroundWindow () returned 0x10080 [0232.667] CoTaskMemAlloc (cb=0x204) returned 0x1af1b4e0 [0232.667] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1b4e0, nMaxCount=256 | out: lpString="") returned 0 [0232.667] CoTaskMemFree (pv=0x1af1b4e0) [0232.668] GetForegroundWindow () returned 0x10080 [0232.669] CoTaskMemAlloc (cb=0x204) returned 0x1af1bb10 [0232.669] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1bb10, nMaxCount=256 | out: lpString="") returned 0 [0232.669] CoTaskMemFree (pv=0x1af1bb10) [0232.837] GetForegroundWindow () returned 0x100d4 [0232.838] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0232.838] EnumProcesses (in: lpidProcess=0x27c47a0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27c47a0, lpcbNeeded=0x1be8f460) returned 1 [0232.838] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12700a18, ResultLength=0x1be8f400*=0xf968) returned 0x0 [0232.839] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0232.839] CoTaskMemAlloc (cb=0x204) returned 0x1af1c770 [0232.839] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1af1c770, nMaxCount=256 | out: lpString="FolderView") returned 10 [0232.840] CoTaskMemFree (pv=0x1af1c770) [0232.841] GetForegroundWindow () returned 0x10080 [0232.841] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0232.841] EnumProcesses (in: lpidProcess=0x27e3000, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27e3000, lpcbNeeded=0x1be8f450) returned 1 [0232.842] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12720a48, ResultLength=0x1be8f3f0*=0xf968) returned 0x0 [0232.842] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0232.842] CoTaskMemAlloc (cb=0x204) returned 0x1af1cb90 [0232.842] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1cb90, nMaxCount=256 | out: lpString="") returned 0 [0232.843] CoTaskMemFree (pv=0x1af1cb90) [0233.026] GetForegroundWindow () returned 0x10080 [0233.026] CoTaskMemAlloc (cb=0x204) returned 0x1af1bb10 [0233.026] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1bb10, nMaxCount=256 | out: lpString="") returned 0 [0233.026] CoTaskMemFree (pv=0x1af1bb10) [0233.027] GetForegroundWindow () returned 0x10080 [0233.027] CoTaskMemAlloc (cb=0x204) returned 0x1af1bb10 [0233.027] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1bb10, nMaxCount=256 | out: lpString="") returned 0 [0233.027] CoTaskMemFree (pv=0x1af1bb10) [0233.249] GetForegroundWindow () returned 0x10080 [0233.249] CoTaskMemAlloc (cb=0x204) returned 0x1af1b6f0 [0233.249] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1b6f0, nMaxCount=256 | out: lpString="") returned 0 [0233.249] CoTaskMemFree (pv=0x1af1b6f0) [0233.250] GetForegroundWindow () returned 0x100d4 [0233.250] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0233.251] EnumProcesses (in: lpidProcess=0x282db50, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x282db50, lpcbNeeded=0x1be8f450) returned 1 [0233.253] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12760aa8, ResultLength=0x1be8f3f0*=0xf968) returned 0x0 [0233.254] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0233.254] CoTaskMemAlloc (cb=0x204) returned 0x1af1bb10 [0233.254] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1af1bb10, nMaxCount=256 | out: lpString="FolderView") returned 10 [0233.254] CoTaskMemFree (pv=0x1af1bb10) [0233.418] GetForegroundWindow () returned 0x10080 [0233.419] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0233.419] EnumProcesses (in: lpidProcess=0x2888670, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2888670, lpcbNeeded=0x1be8f460) returned 1 [0233.420] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x127c0b38, ResultLength=0x1be8f400*=0xf918) returned 0x0 [0233.420] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0233.420] CoTaskMemAlloc (cb=0x204) returned 0x1af1b4e0 [0233.420] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1b4e0, nMaxCount=256 | out: lpString="") returned 0 [0233.421] CoTaskMemFree (pv=0x1af1b4e0) [0233.421] GetForegroundWindow () returned 0x10080 [0233.421] CoTaskMemAlloc (cb=0x204) returned 0x1af1bb10 [0233.422] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1bb10, nMaxCount=256 | out: lpString="") returned 0 [0233.422] CoTaskMemFree (pv=0x1af1bb10) [0233.557] GetForegroundWindow () returned 0x10080 [0233.557] CoTaskMemAlloc (cb=0x204) returned 0x1af1bb10 [0233.557] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1bb10, nMaxCount=256 | out: lpString="") returned 0 [0233.558] CoTaskMemFree (pv=0x1af1bb10) [0233.558] GetForegroundWindow () returned 0x10080 [0233.558] CoTaskMemAlloc (cb=0x204) returned 0x1af1b6f0 [0233.558] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1b6f0, nMaxCount=256 | out: lpString="") returned 0 [0233.559] CoTaskMemFree (pv=0x1af1b6f0) [0233.641] GetForegroundWindow () returned 0x100d4 [0233.641] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0233.642] EnumProcesses (in: lpidProcess=0x28a8430, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28a8430, lpcbNeeded=0x1be8f460) returned 1 [0233.642] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x127e0b68, ResultLength=0x1be8f400*=0xf918) returned 0x0 [0233.643] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0233.643] CoTaskMemAlloc (cb=0x204) returned 0x1af1b0c0 [0233.643] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1af1b0c0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0233.644] CoTaskMemFree (pv=0x1af1b0c0) [0233.644] GetForegroundWindow () returned 0x10080 [0233.645] CoTaskMemAlloc (cb=0x204) returned 0x1af1b4e0 [0233.645] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1b4e0, nMaxCount=256 | out: lpString="") returned 0 [0233.645] CoTaskMemFree (pv=0x1af1b4e0) [0233.822] GetForegroundWindow () returned 0x10080 [0233.822] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0233.822] EnumProcesses (in: lpidProcess=0x28c81d8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28c81d8, lpcbNeeded=0x1be8f460) returned 1 [0233.823] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12802b98, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12802b98, ResultLength=0x1be8f400*=0xf918) returned 0x0 [0233.824] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0233.824] CoTaskMemAlloc (cb=0x204) returned 0x1af1bb10 [0233.824] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1bb10, nMaxCount=256 | out: lpString="") returned 0 [0233.824] CoTaskMemFree (pv=0x1af1bb10) [0233.825] GetForegroundWindow () returned 0x10080 [0233.825] CoTaskMemAlloc (cb=0x204) returned 0x1af1b0c0 [0233.825] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1b0c0, nMaxCount=256 | out: lpString="") returned 0 [0233.825] CoTaskMemFree (pv=0x1af1b0c0) [0233.953] GetForegroundWindow () returned 0x10080 [0233.953] CoTaskMemAlloc (cb=0x204) returned 0x1af1bd20 [0233.954] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1bd20, nMaxCount=256 | out: lpString="") returned 0 [0233.954] CoTaskMemFree (pv=0x1af1bd20) [0233.954] GetForegroundWindow () returned 0x100d4 [0233.955] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0233.955] EnumProcesses (in: lpidProcess=0x28e7410, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x28e7410, lpcbNeeded=0x1be8f450) returned 1 [0233.956] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12822bc8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12822bc8, ResultLength=0x1be8f3f0*=0xf918) returned 0x0 [0233.957] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0233.957] CoTaskMemAlloc (cb=0x204) returned 0x1af1c980 [0233.957] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1af1c980, nMaxCount=256 | out: lpString="FolderView") returned 10 [0233.957] CoTaskMemFree (pv=0x1af1c980) [0234.042] GetForegroundWindow () returned 0x10080 [0234.042] CoTaskMemAlloc (cb=0x204) returned 0x1af1c770 [0234.042] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1c770, nMaxCount=256 | out: lpString="") returned 0 [0234.042] CoTaskMemFree (pv=0x1af1c770) [0234.043] GetForegroundWindow () returned 0x10080 [0234.043] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0234.043] EnumProcesses (in: lpidProcess=0x29056d0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x29056d0, lpcbNeeded=0x1be8f450) returned 1 [0234.045] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12842bf8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12842bf8, ResultLength=0x1be8f3f0*=0xf918) returned 0x0 [0234.046] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0234.046] CoTaskMemAlloc (cb=0x204) returned 0x1af1c560 [0234.046] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1c560, nMaxCount=256 | out: lpString="") returned 0 [0234.046] CoTaskMemFree (pv=0x1af1c560) [0234.135] GetForegroundWindow () returned 0x10080 [0234.135] CoTaskMemAlloc (cb=0x204) returned 0x1af1bf30 [0234.135] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1bf30, nMaxCount=256 | out: lpString="") returned 0 [0234.135] CoTaskMemFree (pv=0x1af1bf30) [0234.136] GetForegroundWindow () returned 0x10080 [0234.136] CoTaskMemAlloc (cb=0x204) returned 0x1af1c140 [0234.136] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1c140, nMaxCount=256 | out: lpString="") returned 0 [0234.136] CoTaskMemFree (pv=0x1af1c140) [0234.229] GetForegroundWindow () returned 0x100d4 [0234.229] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0234.229] EnumProcesses (in: lpidProcess=0x29258e0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x29258e0, lpcbNeeded=0x1be8f460) returned 1 [0234.230] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12862c28, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12862c28, ResultLength=0x1be8f400*=0xf918) returned 0x0 [0234.230] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0234.230] CoTaskMemAlloc (cb=0x204) returned 0x1af1bf30 [0234.231] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1af1bf30, nMaxCount=256 | out: lpString="FolderView") returned 10 [0234.231] CoTaskMemFree (pv=0x1af1bf30) [0234.231] GetForegroundWindow () returned 0x10080 [0234.231] CoTaskMemAlloc (cb=0x204) returned 0x1af1bb10 [0234.231] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1bb10, nMaxCount=256 | out: lpString="") returned 0 [0234.232] CoTaskMemFree (pv=0x1af1bb10) [0234.323] GetForegroundWindow () returned 0x10080 [0234.323] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0234.324] EnumProcesses (in: lpidProcess=0x29456e8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x29456e8, lpcbNeeded=0x1be8f460) returned 1 [0234.326] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12882c58, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12882c58, ResultLength=0x1be8f400*=0xf918) returned 0x0 [0234.326] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0234.326] CoTaskMemAlloc (cb=0x204) returned 0x1af1b0c0 [0234.326] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1b0c0, nMaxCount=256 | out: lpString="") returned 0 [0234.326] CoTaskMemFree (pv=0x1af1b0c0) [0234.327] GetForegroundWindow () returned 0x10080 [0234.327] CoTaskMemAlloc (cb=0x204) returned 0x1af1b2d0 [0234.327] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1b2d0, nMaxCount=256 | out: lpString="") returned 0 [0234.327] CoTaskMemFree (pv=0x1af1b2d0) [0234.416] GetForegroundWindow () returned 0x10080 [0234.417] CoTaskMemAlloc (cb=0x204) returned 0x1af1bd20 [0234.417] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1bd20, nMaxCount=256 | out: lpString="") returned 0 [0234.417] CoTaskMemFree (pv=0x1af1bd20) [0234.418] GetForegroundWindow () returned 0x100d4 [0234.418] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0234.418] EnumProcesses (in: lpidProcess=0x2963c48, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2963c48, lpcbNeeded=0x1be8f450) returned 1 [0234.419] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a2c88, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x128a2c88, ResultLength=0x1be8f3f0*=0xf918) returned 0x0 [0234.420] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0234.420] CoTaskMemAlloc (cb=0x204) returned 0x1af1c560 [0234.420] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1af1c560, nMaxCount=256 | out: lpString="FolderView") returned 10 [0234.420] CoTaskMemFree (pv=0x1af1c560) [0234.511] GetForegroundWindow () returned 0x10080 [0234.511] CoTaskMemAlloc (cb=0x204) returned 0x1af1bb10 [0234.511] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1bb10, nMaxCount=256 | out: lpString="") returned 0 [0234.511] CoTaskMemFree (pv=0x1af1bb10) [0234.512] GetLastInputInfo (in: plii=0x1be8f580 | out: plii=0x1be8f580*(cbSize=0x8, dwTime=0x1464b)) returned 1 [0234.513] GetForegroundWindow () returned 0x10080 [0234.513] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0234.513] EnumProcesses (in: lpidProcess=0x2981f50, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2981f50, lpcbNeeded=0x1be8f450) returned 1 [0234.514] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c2cb8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x128c2cb8, ResultLength=0x1be8f3f0*=0xf918) returned 0x0 [0234.515] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0234.515] CoTaskMemAlloc (cb=0x204) returned 0x1af1c350 [0234.515] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1c350, nMaxCount=256 | out: lpString="") returned 0 [0234.516] CoTaskMemFree (pv=0x1af1c350) [0234.782] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin", nBufferLength=0x105, lpBuffer=0x1be8f020, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin", lpFilePart=0x0) returned 0x57 [0234.782] SetErrorMode (uMode=0x1) returned 0x0 [0234.783] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\settings.bin"), fInfoLevelId=0x0, lpFileInformation=0x1be8f230 | out: lpFileInformation=0x1be8f230*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6ad55b8, ftCreationTime.dwHighDateTime=0x1d8a905, ftLastAccessTime.dwLowDateTime=0xf6ad55b8, ftLastAccessTime.dwHighDateTime=0x1d8a905, ftLastWriteTime.dwLowDateTime=0xf6ad55b8, ftLastWriteTime.dwHighDateTime=0x1d8a905, nFileSizeHigh=0x0, nFileSizeLow=0x8)) returned 1 [0234.783] SetErrorMode (uMode=0x0) returned 0x1 [0234.783] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bak", nBufferLength=0x105, lpBuffer=0x1be8eff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bak", lpFilePart=0x0) returned 0x57 [0234.784] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bak" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\settings.bak")) returned 0 [0234.785] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin", nBufferLength=0x105, lpBuffer=0x1be8ef90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin", lpFilePart=0x0) returned 0x57 [0234.807] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bak", nBufferLength=0x105, lpBuffer=0x1be8ef90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bak", lpFilePart=0x0) returned 0x57 [0234.808] CopyFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\settings.bin"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bak" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\settings.bak"), bFailIfExists=1) returned 1 [0234.951] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin", nBufferLength=0x105, lpBuffer=0x1be8ed50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin", lpFilePart=0x0) returned 0x57 [0234.951] SetErrorMode (uMode=0x1) returned 0x0 [0234.951] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\settings.bin"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x42c [0234.952] GetFileType (hFile=0x42c) returned 0x1 [0234.952] SetErrorMode (uMode=0x0) returned 0x1 [0234.952] GetFileType (hFile=0x42c) returned 0x1 [0234.952] WriteFile (in: hFile=0x42c, lpBuffer=0x27b6cd0*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x1be8f228, lpOverlapped=0x0 | out: lpBuffer=0x27b6cd0*, lpNumberOfBytesWritten=0x1be8f228*=0x28, lpOverlapped=0x0) returned 1 [0234.953] CloseHandle (hObject=0x42c) returned 1 [0234.955] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bak", nBufferLength=0x105, lpBuffer=0x1be8eff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bak", lpFilePart=0x0) returned 0x57 [0234.955] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bak" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\settings.bak")) returned 1 [0234.957] GetForegroundWindow () returned 0x10080 [0234.957] CoTaskMemAlloc (cb=0x204) returned 0x1af1c770 [0234.957] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1c770, nMaxCount=256 | out: lpString="") returned 0 [0234.957] CoTaskMemFree (pv=0x1af1c770) [0234.957] GetForegroundWindow () returned 0x10080 [0234.957] CoTaskMemAlloc (cb=0x204) returned 0x1af1bb10 [0234.957] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1bb10, nMaxCount=256 | out: lpString="") returned 0 [0234.958] CoTaskMemFree (pv=0x1af1bb10) [0234.958] GetForegroundWindow () returned 0x100d4 [0234.958] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0234.958] EnumProcesses (in: lpidProcess=0x27b8550, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27b8550, lpcbNeeded=0x1be8f460) returned 1 [0234.961] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x1299d8c0, ResultLength=0x1be8f400*=0xf918) returned 0x0 [0234.964] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0234.964] CoTaskMemAlloc (cb=0x204) returned 0x1af1c350 [0234.964] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1af1c350, nMaxCount=256 | out: lpString="FolderView") returned 10 [0234.965] CoTaskMemFree (pv=0x1af1c350) [0234.965] GetForegroundWindow () returned 0x10080 [0234.965] CoTaskMemAlloc (cb=0x204) returned 0x1af1c140 [0234.965] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1c140, nMaxCount=256 | out: lpString="") returned 0 [0234.965] CoTaskMemFree (pv=0x1af1c140) [0234.966] GetForegroundWindow () returned 0x10080 [0234.966] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0234.966] EnumProcesses (in: lpidProcess=0x27d7000, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27d7000, lpcbNeeded=0x1be8f460) returned 1 [0234.967] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x129bd8f0, ResultLength=0x1be8f400*=0xf918) returned 0x0 [0234.970] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0234.970] CoTaskMemAlloc (cb=0x204) returned 0x1af1cb90 [0234.970] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1cb90, nMaxCount=256 | out: lpString="") returned 0 [0234.970] CoTaskMemFree (pv=0x1af1cb90) [0234.970] GetForegroundWindow () returned 0x10080 [0234.970] CoTaskMemAlloc (cb=0x204) returned 0x1af1c560 [0234.970] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1c560, nMaxCount=256 | out: lpString="") returned 0 [0234.971] CoTaskMemFree (pv=0x1af1c560) [0235.014] GetForegroundWindow () returned 0x10080 [0235.014] CoTaskMemAlloc (cb=0x204) returned 0x1af1cda0 [0235.014] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1cda0, nMaxCount=256 | out: lpString="") returned 0 [0235.014] CoTaskMemFree (pv=0x1af1cda0) [0235.016] GetForegroundWindow () returned 0x100d4 [0235.017] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0235.017] EnumProcesses (in: lpidProcess=0x27f5560, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27f5560, lpcbNeeded=0x1be8f450) returned 1 [0235.019] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x129dd920, ResultLength=0x1be8f3f0*=0xf918) returned 0x0 [0235.022] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0235.023] CoTaskMemAlloc (cb=0x204) returned 0x1af1c770 [0235.023] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1af1c770, nMaxCount=256 | out: lpString="FolderView") returned 10 [0235.023] CoTaskMemFree (pv=0x1af1c770) [0235.110] GetForegroundWindow () returned 0x10080 [0235.110] CoTaskMemAlloc (cb=0x204) returned 0x1af1b6f0 [0235.110] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1b6f0, nMaxCount=256 | out: lpString="") returned 0 [0235.110] CoTaskMemFree (pv=0x1af1b6f0) [0235.111] GetForegroundWindow () returned 0x10080 [0235.112] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0235.112] EnumProcesses (in: lpidProcess=0x2815200, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2815200, lpcbNeeded=0x1be8f450) returned 1 [0235.114] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x129fd950, ResultLength=0x1be8f3f0*=0xf918) returned 0x0 [0235.117] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0235.117] CoTaskMemAlloc (cb=0x204) returned 0x1af1b6f0 [0235.117] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1b6f0, nMaxCount=256 | out: lpString="") returned 0 [0235.117] CoTaskMemFree (pv=0x1af1b6f0) [0235.219] GetForegroundWindow () returned 0x10080 [0235.219] CoTaskMemAlloc (cb=0x204) returned 0x1af1b2d0 [0235.219] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1b2d0, nMaxCount=256 | out: lpString="") returned 0 [0235.219] CoTaskMemFree (pv=0x1af1b2d0) [0235.220] GetForegroundWindow () returned 0x10080 [0235.220] CoTaskMemAlloc (cb=0x204) returned 0x1af1c560 [0235.220] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1c560, nMaxCount=256 | out: lpString="") returned 0 [0235.220] CoTaskMemFree (pv=0x1af1c560) [0235.622] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x474 [0235.663] CoGetObjectContext (in: riid=0x1be8da18*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1be8da10 | out: ppv=0x1be8da10*=0x5e6f98) returned 0x0 [0235.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x1be8c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30 [0235.917] CoTaskMemAlloc (cb=0x43) returned 0x1c078290 [0235.917] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\\\wminet_utils.dll") returned 0x7ffb853a0000 [0236.101] CoTaskMemFree (pv=0x1c078290) [0236.105] CoTaskMemAlloc (cb=0xf) returned 0x1ae73030 [0236.105] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="ResetSecurity") returned 0x7ffb853a20e0 [0236.105] CoTaskMemFree (pv=0x1ae73030) [0236.142] CoTaskMemAlloc (cb=0xd) returned 0x1ae73030 [0236.142] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="SetSecurity") returned 0x7ffb853a21b0 [0236.142] CoTaskMemFree (pv=0x1ae73030) [0236.159] CoTaskMemAlloc (cb=0x14) returned 0x1ae73030 [0236.160] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="BlessIWbemServices") returned 0x7ffb853a2290 [0236.160] CoTaskMemFree (pv=0x1ae73030) [0236.193] CoTaskMemAlloc (cb=0x1a) returned 0x69d120 [0236.194] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="BlessIWbemServicesObject") returned 0x7ffb853a23b0 [0236.194] CoTaskMemFree (pv=0x69d120) [0236.224] CoTaskMemAlloc (cb=0x13) returned 0x1ae73030 [0236.224] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="GetPropertyHandle") returned 0x7ffb853a24d0 [0236.224] CoTaskMemFree (pv=0x1ae73030) [0236.237] CoTaskMemAlloc (cb=0x14) returned 0x1ae73030 [0236.237] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="WritePropertyValue") returned 0x7ffb853a2500 [0236.237] CoTaskMemFree (pv=0x1ae73030) [0236.251] CoTaskMemAlloc (cb=0x7) returned 0x1af2a8b0 [0236.252] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="Clone") returned 0x7ffb853a2530 [0236.252] CoTaskMemFree (pv=0x1af2a8b0) [0236.261] CoTaskMemAlloc (cb=0x11) returned 0x1ae73750 [0236.261] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="VerifyClientKey") returned 0x7ffb853a31f0 [0236.261] CoTaskMemFree (pv=0x1ae73750) [0236.266] CoTaskMemAlloc (cb=0x11) returned 0x1ae73df0 [0236.266] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="GetQualifierSet") returned 0x7ffb853a2a50 [0236.267] CoTaskMemFree (pv=0x1ae73df0) [0236.269] CoTaskMemAlloc (cb=0x5) returned 0x1af2a6f0 [0236.270] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="Get") returned 0x7ffb853a2700 [0236.270] CoTaskMemFree (pv=0x1af2a6f0) [0236.275] CoTaskMemAlloc (cb=0x5) returned 0x1af2a6b0 [0236.275] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="Put") returned 0x7ffb853a26c0 [0236.275] CoTaskMemFree (pv=0x1af2a6b0) [0236.281] CoTaskMemAlloc (cb=0x8) returned 0x1af2a650 [0236.281] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="Delete") returned 0x7ffb853a2750 [0236.281] CoTaskMemFree (pv=0x1af2a650) [0236.284] CoTaskMemAlloc (cb=0xa) returned 0x1ae73990 [0236.284] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="GetNames") returned 0x7ffb853a2760 [0236.284] CoTaskMemFree (pv=0x1ae73990) [0236.288] CoTaskMemAlloc (cb=0x12) returned 0x1ae73cb0 [0236.288] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="BeginEnumeration") returned 0x7ffb853a27b0 [0236.289] CoTaskMemFree (pv=0x1ae73cb0) [0236.294] CoTaskMemAlloc (cb=0x6) returned 0x1af2a6d0 [0236.294] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="Next") returned 0x7ffb853a27c0 [0236.294] CoTaskMemFree (pv=0x1af2a6d0) [0236.297] CoTaskMemAlloc (cb=0x10) returned 0x1ae738b0 [0236.297] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="EndEnumeration") returned 0x7ffb853a2810 [0236.297] CoTaskMemFree (pv=0x1ae738b0) [0236.298] CoTaskMemAlloc (cb=0x19) returned 0x69d420 [0236.299] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="GetPropertyQualifierSet") returned 0x7ffb853a2820 [0236.299] CoTaskMemFree (pv=0x69d420) [0236.301] CoTaskMemAlloc (cb=0x7) returned 0x1af2a870 [0236.302] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="Clone") returned 0x7ffb853a2530 [0236.302] CoTaskMemFree (pv=0x1af2a870) [0236.302] CoTaskMemAlloc (cb=0xf) returned 0x1ae73bd0 [0236.302] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="GetObjectText") returned 0x7ffb853a2840 [0236.302] CoTaskMemFree (pv=0x1ae73bd0) [0236.304] CoTaskMemAlloc (cb=0x13) returned 0x1ae73810 [0236.305] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="SpawnDerivedClass") returned 0x7ffb853a2860 [0236.305] CoTaskMemFree (pv=0x1ae73810) [0236.307] CoTaskMemAlloc (cb=0xf) returned 0x1ae73bb0 [0236.307] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="SpawnInstance") returned 0x7ffb853a2880 [0236.307] CoTaskMemFree (pv=0x1ae73bb0) [0236.309] CoTaskMemAlloc (cb=0xb) returned 0x1ae73b90 [0236.309] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="CompareTo") returned 0x7ffb853a28a0 [0236.309] CoTaskMemFree (pv=0x1ae73b90) [0236.310] CoTaskMemAlloc (cb=0x13) returned 0x1ae73850 [0236.311] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="GetPropertyOrigin") returned 0x7ffb853a28c0 [0236.311] CoTaskMemFree (pv=0x1ae73850) [0236.313] CoTaskMemAlloc (cb=0xe) returned 0x1ae73990 [0236.314] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="InheritsFrom") returned 0x7ffb853a28e0 [0236.314] CoTaskMemFree (pv=0x1ae73990) [0236.316] CoTaskMemAlloc (cb=0xb) returned 0x1ae73cf0 [0236.316] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="GetMethod") returned 0x7ffb853a28f0 [0236.316] CoTaskMemFree (pv=0x1ae73cf0) [0236.318] CoTaskMemAlloc (cb=0xb) returned 0x1ae73710 [0236.318] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="PutMethod") returned 0x7ffb853a2940 [0236.318] CoTaskMemFree (pv=0x1ae73710) [0236.321] CoTaskMemAlloc (cb=0xe) returned 0x1ae73810 [0236.321] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="DeleteMethod") returned 0x7ffb853a2990 [0236.321] CoTaskMemFree (pv=0x1ae73810) [0236.322] CoTaskMemAlloc (cb=0x18) returned 0x1ae73bb0 [0236.323] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="BeginMethodEnumeration") returned 0x7ffb853a29a0 [0236.323] CoTaskMemFree (pv=0x1ae73bb0) [0236.324] CoTaskMemAlloc (cb=0xc) returned 0x1ae738b0 [0236.324] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="NextMethod") returned 0x7ffb853a29b0 [0236.324] CoTaskMemFree (pv=0x1ae738b0) [0236.326] CoTaskMemAlloc (cb=0x16) returned 0x1ae738b0 [0236.326] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="EndMethodEnumeration") returned 0x7ffb853a2a00 [0236.328] CoTaskMemFree (pv=0x1ae738b0) [0236.329] CoTaskMemAlloc (cb=0x17) returned 0x1ae73a10 [0236.329] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="GetMethodQualifierSet") returned 0x7ffb853a2a10 [0236.329] CoTaskMemFree (pv=0x1ae73a10) [0236.330] CoTaskMemAlloc (cb=0x11) returned 0x1ae737d0 [0236.330] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="GetMethodOrigin") returned 0x7ffb853a2a30 [0236.330] CoTaskMemFree (pv=0x1ae737d0) [0236.332] CoTaskMemAlloc (cb=0x12) returned 0x1ae73a10 [0236.332] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="QualifierSet_Get") returned 0x7ffb853a2a60 [0236.332] CoTaskMemFree (pv=0x1ae73a10) [0236.334] CoTaskMemAlloc (cb=0x12) returned 0x1ae73bb0 [0236.334] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="QualifierSet_Put") returned 0x7ffb853a2ab0 [0236.334] CoTaskMemFree (pv=0x1ae73bb0) [0236.336] CoTaskMemAlloc (cb=0x15) returned 0x1ae73bb0 [0236.336] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="QualifierSet_Delete") returned 0x7ffb853a2ae0 [0236.336] CoTaskMemFree (pv=0x1ae73bb0) [0236.337] CoTaskMemAlloc (cb=0x17) returned 0x1ae739f0 [0236.337] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="QualifierSet_GetNames") returned 0x7ffb853a2af0 [0236.337] CoTaskMemFree (pv=0x1ae739f0) [0236.339] CoTaskMemAlloc (cb=0x1f) returned 0x69d150 [0236.340] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="QualifierSet_BeginEnumeration") returned 0x7ffb853a2b10 [0236.340] CoTaskMemFree (pv=0x69d150) [0236.344] CoTaskMemAlloc (cb=0x13) returned 0x1ae73c10 [0236.345] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="QualifierSet_Next") returned 0x7ffb853a2b20 [0236.345] CoTaskMemFree (pv=0x1ae73c10) [0236.347] CoTaskMemAlloc (cb=0x1d) returned 0x69d3f0 [0236.348] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="QualifierSet_EndEnumeration") returned 0x7ffb853a2b70 [0236.348] CoTaskMemFree (pv=0x69d3f0) [0236.348] CoTaskMemAlloc (cb=0x19) returned 0x69d2a0 [0236.349] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="GetCurrentApartmentType") returned 0x7ffb853a2a50 [0236.349] CoTaskMemFree (pv=0x69d2a0) [0236.350] CoTaskMemAlloc (cb=0x16) returned 0x1ae73cf0 [0236.350] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="GetDemultiplexedStub") returned 0x7ffb853a2060 [0236.350] CoTaskMemFree (pv=0x1ae73cf0) [0236.352] CoTaskMemAlloc (cb=0x17) returned 0x1ae73e50 [0236.352] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="CreateInstanceEnumWmi") returned 0x7ffb853a1760 [0236.352] CoTaskMemFree (pv=0x1ae73e50) [0236.356] CoTaskMemAlloc (cb=0x14) returned 0x1ae739f0 [0236.356] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="CreateClassEnumWmi") returned 0x7ffb853a18c0 [0236.356] CoTaskMemFree (pv=0x1ae739f0) [0236.359] CoTaskMemAlloc (cb=0xe) returned 0x1ae73a90 [0236.359] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="ExecQueryWmi") returned 0x7ffb853a1a20 [0236.359] CoTaskMemFree (pv=0x1ae73a90) [0236.364] CoTaskMemAlloc (cb=0x1a) returned 0x69c9a0 [0236.364] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="ExecNotificationQueryWmi") returned 0x7ffb853a1b90 [0236.364] CoTaskMemFree (pv=0x69c9a0) [0236.369] CoTaskMemAlloc (cb=0x10) returned 0x1ae73910 [0236.369] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="PutInstanceWmi") returned 0x7ffb853a1d00 [0236.369] CoTaskMemFree (pv=0x1ae73910) [0236.372] CoTaskMemAlloc (cb=0xd) returned 0x1ae73c10 [0236.373] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="PutClassWmi") returned 0x7ffb853a1e00 [0236.373] CoTaskMemFree (pv=0x1ae73c10) [0236.376] CoTaskMemAlloc (cb=0x1a) returned 0x69d120 [0236.377] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="CloneEnumWbemClassObject") returned 0x7ffb853a1f00 [0236.377] CoTaskMemFree (pv=0x69d120) [0236.379] CoTaskMemAlloc (cb=0x12) returned 0x1ae73e70 [0236.379] GetProcAddress (hModule=0x7ffb853a0000, lpProcName="ConnectServerWmi") returned 0x7ffb853a34c0 [0236.379] CoTaskMemFree (pv=0x1ae73e70) [0236.383] IComThreadingInfo:GetCurrentApartmentType (in: This=0x5e6f98, pAptType=0x1be8da30 | out: pAptType=0x1be8da30*=1) returned 0x0 [0236.383] IUnknown:QueryInterface (in: This=0x5e6f98, riid=0x28353a0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1be8db38 | out: ppvObject=0x1be8db38*=0x0) returned 0x80004002 [0236.383] IUnknown:Release (This=0x5e6f98) returned 0x0 [0236.388] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x1be8d220 | out: lpiid=0x1be8d220) returned 0x0 [0236.388] CoGetClassObject (in: rclsid=0x1ae8d278*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7ffb7330d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1be8d090 | out: ppv=0x1be8d090*=0x1ae73990) returned 0x0 [0237.261] WbemDefPath:IUnknown:QueryInterface (in: This=0x1ae73990, riid=0x7ffb7330d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1be8cda0 | out: ppvObject=0x1be8cda0*=0x0) returned 0x80004002 [0237.262] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1ae73990, pUnkOuter=0x0, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8cd88 | out: ppvObject=0x1be8cd88*=0x1ae71670) returned 0x0 [0237.264] WbemDefPath:IUnknown:QueryInterface (in: This=0x1ae71670, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8cc90 | out: ppvObject=0x1be8cc90*=0x1ae71670) returned 0x0 [0237.264] WbemDefPath:IUnknown:QueryInterface (in: This=0x1ae71670, riid=0x7ffb7330d840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1be8cd10 | out: ppvObject=0x1be8cd10*=0x0) returned 0x80004002 [0237.265] WbemDefPath:IUnknown:AddRef (This=0x1ae71670) returned 0x3 [0237.266] CoGetContextToken (in: pToken=0x1be8c960 | out: pToken=0x1be8c960) returned 0x0 [0237.267] CoGetObjectContext (in: riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c078ca8 | out: ppv=0x1c078ca8*=0x5e6f80) returned 0x0 [0237.267] WbemDefPath:IUnknown:QueryInterface (in: This=0x1ae71670, riid=0x7ffb7330d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8c920 | out: ppvObject=0x1be8c920*=0x1ae73c50) returned 0x0 [0237.267] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1ae73c50, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1be8c950 | out: pCid=0x1be8c950*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0237.268] WbemDefPath:IUnknown:Release (This=0x1ae73c50) returned 0x3 [0237.268] CoGetContextToken (in: pToken=0x1be8c930 | out: pToken=0x1be8c930) returned 0x0 [0237.268] WbemDefPath:IUnknown:AddRef (This=0x1ae71670) returned 0x4 [0237.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x1ae71670, riid=0x7ffb7330d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8ca48 | out: ppvObject=0x1be8ca48*=0x0) returned 0x80004002 [0237.269] WbemDefPath:IUnknown:Release (This=0x1ae71670) returned 0x3 [0237.269] WbemDefPath:IUnknown:Release (This=0x1ae71670) returned 0x2 [0237.269] WbemDefPath:IUnknown:Release (This=0x1ae73990) returned 0x0 [0237.269] WbemDefPath:IUnknown:Release (This=0x1ae71670) returned 0x1 [0237.273] CoGetContextToken (in: pToken=0x1be8d660 | out: pToken=0x1be8d660) returned 0x0 [0237.273] IIDFromString (in: lpsz="{3BC15AF2-736C-477E-9E51-238AF8667DCC}", lpiid=0x1be8d6e0 | out: lpiid=0x1be8d6e0) returned 0x0 [0237.273] CoGetContextToken (in: pToken=0x1be8d5a0 | out: pToken=0x1be8d5a0) returned 0x0 [0237.273] WbemDefPath:IUnknown:AddRef (This=0x1ae71670) returned 0x2 [0237.273] WbemDefPath:IUnknown:QueryInterface (in: This=0x1ae71670, riid=0x1be8d6e0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1be8d6c0 | out: ppvObject=0x1be8d6c0*=0x1ae71670) returned 0x0 [0237.274] WbemDefPath:IUnknown:Release (This=0x1ae71670) returned 0x2 [0237.274] WbemDefPath:IUnknown:Release (This=0x1ae71670) returned 0x1 [0237.337] CoGetContextToken (in: pToken=0x1be8d7e0 | out: pToken=0x1be8d7e0) returned 0x0 [0237.337] CoGetContextToken (in: pToken=0x1be8d720 | out: pToken=0x1be8d720) returned 0x0 [0237.337] WbemDefPath:IUnknown:AddRef (This=0x1ae71670) returned 0x2 [0237.337] WbemDefPath:IUnknown:QueryInterface (in: This=0x1ae71670, riid=0x1be8d860*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1be8d840 | out: ppvObject=0x1be8d840*=0x1ae71670) returned 0x0 [0237.337] WbemDefPath:IUnknown:Release (This=0x1ae71670) returned 0x2 [0237.337] WbemDefPath:IUnknown:AddRef (This=0x1ae71670) returned 0x3 [0237.338] WbemDefPath:IWbemPath:SetText (This=0x1ae71670, uMode=0x4, pszPath="//./root/cimv2") returned 0x0 [0237.338] WbemDefPath:IUnknown:Release (This=0x1ae71670) returned 0x2 [0237.339] CoGetObjectContext (in: riid=0x1be8ea28*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1be8ea20 | out: ppv=0x1be8ea20*=0x5e6f98) returned 0x0 [0237.340] IComThreadingInfo:GetCurrentApartmentType (in: This=0x5e6f98, pAptType=0x1be8ea40 | out: pAptType=0x1be8ea40*=1) returned 0x0 [0237.340] IUnknown:QueryInterface (in: This=0x5e6f98, riid=0x28353a0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1be8eb48 | out: ppvObject=0x1be8eb48*=0x0) returned 0x80004002 [0237.340] IUnknown:Release (This=0x5e6f98) returned 0x1 [0237.341] CoGetClassObject (in: rclsid=0x1ae8d278*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7ffb7330d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1be8e0a0 | out: ppv=0x1be8e0a0*=0x1ae739d0) returned 0x0 [0237.341] WbemDefPath:IUnknown:QueryInterface (in: This=0x1ae739d0, riid=0x7ffb7330d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1be8ddb0 | out: ppvObject=0x1be8ddb0*=0x0) returned 0x80004002 [0237.341] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1ae739d0, pUnkOuter=0x0, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8dd98 | out: ppvObject=0x1be8dd98*=0x1ae72030) returned 0x0 [0237.342] WbemDefPath:IUnknown:QueryInterface (in: This=0x1ae72030, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8dca0 | out: ppvObject=0x1be8dca0*=0x1ae72030) returned 0x0 [0237.342] WbemDefPath:IUnknown:QueryInterface (in: This=0x1ae72030, riid=0x7ffb7330d840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1be8dd20 | out: ppvObject=0x1be8dd20*=0x0) returned 0x80004002 [0237.343] WbemDefPath:IUnknown:AddRef (This=0x1ae72030) returned 0x3 [0237.343] CoGetContextToken (in: pToken=0x1be8d970 | out: pToken=0x1be8d970) returned 0x0 [0237.343] WbemDefPath:IUnknown:QueryInterface (in: This=0x1ae72030, riid=0x7ffb7330d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8d930 | out: ppvObject=0x1be8d930*=0x1ae73c30) returned 0x0 [0237.343] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1ae73c30, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1be8d960 | out: pCid=0x1be8d960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0237.343] WbemDefPath:IUnknown:Release (This=0x1ae73c30) returned 0x3 [0237.344] CoGetContextToken (in: pToken=0x1be8d940 | out: pToken=0x1be8d940) returned 0x0 [0237.344] WbemDefPath:IUnknown:AddRef (This=0x1ae72030) returned 0x4 [0237.344] WbemDefPath:IUnknown:QueryInterface (in: This=0x1ae72030, riid=0x7ffb7330d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8da58 | out: ppvObject=0x1be8da58*=0x0) returned 0x80004002 [0237.344] WbemDefPath:IUnknown:Release (This=0x1ae72030) returned 0x3 [0237.344] WbemDefPath:IUnknown:Release (This=0x1ae72030) returned 0x2 [0237.345] WbemDefPath:IUnknown:Release (This=0x1ae739d0) returned 0x0 [0237.345] WbemDefPath:IUnknown:Release (This=0x1ae72030) returned 0x1 [0237.345] CoGetContextToken (in: pToken=0x1be8e670 | out: pToken=0x1be8e670) returned 0x0 [0237.345] CoGetContextToken (in: pToken=0x1be8e5b0 | out: pToken=0x1be8e5b0) returned 0x0 [0237.345] WbemDefPath:IUnknown:AddRef (This=0x1ae72030) returned 0x2 [0237.345] WbemDefPath:IUnknown:QueryInterface (in: This=0x1ae72030, riid=0x1be8e6f0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1be8e6d0 | out: ppvObject=0x1be8e6d0*=0x1ae72030) returned 0x0 [0237.346] WbemDefPath:IUnknown:Release (This=0x1ae72030) returned 0x2 [0237.346] WbemDefPath:IUnknown:Release (This=0x1ae72030) returned 0x1 [0237.346] CoGetContextToken (in: pToken=0x1be8e7f0 | out: pToken=0x1be8e7f0) returned 0x0 [0237.346] CoGetContextToken (in: pToken=0x1be8e730 | out: pToken=0x1be8e730) returned 0x0 [0237.346] WbemDefPath:IUnknown:AddRef (This=0x1ae72030) returned 0x2 [0237.347] WbemDefPath:IUnknown:QueryInterface (in: This=0x1ae72030, riid=0x1be8e870*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1be8e850 | out: ppvObject=0x1be8e850*=0x1ae72030) returned 0x0 [0237.347] WbemDefPath:IUnknown:Release (This=0x1ae72030) returned 0x2 [0237.347] WbemDefPath:IUnknown:AddRef (This=0x1ae72030) returned 0x3 [0237.347] WbemDefPath:IWbemPath:SetText (This=0x1ae72030, uMode=0x4, pszPath="ROOT\\SecurityCenter2") returned 0x0 [0237.347] WbemDefPath:IUnknown:Release (This=0x1ae72030) returned 0x2 [0237.425] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1ae72030, puCount=0x1be8eaf0 | out: puCount=0x1be8eaf0*=0x2) returned 0x0 [0237.430] WbemDefPath:IWbemPath:GetText (in: This=0x1ae72030, lFlags=4, puBuffLength=0x1be8eaf0*=0x0, pszText=0x0 | out: puBuffLength=0x1be8eaf0*=0x19, pszText=0x0) returned 0x0 [0237.432] WbemDefPath:IWbemPath:GetText (in: This=0x1ae72030, lFlags=4, puBuffLength=0x1be8eaf0*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x1be8eaf0*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0237.452] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1ae72030, puCount=0x1be8eaf0 | out: puCount=0x1be8eaf0*=0x2) returned 0x0 [0237.452] WbemDefPath:IWbemPath:GetText (in: This=0x1ae72030, lFlags=4, puBuffLength=0x1be8eaf0*=0x0, pszText=0x0 | out: puBuffLength=0x1be8eaf0*=0x19, pszText=0x0) returned 0x0 [0237.452] WbemDefPath:IWbemPath:GetText (in: This=0x1ae72030, lFlags=4, puBuffLength=0x1be8eaf0*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x1be8eaf0*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0237.505] CoGetObjectContext (in: riid=0x1be8ea38*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1be8ea30 | out: ppv=0x1be8ea30*=0x5e6f98) returned 0x0 [0237.505] IComThreadingInfo:GetCurrentApartmentType (in: This=0x5e6f98, pAptType=0x1be8ea50 | out: pAptType=0x1be8ea50*=1) returned 0x0 [0237.505] IUnknown:QueryInterface (in: This=0x5e6f98, riid=0x28353a0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1be8eb58 | out: ppvObject=0x1be8eb58*=0x0) returned 0x80004002 [0237.505] IUnknown:Release (This=0x5e6f98) returned 0x1 [0237.548] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x1be8e860 | out: lpiid=0x1be8e860) returned 0x0 [0237.548] CoGetClassObject (in: rclsid=0x1af42af8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7ffb7330d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1be8e6d0 | out: ppv=0x1be8e6d0*=0x1ae739d0) returned 0x0 [0237.717] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae739d0, riid=0x7ffb7330d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1be8e3e0 | out: ppvObject=0x1be8e3e0*=0x0) returned 0x80004002 [0237.717] WbemLocator:IClassFactory:CreateInstance (in: This=0x1ae739d0, pUnkOuter=0x0, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8e3c8 | out: ppvObject=0x1be8e3c8*=0x1ae73d70) returned 0x0 [0237.717] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae73d70, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8e2d0 | out: ppvObject=0x1be8e2d0*=0x1ae73d70) returned 0x0 [0237.718] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae73d70, riid=0x7ffb7330d840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1be8e350 | out: ppvObject=0x1be8e350*=0x0) returned 0x80004002 [0237.718] WbemLocator:IUnknown:AddRef (This=0x1ae73d70) returned 0x3 [0237.718] CoGetContextToken (in: pToken=0x1be8dfa0 | out: pToken=0x1be8dfa0) returned 0x0 [0237.719] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae73d70, riid=0x7ffb7330d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8df60 | out: ppvObject=0x1be8df60*=0x0) returned 0x80004002 [0237.719] CoGetContextToken (in: pToken=0x1be8df70 | out: pToken=0x1be8df70) returned 0x0 [0237.719] WbemLocator:IUnknown:AddRef (This=0x1ae73d70) returned 0x4 [0237.719] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae73d70, riid=0x7ffb7330d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8e088 | out: ppvObject=0x1be8e088*=0x0) returned 0x80004002 [0237.719] WbemLocator:IUnknown:Release (This=0x1ae73d70) returned 0x3 [0237.719] WbemLocator:IUnknown:Release (This=0x1ae73d70) returned 0x2 [0237.719] WbemLocator:IUnknown:Release (This=0x1ae739d0) returned 0x0 [0237.720] WbemLocator:IUnknown:Release (This=0x1ae73d70) returned 0x1 [0237.721] CoGetContextToken (in: pToken=0x1be8e590 | out: pToken=0x1be8e590) returned 0x0 [0237.721] IIDFromString (in: lpsz="{DC12A687-737F-11CF-884D-00AA004B2E24}", lpiid=0x1be8e610 | out: lpiid=0x1be8e610) returned 0x0 [0237.721] CoGetContextToken (in: pToken=0x1be8e4d0 | out: pToken=0x1be8e4d0) returned 0x0 [0237.721] WbemLocator:IUnknown:AddRef (This=0x1ae73d70) returned 0x2 [0237.722] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae73d70, riid=0x1be8e610*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1be8e5f0 | out: ppvObject=0x1be8e5f0*=0x1ae73d70) returned 0x0 [0237.722] WbemLocator:IUnknown:Release (This=0x1ae73d70) returned 0x2 [0237.722] WbemLocator:IUnknown:Release (This=0x1ae73d70) returned 0x1 [0237.795] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1ae72030, puCount=0x1be8e9f0 | out: puCount=0x1be8e9f0*=0x2) returned 0x0 [0237.795] WbemDefPath:IWbemPath:GetText (in: This=0x1ae72030, lFlags=8, puBuffLength=0x1be8e9f0*=0x0, pszText=0x0 | out: puBuffLength=0x1be8e9f0*=0x19, pszText=0x0) returned 0x0 [0237.795] WbemDefPath:IWbemPath:GetText (in: This=0x1ae72030, lFlags=8, puBuffLength=0x1be8e9f0*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x1be8e9f0*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0237.806] CoCreateInstance (in: rclsid=0x7ffb853a15a8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ffb853a14d8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x1be8e660 | out: ppv=0x1be8e660*=0x1ae73cb0) returned 0x0 [0237.807] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1ae73cb0, strNetworkResource="\\\\.\\ROOT\\SecurityCenter2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x1be8e8f0 | out: ppNamespace=0x1be8e8f0*=0x1c086800) returned 0x0 [0238.492] WbemLocator:IUnknown:QueryInterface (in: This=0x1c086800, riid=0x7ffb853a1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8e4d8 | out: ppvObject=0x1be8e4d8*=0x1ae93150) returned 0x0 [0238.492] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x1ae93150, pProxy=0x1c086800, pAuthnSvc=0x1be8e4d0, pAuthzSvc=0x1be8e4cc, pServerPrincName=0x1be8e4f8, pAuthnLevel=0x1be8e4c8, pImpLevel=0x1be8e4e4, pAuthInfo=0x1be8e508, pCapabilites=0x1be8e4e0 | out: pAuthnSvc=0x1be8e4d0*=0xa, pAuthzSvc=0x1be8e4cc*=0x0, pServerPrincName=0x1be8e4f8, pAuthnLevel=0x1be8e4c8*=0x6, pImpLevel=0x1be8e4e4*=0x2, pAuthInfo=0x1be8e508, pCapabilites=0x1be8e4e0*=0x1) returned 0x0 [0238.492] WbemLocator:IUnknown:Release (This=0x1ae93150) returned 0x1 [0238.492] WbemLocator:IUnknown:QueryInterface (in: This=0x1c086800, riid=0x7ffb853a1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8e478 | out: ppvObject=0x1be8e478*=0x1ae93198) returned 0x0 [0238.493] WbemLocator:IUnknown:QueryInterface (in: This=0x1c086800, riid=0x7ffb853a1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8e408 | out: ppvObject=0x1be8e408*=0x1ae93150) returned 0x0 [0238.493] WbemLocator:IClientSecurity:SetBlanket (This=0x1ae93150, pProxy=0x1c086800, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0238.493] WbemLocator:IUnknown:Release (This=0x1ae93150) returned 0x2 [0238.493] WbemLocator:IUnknown:Release (This=0x1ae93198) returned 0x1 [0238.493] CoTaskMemFree (pv=0x1af514b0) [0238.493] WbemLocator:IUnknown:Release (This=0x1ae73cb0) returned 0x0 [0238.493] WbemLocator:IUnknown:QueryInterface (in: This=0x1c086800, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8e0f0 | out: ppvObject=0x1be8e0f0*=0x1ae93198) returned 0x0 [0238.494] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae93198, riid=0x7ffb7330d840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1be8e170 | out: ppvObject=0x1be8e170*=0x0) returned 0x80004002 [0238.494] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae93198, riid=0x7ffb7330d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1be8df08 | out: ppvObject=0x1be8df08*=0x0) returned 0x80004002 [0238.495] WbemLocator:IUnknown:AddRef (This=0x1ae93198) returned 0x3 [0238.495] CoGetContextToken (in: pToken=0x1be8ddc0 | out: pToken=0x1be8ddc0) returned 0x0 [0238.495] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae93198, riid=0x7ffb7330d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8dd80 | out: ppvObject=0x1be8dd80*=0x1ae93078) returned 0x0 [0238.496] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1ae93078, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1be8ddb0 | out: pCid=0x1be8ddb0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0238.496] WbemLocator:IUnknown:Release (This=0x1ae93078) returned 0x3 [0238.496] CoGetContextToken (in: pToken=0x1be8dd90 | out: pToken=0x1be8dd90) returned 0x0 [0238.496] WbemLocator:IUnknown:AddRef (This=0x1ae93198) returned 0x4 [0238.496] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae93198, riid=0x7ffb7330d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8dea8 | out: ppvObject=0x1be8dea8*=0x1ae93160) returned 0x0 [0238.496] WbemLocator:IUnknown:Release (This=0x1ae93198) returned 0x4 [0238.497] WbemLocator:IRpcOptions:Query (in: This=0x1ae93160, pPrx=0x1ae93198, dwProperty=2, pdwValue=0x1be8df18 | out: pdwValue=0x1be8df18) returned 0x80004002 [0238.497] WbemLocator:IUnknown:Release (This=0x1ae93160) returned 0x3 [0238.498] WbemLocator:IUnknown:Release (This=0x1ae93198) returned 0x2 [0238.499] CoGetContextToken (in: pToken=0x1be8e290 | out: pToken=0x1be8e290) returned 0x0 [0238.499] IIDFromString (in: lpsz="{9556DC99-828C-11CF-A37E-00AA003240C7}", lpiid=0x1be8e310 | out: lpiid=0x1be8e310) returned 0x0 [0238.499] CoGetContextToken (in: pToken=0x1be8e1d0 | out: pToken=0x1be8e1d0) returned 0x0 [0238.499] WbemLocator:IUnknown:AddRef (This=0x1ae93198) returned 0x3 [0238.499] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae93198, riid=0x1be8e310*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1be8e2f0 | out: ppvObject=0x1be8e2f0*=0x1c086800) returned 0x0 [0238.499] WbemLocator:IUnknown:Release (This=0x1ae93198) returned 0x3 [0238.500] WbemLocator:IUnknown:Release (This=0x1c086800) returned 0x2 [0238.506] WbemLocator:IUnknown:Release (This=0x1c086800) returned 0x1 [0238.506] SysStringLen (param_1=0x0) returned 0x0 [0238.586] CoGetContextToken (in: pToken=0x1be8e910 | out: pToken=0x1be8e910) returned 0x0 [0238.586] WbemLocator:IUnknown:AddRef (This=0x1ae93198) returned 0x2 [0238.587] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae93198, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8e4e0 | out: ppvObject=0x1be8e4e0*=0x1ae93198) returned 0x0 [0238.591] WbemLocator:IUnknown:Release (This=0x1ae93198) returned 0x2 [0238.591] WbemLocator:IUnknown:Release (This=0x1ae93198) returned 0x1 [0238.611] CoGetContextToken (in: pToken=0x1be8e530 | out: pToken=0x1be8e530) returned 0x0 [0238.611] CoGetContextToken (in: pToken=0x1be8e470 | out: pToken=0x1be8e470) returned 0x0 [0238.611] WbemLocator:IUnknown:AddRef (This=0x1ae93198) returned 0x2 [0238.611] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae93198, riid=0x1be8e5b0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1be8e590 | out: ppvObject=0x1be8e590*=0x1c086800) returned 0x0 [0238.613] WbemLocator:IUnknown:Release (This=0x1ae93198) returned 0x2 [0238.613] WbemLocator:IUnknown:AddRef (This=0x1c086800) returned 0x3 [0238.614] IWbemServices:ExecQuery (in: This=0x1c086800, strQueryLanguage="WQL", strQuery="SELECT DisplayName FROM AntiVirusProduct", lFlags=16, pCtx=0x0, ppEnum=0x1be8ea28 | out: ppEnum=0x1be8ea28*=0x1ae83650) returned 0x0 [0238.633] IUnknown:QueryInterface (in: This=0x1ae83650, riid=0x7ffb853a1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8e638 | out: ppvObject=0x1be8e638*=0x1ae83658) returned 0x0 [0238.633] IClientSecurity:QueryBlanket (in: This=0x1ae83658, pProxy=0x1ae83650, pAuthnSvc=0x1be8e630, pAuthzSvc=0x1be8e62c, pServerPrincName=0x1be8e658, pAuthnLevel=0x1be8e628, pImpLevel=0x1be8e644, pAuthInfo=0x1be8e668, pCapabilites=0x1be8e640 | out: pAuthnSvc=0x1be8e630*=0xa, pAuthzSvc=0x1be8e62c*=0x0, pServerPrincName=0x1be8e658, pAuthnLevel=0x1be8e628*=0x6, pImpLevel=0x1be8e644*=0x2, pAuthInfo=0x1be8e668, pCapabilites=0x1be8e640*=0x1) returned 0x0 [0238.633] IUnknown:Release (This=0x1ae83658) returned 0x1 [0238.633] IUnknown:QueryInterface (in: This=0x1ae83650, riid=0x7ffb853a1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8e5d8 | out: ppvObject=0x1be8e5d8*=0x1ae934d8) returned 0x0 [0238.633] IUnknown:QueryInterface (in: This=0x1ae83650, riid=0x7ffb853a1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8e568 | out: ppvObject=0x1be8e568*=0x1ae83658) returned 0x0 [0238.635] IClientSecurity:SetBlanket (This=0x1ae83658, pProxy=0x1ae83650, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0238.717] IUnknown:Release (This=0x1ae83658) returned 0x2 [0238.717] WbemLocator:IUnknown:Release (This=0x1ae934d8) returned 0x1 [0238.717] CoTaskMemFree (pv=0x1af51480) [0238.717] IUnknown:QueryInterface (in: This=0x1ae83650, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8e210 | out: ppvObject=0x1be8e210*=0x1ae934d8) returned 0x0 [0238.718] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae934d8, riid=0x7ffb7330d840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1be8e290 | out: ppvObject=0x1be8e290*=0x0) returned 0x80004002 [0238.724] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae934d8, riid=0x7ffb7330d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1be8e028 | out: ppvObject=0x1be8e028*=0x0) returned 0x80004002 [0238.734] WbemLocator:IUnknown:AddRef (This=0x1ae934d8) returned 0x3 [0238.734] CoGetContextToken (in: pToken=0x1be8dee0 | out: pToken=0x1be8dee0) returned 0x0 [0238.734] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae934d8, riid=0x7ffb7330d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8dea0 | out: ppvObject=0x1be8dea0*=0x1ae933b8) returned 0x0 [0238.734] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1ae933b8, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1be8ded0 | out: pCid=0x1be8ded0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0238.735] WbemLocator:IUnknown:Release (This=0x1ae933b8) returned 0x3 [0238.735] CoGetContextToken (in: pToken=0x1be8deb0 | out: pToken=0x1be8deb0) returned 0x0 [0238.735] WbemLocator:IUnknown:AddRef (This=0x1ae934d8) returned 0x4 [0238.735] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae934d8, riid=0x7ffb7330d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8dfc8 | out: ppvObject=0x1be8dfc8*=0x1ae934a0) returned 0x0 [0238.735] WbemLocator:IUnknown:Release (This=0x1ae934d8) returned 0x4 [0238.735] WbemLocator:IRpcOptions:Query (in: This=0x1ae934a0, pPrx=0x1ae934d8, dwProperty=2, pdwValue=0x1be8e038 | out: pdwValue=0x1be8e038) returned 0x80004002 [0238.735] WbemLocator:IUnknown:Release (This=0x1ae934a0) returned 0x3 [0238.736] WbemLocator:IUnknown:Release (This=0x1ae934d8) returned 0x2 [0238.736] CoGetContextToken (in: pToken=0x1be8e3b0 | out: pToken=0x1be8e3b0) returned 0x0 [0238.736] IIDFromString (in: lpsz="{027947E1-D731-11CE-A357-000000000001}", lpiid=0x1be8e430 | out: lpiid=0x1be8e430) returned 0x0 [0238.736] CoGetContextToken (in: pToken=0x1be8e2f0 | out: pToken=0x1be8e2f0) returned 0x0 [0238.736] WbemLocator:IUnknown:AddRef (This=0x1ae934d8) returned 0x3 [0238.736] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae934d8, riid=0x1be8e430*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1be8e410 | out: ppvObject=0x1be8e410*=0x1ae83650) returned 0x0 [0238.737] WbemLocator:IUnknown:Release (This=0x1ae934d8) returned 0x3 [0238.737] IUnknown:Release (This=0x1ae83650) returned 0x2 [0238.737] IUnknown:Release (This=0x1ae83650) returned 0x1 [0238.737] WbemLocator:IUnknown:Release (This=0x1c086800) returned 0x2 [0238.737] SysStringLen (param_1=0x0) returned 0x0 [0238.821] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1ae72030, puCount=0x1be8ea50 | out: puCount=0x1be8ea50*=0x2) returned 0x0 [0238.821] WbemDefPath:IWbemPath:GetText (in: This=0x1ae72030, lFlags=4, puBuffLength=0x1be8ea50*=0x0, pszText=0x0 | out: puBuffLength=0x1be8ea50*=0x19, pszText=0x0) returned 0x0 [0238.821] WbemDefPath:IWbemPath:GetText (in: This=0x1ae72030, lFlags=4, puBuffLength=0x1be8ea50*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x1be8ea50*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0238.835] CoGetContextToken (in: pToken=0x1be8e5d0 | out: pToken=0x1be8e5d0) returned 0x0 [0238.835] CoGetContextToken (in: pToken=0x1be8e510 | out: pToken=0x1be8e510) returned 0x0 [0238.835] WbemLocator:IUnknown:AddRef (This=0x1ae934d8) returned 0x2 [0238.836] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae934d8, riid=0x1be8e650*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1be8e630 | out: ppvObject=0x1be8e630*=0x1ae83650) returned 0x0 [0238.836] WbemLocator:IUnknown:Release (This=0x1ae934d8) returned 0x2 [0238.836] IUnknown:AddRef (This=0x1ae83650) returned 0x3 [0238.836] IEnumWbemClassObject:Clone (in: This=0x1ae83650, ppEnum=0x1be8ea90 | out: ppEnum=0x1be8ea90*=0x1aec0090) returned 0x0 [0238.858] IUnknown:QueryInterface (in: This=0x1aec0090, riid=0x7ffb853a1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8e6e8 | out: ppvObject=0x1be8e6e8*=0x1aec0098) returned 0x0 [0238.858] IClientSecurity:QueryBlanket (in: This=0x1aec0098, pProxy=0x1aec0090, pAuthnSvc=0x1be8e6e0, pAuthzSvc=0x1be8e6dc, pServerPrincName=0x1be8e708, pAuthnLevel=0x1be8e6d8, pImpLevel=0x1be8e6f4, pAuthInfo=0x1be8e718, pCapabilites=0x1be8e6f0 | out: pAuthnSvc=0x1be8e6e0*=0xa, pAuthzSvc=0x1be8e6dc*=0x0, pServerPrincName=0x1be8e708, pAuthnLevel=0x1be8e6d8*=0x6, pImpLevel=0x1be8e6f4*=0x2, pAuthInfo=0x1be8e718, pCapabilites=0x1be8e6f0*=0x1) returned 0x0 [0238.858] IUnknown:Release (This=0x1aec0098) returned 0x1 [0238.858] IUnknown:QueryInterface (in: This=0x1aec0090, riid=0x7ffb853a1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8e688 | out: ppvObject=0x1be8e688*=0x1c08ade8) returned 0x0 [0238.858] IUnknown:QueryInterface (in: This=0x1aec0090, riid=0x7ffb853a1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8e618 | out: ppvObject=0x1be8e618*=0x1aec0098) returned 0x0 [0238.858] IClientSecurity:SetBlanket (This=0x1aec0098, pProxy=0x1aec0090, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0238.861] IUnknown:Release (This=0x1aec0098) returned 0x2 [0238.861] WbemLocator:IUnknown:Release (This=0x1c08ade8) returned 0x1 [0238.861] CoTaskMemFree (pv=0x1af51f00) [0238.861] IUnknown:QueryInterface (in: This=0x1aec0090, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8e2b0 | out: ppvObject=0x1be8e2b0*=0x1c08ade8) returned 0x0 [0238.862] WbemLocator:IUnknown:QueryInterface (in: This=0x1c08ade8, riid=0x7ffb7330d840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1be8e330 | out: ppvObject=0x1be8e330*=0x0) returned 0x80004002 [0238.862] WbemLocator:IUnknown:QueryInterface (in: This=0x1c08ade8, riid=0x7ffb7330d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1be8e0c8 | out: ppvObject=0x1be8e0c8*=0x0) returned 0x80004002 [0238.863] WbemLocator:IUnknown:AddRef (This=0x1c08ade8) returned 0x3 [0238.863] CoGetContextToken (in: pToken=0x1be8df80 | out: pToken=0x1be8df80) returned 0x0 [0238.863] WbemLocator:IUnknown:QueryInterface (in: This=0x1c08ade8, riid=0x7ffb7330d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8df40 | out: ppvObject=0x1be8df40*=0x1c08acc8) returned 0x0 [0238.864] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1c08acc8, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1be8df70 | out: pCid=0x1be8df70*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0238.864] WbemLocator:IUnknown:Release (This=0x1c08acc8) returned 0x3 [0238.864] CoGetContextToken (in: pToken=0x1be8df50 | out: pToken=0x1be8df50) returned 0x0 [0238.864] WbemLocator:IUnknown:AddRef (This=0x1c08ade8) returned 0x4 [0238.864] WbemLocator:IUnknown:QueryInterface (in: This=0x1c08ade8, riid=0x7ffb7330d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8e068 | out: ppvObject=0x1be8e068*=0x1c08adb0) returned 0x0 [0238.864] WbemLocator:IUnknown:Release (This=0x1c08ade8) returned 0x4 [0238.864] WbemLocator:IRpcOptions:Query (in: This=0x1c08adb0, pPrx=0x1c08ade8, dwProperty=2, pdwValue=0x1be8e0d8 | out: pdwValue=0x1be8e0d8) returned 0x80004002 [0238.864] WbemLocator:IUnknown:Release (This=0x1c08adb0) returned 0x3 [0238.865] WbemLocator:IUnknown:Release (This=0x1c08ade8) returned 0x2 [0238.865] CoGetContextToken (in: pToken=0x1be8e450 | out: pToken=0x1be8e450) returned 0x0 [0238.865] CoGetContextToken (in: pToken=0x1be8e390 | out: pToken=0x1be8e390) returned 0x0 [0238.865] WbemLocator:IUnknown:AddRef (This=0x1c08ade8) returned 0x3 [0238.865] WbemLocator:IUnknown:QueryInterface (in: This=0x1c08ade8, riid=0x1be8e4d0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1be8e4b0 | out: ppvObject=0x1be8e4b0*=0x1aec0090) returned 0x0 [0238.865] WbemLocator:IUnknown:Release (This=0x1c08ade8) returned 0x3 [0238.865] IUnknown:Release (This=0x1aec0090) returned 0x2 [0238.865] IUnknown:Release (This=0x1aec0090) returned 0x1 [0238.865] IUnknown:Release (This=0x1ae83650) returned 0x2 [0238.866] SysStringLen (param_1=0x0) returned 0x0 [0238.903] CoGetContextToken (in: pToken=0x1be8e8d0 | out: pToken=0x1be8e8d0) returned 0x0 [0238.903] CoGetContextToken (in: pToken=0x1be8e810 | out: pToken=0x1be8e810) returned 0x0 [0238.903] WbemLocator:IUnknown:AddRef (This=0x1c08ade8) returned 0x2 [0238.903] WbemLocator:IUnknown:QueryInterface (in: This=0x1c08ade8, riid=0x1be8e950*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1be8e930 | out: ppvObject=0x1be8e930*=0x1aec0090) returned 0x0 [0238.903] WbemLocator:IUnknown:Release (This=0x1c08ade8) returned 0x2 [0238.903] IUnknown:AddRef (This=0x1aec0090) returned 0x3 [0238.903] IEnumWbemClassObject:Reset (This=0x1aec0090) returned 0x0 [0238.904] IUnknown:Release (This=0x1aec0090) returned 0x2 [0238.994] CoTaskMemAlloc (cb=0x8) returned 0x1af2a800 [0238.994] IEnumWbemClassObject:Next (in: This=0x1aec0090, lTimeout=-1, uCount=0x1, apObjects=0x1af2a800, puReturned=0x1be8eb58 | out: apObjects=0x1af2a800*=0x1af5a2e0, puReturned=0x1be8eb58*=0x1) returned 0x0 [0239.012] IUnknown:QueryInterface (in: This=0x1af5a2e0, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8de80 | out: ppvObject=0x1be8de80*=0x1af5a2e0) returned 0x0 [0239.013] IUnknown:QueryInterface (in: This=0x1af5a2e0, riid=0x7ffb7330d840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1be8df00 | out: ppvObject=0x1be8df00*=0x0) returned 0x80004002 [0239.013] IUnknown:QueryInterface (in: This=0x1af5a2e0, riid=0x7ffb7330d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1be8dc98 | out: ppvObject=0x1be8dc98*=0x0) returned 0x80004002 [0239.014] IUnknown:AddRef (This=0x1af5a2e0) returned 0x3 [0239.014] CoGetContextToken (in: pToken=0x1be8db50 | out: pToken=0x1be8db50) returned 0x0 [0239.014] IUnknown:QueryInterface (in: This=0x1af5a2e0, riid=0x7ffb7330d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8db10 | out: ppvObject=0x1be8db10*=0x1af5a2e8) returned 0x0 [0239.014] IMarshal:GetUnmarshalClass (in: This=0x1af5a2e8, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1be8db40 | out: pCid=0x1be8db40*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0239.014] IUnknown:Release (This=0x1af5a2e8) returned 0x3 [0239.014] CoGetContextToken (in: pToken=0x1be8db20 | out: pToken=0x1be8db20) returned 0x0 [0239.014] IUnknown:AddRef (This=0x1af5a2e0) returned 0x4 [0239.014] IUnknown:QueryInterface (in: This=0x1af5a2e0, riid=0x7ffb7330d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1be8dc38 | out: ppvObject=0x1be8dc38*=0x0) returned 0x80004002 [0239.015] IUnknown:Release (This=0x1af5a2e0) returned 0x3 [0239.015] IUnknown:Release (This=0x1af5a2e0) returned 0x2 [0239.015] CoGetContextToken (in: pToken=0x1be8dfe0 | out: pToken=0x1be8dfe0) returned 0x0 [0239.015] CoGetContextToken (in: pToken=0x1be8df20 | out: pToken=0x1be8df20) returned 0x0 [0239.015] IUnknown:AddRef (This=0x1af5a2e0) returned 0x3 [0239.015] IUnknown:QueryInterface (in: This=0x1af5a2e0, riid=0x1be8e060*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1be8e040 | out: ppvObject=0x1be8e040*=0x1af5a2e0) returned 0x0 [0239.015] IUnknown:Release (This=0x1af5a2e0) returned 0x3 [0239.015] IUnknown:Release (This=0x1af5a2e0) returned 0x2 [0239.016] IUnknown:Release (This=0x1af5a2e0) returned 0x1 [0239.016] CoTaskMemFree (pv=0x1af2a800) [0239.016] CoGetContextToken (in: pToken=0x1be8e960 | out: pToken=0x1be8e960) returned 0x0 [0239.016] IUnknown:AddRef (This=0x1af5a2e0) returned 0x2 [0239.400] IWbemClassObject:Get (in: This=0x1af5a2e0, wszName="__GENUS", lFlags=0, pVal=0x1be8ead0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1be8eacc*=0, plFlavor=0x1be8eac8*=0 | out: pVal=0x1be8ead0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1be8eacc*=3, plFlavor=0x1be8eac8*=64) returned 0x0 [0239.809] IWbemClassObject:Get (in: This=0x1af5a2e0, wszName="__PATH", lFlags=0, pVal=0x1be8ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1be8ea6c*=0, plFlavor=0x1be8ea68*=0 | out: pVal=0x1be8ea70*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1be8ea6c*=8, plFlavor=0x1be8ea68*=64) returned 0x0 [0239.809] IWbemClassObject:Get (in: This=0x1af5a2e0, wszName="__RELPATH", lFlags=0, pVal=0x1be8ea70*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1be8ea6c*=8, plFlavor=0x1be8ea68*=64 | out: pVal=0x1be8ea70*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1be8ea6c*=8, plFlavor=0x1be8ea68*=64) returned 0x0 [0239.856] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1ae72030, puCount=0x1be8eaa0 | out: puCount=0x1be8eaa0*=0x2) returned 0x0 [0239.856] WbemDefPath:IWbemPath:GetText (in: This=0x1ae72030, lFlags=4, puBuffLength=0x1be8eaa0*=0x0, pszText=0x0 | out: puBuffLength=0x1be8eaa0*=0x19, pszText=0x0) returned 0x0 [0239.856] WbemDefPath:IWbemPath:GetText (in: This=0x1ae72030, lFlags=4, puBuffLength=0x1be8eaa0*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x1be8eaa0*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0240.234] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1ae72030, puCount=0x1be8ea70 | out: puCount=0x1be8ea70*=0x2) returned 0x0 [0240.235] WbemDefPath:IWbemPath:GetText (in: This=0x1ae72030, lFlags=4, puBuffLength=0x1be8ea70*=0x0, pszText=0x0 | out: puBuffLength=0x1be8ea70*=0x19, pszText=0x0) returned 0x0 [0240.235] WbemDefPath:IWbemPath:GetText (in: This=0x1ae72030, lFlags=4, puBuffLength=0x1be8ea70*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x1be8ea70*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0240.317] IWbemClassObject:Get (in: This=0x1af5a2e0, wszName="DisplayName", lFlags=0, pVal=0x1be8ea90*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1be8ea8c*=0, plFlavor=0x1be8ea88*=0 | out: pVal=0x1be8ea90*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Windows Defender", varVal2=0x0), pType=0x1be8ea8c*=8, plFlavor=0x1be8ea88*=0) returned 0x0 [0240.318] SysStringLen (param_1="Windows Defender") returned 0x10 [0240.332] IWbemClassObject:Get (in: This=0x1af5a2e0, wszName="DisplayName", lFlags=0, pVal=0x1be8eae0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1be8eadc*=8, plFlavor=0x1be8ead8*=0 | out: pVal=0x1be8eae0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Windows Defender", varVal2=0x0), pType=0x1be8eadc*=8, plFlavor=0x1be8ead8*=0) returned 0x0 [0240.332] SysStringLen (param_1="Windows Defender") returned 0x10 [0240.475] CoGetContextToken (in: pToken=0x1be8e860 | out: pToken=0x1be8e860) returned 0x0 [0240.475] WbemLocator:IUnknown:Release (This=0x1c08ade8) returned 0x1 [0240.476] IUnknown:Release (This=0x1aec0090) returned 0x0 [0240.509] SetEvent (hEvent=0x470) returned 1 [0240.509] GetForegroundWindow () returned 0x100d4 [0240.510] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0240.510] EnumProcesses (in: lpidProcess=0x287f890, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x287f890, lpcbNeeded=0x1be8f450) returned 1 [0240.520] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1be8f3f0*=0xfa08) returned 0x0 [0240.523] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0240.523] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0240.523] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="FolderView") returned 10 [0240.526] CoTaskMemFree (pv=0x1c07bf90) [0240.527] WSASend (in: s=0x410, lpBuffers=0x1be8f2e0*=((len=0xc, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1be8f2d8, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1be8f2d8*=0xc, lpOverlapped=0x27ce1c8) returned 0 [0240.530] GetForegroundWindow () returned 0x10080 [0240.530] CoTaskMemAlloc (cb=0x204) returned 0x1c07b540 [0240.531] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b540, nMaxCount=256 | out: lpString="") returned 0 [0240.531] CoTaskMemFree (pv=0x1c07b540) [0240.531] GetForegroundWindow () returned 0x10080 [0240.531] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0240.531] EnumProcesses (in: lpidProcess=0x289deb0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x289deb0, lpcbNeeded=0x1be8f450) returned 1 [0240.533] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7da10, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12a7da10, ResultLength=0x1be8f3f0*=0xfa08) returned 0x0 [0240.536] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0240.538] CoTaskMemAlloc (cb=0x204) returned 0x1c07c1a0 [0240.539] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c1a0, nMaxCount=256 | out: lpString="") returned 0 [0240.539] CoTaskMemFree (pv=0x1c07c1a0) [0240.539] GetForegroundWindow () returned 0x10080 [0240.539] CoTaskMemAlloc (cb=0x204) returned 0x1c07b330 [0240.539] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b330, nMaxCount=256 | out: lpString="") returned 0 [0240.539] CoTaskMemFree (pv=0x1c07b330) [0240.539] GetForegroundWindow () returned 0x10080 [0240.539] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0240.540] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0240.540] CoTaskMemFree (pv=0x1c07c3b0) [0240.540] GetForegroundWindow () returned 0x100d4 [0240.540] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0240.540] EnumProcesses (in: lpidProcess=0x28bc620, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28bc620, lpcbNeeded=0x1be8f460) returned 1 [0240.679] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x126b6e90, ResultLength=0x1be8f400*=0xfa08) returned 0x0 [0240.682] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0240.685] CoTaskMemAlloc (cb=0x204) returned 0x1c07c7d0 [0240.685] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07c7d0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0240.685] CoTaskMemFree (pv=0x1c07c7d0) [0240.686] GetForegroundWindow () returned 0x10080 [0240.686] CoTaskMemAlloc (cb=0x204) returned 0x1c07b120 [0240.686] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b120, nMaxCount=256 | out: lpString="") returned 0 [0240.686] CoTaskMemFree (pv=0x1c07b120) [0240.686] GetForegroundWindow () returned 0x10080 [0240.686] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0240.686] EnumProcesses (in: lpidProcess=0x27c8940, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27c8940, lpcbNeeded=0x1be8f460) returned 1 [0240.687] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12700a18, ResultLength=0x1be8f400*=0xfa08) returned 0x0 [0240.688] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0240.688] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0240.688] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0240.688] CoTaskMemFree (pv=0x1c07c3b0) [0240.688] GetForegroundWindow () returned 0x10080 [0240.688] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0240.689] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="") returned 0 [0240.689] CoTaskMemFree (pv=0x1c07bf90) [0240.689] GetForegroundWindow () returned 0x10080 [0240.689] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0240.689] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0240.689] CoTaskMemFree (pv=0x1c07b960) [0240.689] GetForegroundWindow () returned 0x100d4 [0240.689] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0240.690] EnumProcesses (in: lpidProcess=0x27e7840, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27e7840, lpcbNeeded=0x1be8f450) returned 1 [0240.690] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12720a48, ResultLength=0x1be8f3f0*=0xfa08) returned 0x0 [0240.691] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0240.691] CoTaskMemAlloc (cb=0x204) returned 0x1c07b540 [0240.691] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07b540, nMaxCount=256 | out: lpString="FolderView") returned 10 [0240.691] CoTaskMemFree (pv=0x1c07b540) [0240.691] GetForegroundWindow () returned 0x10080 [0240.691] CoTaskMemAlloc (cb=0x204) returned 0x1c07bd80 [0240.691] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bd80, nMaxCount=256 | out: lpString="") returned 0 [0240.692] CoTaskMemFree (pv=0x1c07bd80) [0240.692] GetForegroundWindow () returned 0x10080 [0240.692] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0240.692] EnumProcesses (in: lpidProcess=0x2805cb0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2805cb0, lpcbNeeded=0x1be8f450) returned 1 [0240.692] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12740a78, ResultLength=0x1be8f3f0*=0xfa08) returned 0x0 [0240.693] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0240.693] CoTaskMemAlloc (cb=0x204) returned 0x1c07c7d0 [0240.693] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c7d0, nMaxCount=256 | out: lpString="") returned 0 [0240.693] CoTaskMemFree (pv=0x1c07c7d0) [0240.693] GetForegroundWindow () returned 0x10080 [0240.693] CoTaskMemAlloc (cb=0x204) returned 0x1c07c7d0 [0240.693] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c7d0, nMaxCount=256 | out: lpString="") returned 0 [0240.694] CoTaskMemFree (pv=0x1c07c7d0) [0240.694] GetForegroundWindow () returned 0x10080 [0240.694] CoTaskMemAlloc (cb=0x204) returned 0x1c07c5c0 [0240.694] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c5c0, nMaxCount=256 | out: lpString="") returned 0 [0240.696] CoTaskMemFree (pv=0x1c07c5c0) [0240.696] GetForegroundWindow () returned 0x100d4 [0240.697] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0240.697] EnumProcesses (in: lpidProcess=0x28243c0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28243c0, lpcbNeeded=0x1be8f460) returned 1 [0240.697] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12760aa8, ResultLength=0x1be8f400*=0xfa08) returned 0x0 [0240.698] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0240.698] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0240.698] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0240.698] CoTaskMemFree (pv=0x1c07c3b0) [0240.698] GetForegroundWindow () returned 0x10080 [0240.698] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0240.698] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0240.698] CoTaskMemFree (pv=0x1c07b960) [0240.699] GetForegroundWindow () returned 0x10080 [0240.699] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0240.699] EnumProcesses (in: lpidProcess=0x28428a8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28428a8, lpcbNeeded=0x1be8f460) returned 1 [0240.700] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12780ad8, ResultLength=0x1be8f400*=0xfa08) returned 0x0 [0240.700] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0240.700] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0240.700] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="") returned 0 [0240.700] CoTaskMemFree (pv=0x1c07cbf0) [0240.701] GetLastInputInfo (in: plii=0x1be8f580 | out: plii=0x1be8f580*(cbSize=0x8, dwTime=0x16c90)) returned 1 [0240.701] GetForegroundWindow () returned 0x10080 [0240.701] CoTaskMemAlloc (cb=0x204) returned 0x1c07c5c0 [0240.701] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c5c0, nMaxCount=256 | out: lpString="") returned 0 [0240.701] CoTaskMemFree (pv=0x1c07c5c0) [0240.702] GetForegroundWindow () returned 0x10080 [0240.702] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0240.702] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0240.702] CoTaskMemFree (pv=0x1c07c3b0) [0240.702] GetForegroundWindow () returned 0x100d4 [0240.702] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0240.702] EnumProcesses (in: lpidProcess=0x2861000, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2861000, lpcbNeeded=0x1be8f450) returned 1 [0240.703] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127a0b08, ResultLength=0x1be8f3f0*=0xfa08) returned 0x0 [0240.703] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0240.703] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0240.703] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0240.704] CoTaskMemFree (pv=0x1c07cbf0) [0240.704] GetForegroundWindow () returned 0x10080 [0240.704] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0240.704] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0240.704] CoTaskMemFree (pv=0x1c07b960) [0240.704] GetForegroundWindow () returned 0x10080 [0240.704] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0240.704] EnumProcesses (in: lpidProcess=0x287f470, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x287f470, lpcbNeeded=0x1be8f450) returned 1 [0240.705] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127c0b38, ResultLength=0x1be8f3f0*=0xfa08) returned 0x0 [0240.743] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0240.743] CoTaskMemAlloc (cb=0x204) returned 0x1c07b330 [0240.743] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b330, nMaxCount=256 | out: lpString="") returned 0 [0240.743] CoTaskMemFree (pv=0x1c07b330) [0240.952] GetForegroundWindow () returned 0x10080 [0240.952] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0240.952] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0240.953] CoTaskMemFree (pv=0x1c07b960) [0241.345] GetForegroundWindow () returned 0x10080 [0241.345] CoTaskMemAlloc (cb=0x204) returned 0x1c07bd80 [0241.345] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bd80, nMaxCount=256 | out: lpString="") returned 0 [0241.345] CoTaskMemFree (pv=0x1c07bd80) [0241.346] GetForegroundWindow () returned 0x100d4 [0241.346] CoTaskMemAlloc (cb=0x204) returned 0x1c07c9e0 [0241.346] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07c9e0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0241.346] CoTaskMemFree (pv=0x1c07c9e0) [0241.346] GetForegroundWindow () returned 0x10080 [0241.346] CoTaskMemAlloc (cb=0x204) returned 0x1c07b540 [0241.346] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b540, nMaxCount=256 | out: lpString="") returned 0 [0241.346] CoTaskMemFree (pv=0x1c07b540) [0241.347] GetForegroundWindow () returned 0x10080 [0241.347] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0241.347] EnumProcesses (in: lpidProcess=0x27c5d78, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27c5d78, lpcbNeeded=0x1be8f460) returned 1 [0241.349] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12700a18, ResultLength=0x1be8f400*=0xfa08) returned 0x0 [0241.350] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0241.350] CoTaskMemAlloc (cb=0x204) returned 0x1c07c1a0 [0241.350] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c1a0, nMaxCount=256 | out: lpString="") returned 0 [0241.350] CoTaskMemFree (pv=0x1c07c1a0) [0241.351] GetForegroundWindow () returned 0x10080 [0241.351] CoTaskMemAlloc (cb=0x204) returned 0x1c07ce00 [0241.351] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07ce00, nMaxCount=256 | out: lpString="") returned 0 [0241.351] CoTaskMemFree (pv=0x1c07ce00) [0241.351] GetForegroundWindow () returned 0x10080 [0241.351] CoTaskMemAlloc (cb=0x204) returned 0x1c07c7d0 [0241.351] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c7d0, nMaxCount=256 | out: lpString="") returned 0 [0241.352] CoTaskMemFree (pv=0x1c07c7d0) [0241.352] GetForegroundWindow () returned 0x100d4 [0241.352] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0241.352] EnumProcesses (in: lpidProcess=0x27e4c20, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27e4c20, lpcbNeeded=0x1be8f450) returned 1 [0241.353] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12720a48, ResultLength=0x1be8f3f0*=0xfa08) returned 0x0 [0241.353] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0241.353] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0241.354] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="FolderView") returned 10 [0241.354] CoTaskMemFree (pv=0x1c07bf90) [0241.354] GetForegroundWindow () returned 0x10080 [0241.354] CoTaskMemAlloc (cb=0x204) returned 0x1c07bd80 [0241.354] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bd80, nMaxCount=256 | out: lpString="") returned 0 [0241.354] CoTaskMemFree (pv=0x1c07bd80) [0241.355] GetForegroundWindow () returned 0x10080 [0241.355] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0241.355] EnumProcesses (in: lpidProcess=0x2803090, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2803090, lpcbNeeded=0x1be8f450) returned 1 [0241.355] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12740a78, ResultLength=0x1be8f3f0*=0xfa08) returned 0x0 [0241.356] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0241.356] CoTaskMemAlloc (cb=0x204) returned 0x1c07c1a0 [0241.356] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c1a0, nMaxCount=256 | out: lpString="") returned 0 [0241.356] CoTaskMemFree (pv=0x1c07c1a0) [0241.357] GetForegroundWindow () returned 0x10080 [0241.429] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0241.429] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0241.429] CoTaskMemFree (pv=0x1c07c3b0) [0241.430] GetForegroundWindow () returned 0x10080 [0241.430] CoTaskMemAlloc (cb=0x204) returned 0x1c07b540 [0241.430] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b540, nMaxCount=256 | out: lpString="") returned 0 [0241.430] CoTaskMemFree (pv=0x1c07b540) [0241.431] GetForegroundWindow () returned 0x100d4 [0241.431] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0241.431] EnumProcesses (in: lpidProcess=0x2821818, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2821818, lpcbNeeded=0x1be8f460) returned 1 [0241.432] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12760aa8, ResultLength=0x1be8f400*=0xfa08) returned 0x0 [0241.433] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0241.433] CoTaskMemAlloc (cb=0x204) returned 0x1c07c7d0 [0241.433] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07c7d0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0241.433] CoTaskMemFree (pv=0x1c07c7d0) [0241.433] GetLastInputInfo (in: plii=0x1be8f580 | out: plii=0x1be8f580*(cbSize=0x8, dwTime=0x16f3f)) returned 1 [0241.434] GetForegroundWindow () returned 0x10080 [0241.434] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0241.434] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0241.434] CoTaskMemFree (pv=0x1c07c3b0) [0241.434] GetForegroundWindow () returned 0x10080 [0241.435] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0241.435] EnumProcesses (in: lpidProcess=0x283fcd0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x283fcd0, lpcbNeeded=0x1be8f460) returned 1 [0241.436] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12780ad8, ResultLength=0x1be8f400*=0xfa08) returned 0x0 [0241.436] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0241.436] CoTaskMemAlloc (cb=0x204) returned 0x1c07bd80 [0241.436] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bd80, nMaxCount=256 | out: lpString="") returned 0 [0241.436] CoTaskMemFree (pv=0x1c07bd80) [0241.437] GetForegroundWindow () returned 0x10080 [0241.437] CoTaskMemAlloc (cb=0x204) returned 0x1c07b120 [0241.437] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b120, nMaxCount=256 | out: lpString="") returned 0 [0241.437] CoTaskMemFree (pv=0x1c07b120) [0241.530] GetForegroundWindow () returned 0x10080 [0241.530] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0241.530] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0241.530] CoTaskMemFree (pv=0x1c07c3b0) [0241.532] GetForegroundWindow () returned 0x100d4 [0241.532] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0241.532] EnumProcesses (in: lpidProcess=0x289ac20, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x289ac20, lpcbNeeded=0x1be8f450) returned 1 [0241.533] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127e0b68, ResultLength=0x1be8f3f0*=0xfa08) returned 0x0 [0241.534] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0241.534] CoTaskMemAlloc (cb=0x204) returned 0x1c07ce00 [0241.534] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07ce00, nMaxCount=256 | out: lpString="FolderView") returned 10 [0241.534] CoTaskMemFree (pv=0x1c07ce00) [0241.655] GetForegroundWindow () returned 0x10080 [0241.655] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0241.655] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="") returned 0 [0241.655] CoTaskMemFree (pv=0x1c07bf90) [0241.658] GetForegroundWindow () returned 0x10080 [0241.658] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0241.658] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0241.658] CoTaskMemFree (pv=0x1c07b960) [0241.852] GetForegroundWindow () returned 0x10080 [0241.856] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0241.856] EnumProcesses (in: lpidProcess=0x28f6288, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28f6288, lpcbNeeded=0x1be8f460) returned 1 [0241.857] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12841018, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12841018, ResultLength=0x1be8f400*=0xfa08) returned 0x0 [0241.858] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0241.858] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0241.858] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0241.859] CoTaskMemFree (pv=0x1c07c3b0) [0241.861] GetForegroundWindow () returned 0x10080 [0241.861] CoTaskMemAlloc (cb=0x204) returned 0x1c07bb70 [0241.861] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bb70, nMaxCount=256 | out: lpString="") returned 0 [0241.861] CoTaskMemFree (pv=0x1c07bb70) [0241.985] GetForegroundWindow () returned 0x100d4 [0241.985] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0241.985] EnumProcesses (in: lpidProcess=0x2914cc0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2914cc0, lpcbNeeded=0x1be8f460) returned 1 [0241.986] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12861048, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12861048, ResultLength=0x1be8f400*=0xfa08) returned 0x0 [0241.987] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0241.987] CoTaskMemAlloc (cb=0x204) returned 0x1c07b330 [0241.987] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07b330, nMaxCount=256 | out: lpString="FolderView") returned 10 [0241.987] CoTaskMemFree (pv=0x1c07b330) [0241.988] GetForegroundWindow () returned 0x10080 [0241.988] CoTaskMemAlloc (cb=0x204) returned 0x1c07bd80 [0241.988] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bd80, nMaxCount=256 | out: lpString="") returned 0 [0241.988] CoTaskMemFree (pv=0x1c07bd80) [0242.110] GetForegroundWindow () returned 0x10080 [0242.111] CoTaskMemAlloc (cb=0x204) returned 0x1c07c9e0 [0242.111] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c9e0, nMaxCount=256 | out: lpString="") returned 0 [0242.111] CoTaskMemFree (pv=0x1c07c9e0) [0242.113] GetForegroundWindow () returned 0x10080 [0242.113] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0242.114] EnumProcesses (in: lpidProcess=0x296f750, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x296f750, lpcbNeeded=0x1be8f450) returned 1 [0242.118] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c10d8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x128c10d8, ResultLength=0x1be8f3f0*=0xfa08) returned 0x0 [0242.119] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0242.119] CoTaskMemAlloc (cb=0x204) returned 0x1c07b540 [0242.120] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b540, nMaxCount=256 | out: lpString="") returned 0 [0242.120] CoTaskMemFree (pv=0x1c07b540) [0242.282] GetForegroundWindow () returned 0x10080 [0242.282] CoTaskMemAlloc (cb=0x204) returned 0x1c07b120 [0242.282] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b120, nMaxCount=256 | out: lpString="") returned 0 [0242.283] CoTaskMemFree (pv=0x1c07b120) [0242.284] GetForegroundWindow () returned 0x100d4 [0242.284] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0242.284] EnumProcesses (in: lpidProcess=0x298e110, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x298e110, lpcbNeeded=0x1be8f450) returned 1 [0242.286] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x1299d8c0, ResultLength=0x1be8f3f0*=0xfa08) returned 0x0 [0242.299] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0242.299] CoTaskMemAlloc (cb=0x204) returned 0x1c07c7d0 [0242.299] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07c7d0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0242.299] CoTaskMemFree (pv=0x1c07c7d0) [0242.482] GetForegroundWindow () returned 0x10080 [0242.483] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0242.483] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0242.483] CoTaskMemFree (pv=0x1c07c3b0) [0242.484] GetForegroundWindow () returned 0x10080 [0242.485] CoTaskMemAlloc (cb=0x204) returned 0x1c07b120 [0242.485] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b120, nMaxCount=256 | out: lpString="") returned 0 [0242.485] CoTaskMemFree (pv=0x1c07b120) [0242.608] GetForegroundWindow () returned 0x10080 [0242.608] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0242.608] EnumProcesses (in: lpidProcess=0x2801518, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2801518, lpcbNeeded=0x1be8f460) returned 1 [0242.610] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x129fd950, ResultLength=0x1be8f400*=0xf9b8) returned 0x0 [0242.620] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0242.620] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0242.620] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0242.620] CoTaskMemFree (pv=0x1c07c3b0) [0242.622] GetForegroundWindow () returned 0x10080 [0242.623] CoTaskMemAlloc (cb=0x204) returned 0x1c07b540 [0242.623] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b540, nMaxCount=256 | out: lpString="") returned 0 [0242.623] CoTaskMemFree (pv=0x1c07b540) [0242.762] GetForegroundWindow () returned 0x100d4 [0242.762] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0242.762] EnumProcesses (in: lpidProcess=0x281fe48, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x281fe48, lpcbNeeded=0x1be8f460) returned 1 [0242.764] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12a1d980, ResultLength=0x1be8f400*=0xf9b8) returned 0x0 [0242.766] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0242.767] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0242.767] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0242.767] CoTaskMemFree (pv=0x1c07cbf0) [0242.768] GetForegroundWindow () returned 0x10080 [0242.768] CoTaskMemAlloc (cb=0x204) returned 0x1c07c9e0 [0242.768] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c9e0, nMaxCount=256 | out: lpString="") returned 0 [0242.768] CoTaskMemFree (pv=0x1c07c9e0) [0242.933] GetForegroundWindow () returned 0x10080 [0242.933] CoTaskMemAlloc (cb=0x204) returned 0x1c07b330 [0242.933] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b330, nMaxCount=256 | out: lpString="") returned 0 [0242.933] CoTaskMemFree (pv=0x1c07b330) [0242.934] GetForegroundWindow () returned 0x10080 [0242.934] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0242.934] EnumProcesses (in: lpidProcess=0x287a728, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x287a728, lpcbNeeded=0x1be8f450) returned 1 [0242.936] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7da10, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12a7da10, ResultLength=0x1be8f3f0*=0xf9b8) returned 0x0 [0242.938] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0242.939] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0242.939] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="") returned 0 [0242.939] CoTaskMemFree (pv=0x1c07cbf0) [0243.097] GetForegroundWindow () returned 0x10080 [0243.097] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0243.097] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0243.097] CoTaskMemFree (pv=0x1c07b960) [0243.099] GetForegroundWindow () returned 0x100d4 [0243.099] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0243.099] EnumProcesses (in: lpidProcess=0x2899118, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2899118, lpcbNeeded=0x1be8f450) returned 1 [0243.113] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x126b6e90, ResultLength=0x1be8f3f0*=0xf9b8) returned 0x0 [0243.114] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0243.114] CoTaskMemAlloc (cb=0x204) returned 0x1c07c7d0 [0243.114] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07c7d0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0243.114] CoTaskMemFree (pv=0x1c07c7d0) [0243.358] GetForegroundWindow () returned 0x10080 [0243.358] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0243.358] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="") returned 0 [0243.358] CoTaskMemFree (pv=0x1c07cbf0) [0243.360] GetForegroundWindow () returned 0x10080 [0243.360] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0243.360] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0243.360] CoTaskMemFree (pv=0x1c07c3b0) [0243.483] GetForegroundWindow () returned 0x10080 [0243.483] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0243.483] EnumProcesses (in: lpidProcess=0x2801370, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2801370, lpcbNeeded=0x1be8f460) returned 1 [0243.484] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12740a78, ResultLength=0x1be8f400*=0xf9b8) returned 0x0 [0243.485] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0243.485] CoTaskMemAlloc (cb=0x204) returned 0x1c07c1a0 [0243.485] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c1a0, nMaxCount=256 | out: lpString="") returned 0 [0243.485] CoTaskMemFree (pv=0x1c07c1a0) [0243.487] GetForegroundWindow () returned 0x10080 [0243.487] CoTaskMemAlloc (cb=0x204) returned 0x1c07c9e0 [0243.487] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c9e0, nMaxCount=256 | out: lpString="") returned 0 [0243.487] CoTaskMemFree (pv=0x1c07c9e0) [0243.655] GetForegroundWindow () returned 0x100d4 [0243.655] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0243.655] EnumProcesses (in: lpidProcess=0x281fca0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x281fca0, lpcbNeeded=0x1be8f460) returned 1 [0243.656] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12760aa8, ResultLength=0x1be8f400*=0xf968) returned 0x0 [0243.657] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0243.657] CoTaskMemAlloc (cb=0x204) returned 0x1c07c5c0 [0243.657] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07c5c0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0243.657] CoTaskMemFree (pv=0x1c07c5c0) [0243.659] GetForegroundWindow () returned 0x10080 [0243.659] CoTaskMemAlloc (cb=0x204) returned 0x1c07bd80 [0243.659] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bd80, nMaxCount=256 | out: lpString="") returned 0 [0243.659] CoTaskMemFree (pv=0x1c07bd80) [0243.788] GetForegroundWindow () returned 0x10080 [0243.788] CoTaskMemAlloc (cb=0x204) returned 0x1c07c7d0 [0243.788] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c7d0, nMaxCount=256 | out: lpString="") returned 0 [0243.789] CoTaskMemFree (pv=0x1c07c7d0) [0243.790] GetForegroundWindow () returned 0x10080 [0243.790] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0243.790] EnumProcesses (in: lpidProcess=0x287a3d0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x287a3d0, lpcbNeeded=0x1be8f450) returned 1 [0243.791] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127c0b38, ResultLength=0x1be8f3f0*=0xf968) returned 0x0 [0243.792] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0243.792] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0243.792] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0243.792] CoTaskMemFree (pv=0x1c07b960) [0244.686] GetForegroundWindow () returned 0x10080 [0244.686] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0244.686] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="") returned 0 [0244.686] CoTaskMemFree (pv=0x1c07bf90) [0244.688] GetForegroundWindow () returned 0x100d4 [0244.688] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0244.688] EnumProcesses (in: lpidProcess=0x2898ce8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2898ce8, lpcbNeeded=0x1be8f450) returned 1 [0244.692] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127e0b68, ResultLength=0x1be8f3f0*=0xf9b8) returned 0x0 [0244.693] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0244.694] CoTaskMemAlloc (cb=0x204) returned 0x1c07bb70 [0244.694] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07bb70, nMaxCount=256 | out: lpString="FolderView") returned 10 [0244.695] CoTaskMemFree (pv=0x1c07bb70) [0244.879] GetForegroundWindow () returned 0x10080 [0244.879] CoTaskMemAlloc (cb=0x204) returned 0x1c07bb70 [0244.880] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bb70, nMaxCount=256 | out: lpString="") returned 0 [0244.880] CoTaskMemFree (pv=0x1c07bb70) [0244.882] GetForegroundWindow () returned 0x10080 [0244.882] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0244.882] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0244.882] CoTaskMemFree (pv=0x1c07b960) [0245.067] GetForegroundWindow () returned 0x10080 [0245.067] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0245.068] EnumProcesses (in: lpidProcess=0x28f3b28, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28f3b28, lpcbNeeded=0x1be8f460) returned 1 [0245.069] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12841018, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12841018, ResultLength=0x1be8f400*=0xf8c8) returned 0x0 [0245.070] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0245.070] CoTaskMemAlloc (cb=0x204) returned 0x1c07b120 [0245.070] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b120, nMaxCount=256 | out: lpString="") returned 0 [0245.070] CoTaskMemFree (pv=0x1c07b120) [0245.072] GetLastInputInfo (in: plii=0x1be8f580 | out: plii=0x1be8f580*(cbSize=0x8, dwTime=0x16f3f)) returned 1 [0245.073] GetForegroundWindow () returned 0x10080 [0245.073] CoTaskMemAlloc (cb=0x204) returned 0x1c07bb70 [0245.073] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bb70, nMaxCount=256 | out: lpString="") returned 0 [0245.073] CoTaskMemFree (pv=0x1c07bb70) [0245.205] GetForegroundWindow () returned 0x100d4 [0245.205] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0245.205] EnumProcesses (in: lpidProcess=0x29122f0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x29122f0, lpcbNeeded=0x1be8f460) returned 1 [0245.206] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12861048, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12861048, ResultLength=0x1be8f400*=0xf8c8) returned 0x0 [0245.207] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0245.207] CoTaskMemAlloc (cb=0x204) returned 0x1c07c7d0 [0245.207] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07c7d0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0245.207] CoTaskMemFree (pv=0x1c07c7d0) [0245.209] GetForegroundWindow () returned 0x10080 [0245.209] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0245.209] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="") returned 0 [0245.209] CoTaskMemFree (pv=0x1c07bf90) [0245.345] GetForegroundWindow () returned 0x10080 [0245.345] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0245.345] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0245.345] CoTaskMemFree (pv=0x1c07b960) [0245.347] GetForegroundWindow () returned 0x10080 [0245.347] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0245.347] EnumProcesses (in: lpidProcess=0x296c938, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x296c938, lpcbNeeded=0x1be8f450) returned 1 [0245.348] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c10d8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x128c10d8, ResultLength=0x1be8f3f0*=0xf8c8) returned 0x0 [0245.348] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0245.349] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0245.349] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0245.349] CoTaskMemFree (pv=0x1c07b960) [0245.470] GetForegroundWindow () returned 0x10080 [0245.470] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0245.470] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0245.470] CoTaskMemFree (pv=0x1c07b960) [0245.472] GetForegroundWindow () returned 0x100d4 [0245.472] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0245.472] EnumProcesses (in: lpidProcess=0x298b0b8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x298b0b8, lpcbNeeded=0x1be8f450) returned 1 [0245.474] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x1299d8c0, ResultLength=0x1be8f3f0*=0xf8c8) returned 0x0 [0245.485] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0245.485] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0245.485] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0245.487] CoTaskMemFree (pv=0x1c07c3b0) [0245.612] WSASend (in: s=0x410, lpBuffers=0x1be8f2e0*=((len=0xc, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1be8f2d8, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1be8f2d8*=0xc, lpOverlapped=0x27ce1c8) returned 0 [0245.614] GetForegroundWindow () returned 0x10080 [0245.615] CoTaskMemAlloc (cb=0x204) returned 0x1c07bd80 [0245.615] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bd80, nMaxCount=256 | out: lpString="") returned 0 [0245.615] CoTaskMemFree (pv=0x1c07bd80) [0245.615] GetForegroundWindow () returned 0x10080 [0245.615] CoTaskMemAlloc (cb=0x204) returned 0x1c07ce00 [0245.616] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07ce00, nMaxCount=256 | out: lpString="") returned 0 [0245.616] CoTaskMemFree (pv=0x1c07ce00) [0245.740] GetForegroundWindow () returned 0x10080 [0245.740] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0245.740] EnumProcesses (in: lpidProcess=0x27fe7c0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27fe7c0, lpcbNeeded=0x1be8f460) returned 1 [0245.742] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x129fd950, ResultLength=0x1be8f400*=0xfa08) returned 0x0 [0245.753] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0245.753] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0245.753] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="") returned 0 [0245.753] CoTaskMemFree (pv=0x1c07cbf0) [0245.755] GetForegroundWindow () returned 0x10080 [0245.755] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0245.755] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="") returned 0 [0245.755] CoTaskMemFree (pv=0x1c07bf90) [0245.876] GetForegroundWindow () returned 0x100d4 [0245.877] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0245.877] EnumProcesses (in: lpidProcess=0x281d180, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x281d180, lpcbNeeded=0x1be8f460) returned 1 [0245.879] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12a1d980, ResultLength=0x1be8f400*=0xfa08) returned 0x0 [0245.881] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0245.882] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0245.882] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07b960, nMaxCount=256 | out: lpString="FolderView") returned 10 [0245.882] CoTaskMemFree (pv=0x1c07b960) [0245.885] GetForegroundWindow () returned 0x10080 [0245.885] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0245.885] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0245.885] CoTaskMemFree (pv=0x1c07b960) [0246.017] GetForegroundWindow () returned 0x10080 [0246.017] CoTaskMemAlloc (cb=0x204) returned 0x1c07b540 [0246.017] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b540, nMaxCount=256 | out: lpString="") returned 0 [0246.017] CoTaskMemFree (pv=0x1c07b540) [0246.019] GetForegroundWindow () returned 0x10080 [0246.019] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0246.019] EnumProcesses (in: lpidProcess=0x2877c10, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2877c10, lpcbNeeded=0x1be8f450) returned 1 [0246.021] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7da10, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12a7da10, ResultLength=0x1be8f3f0*=0xfa08) returned 0x0 [0246.024] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0246.025] CoTaskMemAlloc (cb=0x204) returned 0x1c07c7d0 [0246.025] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c7d0, nMaxCount=256 | out: lpString="") returned 0 [0246.025] CoTaskMemFree (pv=0x1c07c7d0) [0246.142] GetForegroundWindow () returned 0x10080 [0246.142] CoTaskMemAlloc (cb=0x204) returned 0x1c07c1a0 [0246.142] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c1a0, nMaxCount=256 | out: lpString="") returned 0 [0246.143] CoTaskMemFree (pv=0x1c07c1a0) [0246.144] GetForegroundWindow () returned 0x100d4 [0246.145] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0246.145] EnumProcesses (in: lpidProcess=0x28965d0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x28965d0, lpcbNeeded=0x1be8f450) returned 1 [0246.163] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x126b6e90, ResultLength=0x1be8f3f0*=0xfa08) returned 0x0 [0246.164] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0246.164] CoTaskMemAlloc (cb=0x204) returned 0x1c07bb70 [0246.164] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07bb70, nMaxCount=256 | out: lpString="FolderView") returned 10 [0246.165] CoTaskMemFree (pv=0x1c07bb70) [0246.283] GetForegroundWindow () returned 0x10080 [0246.283] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0246.283] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0246.283] CoTaskMemFree (pv=0x1c07b960) [0246.284] GetForegroundWindow () returned 0x10080 [0246.285] CoTaskMemAlloc (cb=0x204) returned 0x1c07c5c0 [0246.285] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c5c0, nMaxCount=256 | out: lpString="") returned 0 [0246.285] CoTaskMemFree (pv=0x1c07c5c0) [0246.408] GetForegroundWindow () returned 0x10080 [0246.408] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0246.408] EnumProcesses (in: lpidProcess=0x2801200, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2801200, lpcbNeeded=0x1be8f460) returned 1 [0246.409] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12740a78, ResultLength=0x1be8f400*=0xf9b8) returned 0x0 [0246.410] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0246.410] CoTaskMemAlloc (cb=0x204) returned 0x1c07ce00 [0246.410] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07ce00, nMaxCount=256 | out: lpString="") returned 0 [0246.410] CoTaskMemFree (pv=0x1c07ce00) [0246.412] GetForegroundWindow () returned 0x10080 [0246.412] CoTaskMemAlloc (cb=0x204) returned 0x1c07bb70 [0246.412] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bb70, nMaxCount=256 | out: lpString="") returned 0 [0246.412] CoTaskMemFree (pv=0x1c07bb70) [0246.533] GetForegroundWindow () returned 0x100d4 [0246.533] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0246.533] EnumProcesses (in: lpidProcess=0x281fa90, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x281fa90, lpcbNeeded=0x1be8f460) returned 1 [0246.534] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12760aa8, ResultLength=0x1be8f400*=0xf9b8) returned 0x0 [0246.535] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0246.535] CoTaskMemAlloc (cb=0x204) returned 0x1c07b120 [0246.535] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07b120, nMaxCount=256 | out: lpString="FolderView") returned 10 [0246.535] CoTaskMemFree (pv=0x1c07b120) [0246.537] GetForegroundWindow () returned 0x10080 [0246.537] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0246.537] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0246.537] CoTaskMemFree (pv=0x1c07b960) [0246.734] GetForegroundWindow () returned 0x10080 [0246.734] CoTaskMemAlloc (cb=0x204) returned 0x1c07c1a0 [0246.734] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c1a0, nMaxCount=256 | out: lpString="") returned 0 [0246.735] CoTaskMemFree (pv=0x1c07c1a0) [0246.736] GetForegroundWindow () returned 0x10080 [0246.736] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0246.736] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0246.736] CoTaskMemFree (pv=0x1c07b960) [0246.853] GetForegroundWindow () returned 0x10080 [0246.853] CoTaskMemAlloc (cb=0x204) returned 0x1c07b330 [0246.853] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b330, nMaxCount=256 | out: lpString="") returned 0 [0246.853] CoTaskMemFree (pv=0x1c07b330) [0246.855] GetForegroundWindow () returned 0x100d4 [0246.855] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0246.855] EnumProcesses (in: lpidProcess=0x2898ff8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2898ff8, lpcbNeeded=0x1be8f450) returned 1 [0246.857] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127e0b68, ResultLength=0x1be8f3f0*=0xf9b8) returned 0x0 [0246.858] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0246.858] CoTaskMemAlloc (cb=0x204) returned 0x1c07ce00 [0246.858] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07ce00, nMaxCount=256 | out: lpString="FolderView") returned 10 [0246.859] CoTaskMemFree (pv=0x1c07ce00) [0247.001] GetForegroundWindow () returned 0x10080 [0247.001] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0247.002] EnumProcesses (in: lpidProcess=0x28f3198, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28f3198, lpcbNeeded=0x1be8f460) returned 1 [0247.003] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12841018, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12841018, ResultLength=0x1be8f400*=0xf9b8) returned 0x0 [0247.004] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0247.004] CoTaskMemAlloc (cb=0x204) returned 0x1c07b330 [0247.004] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b330, nMaxCount=256 | out: lpString="") returned 0 [0247.004] CoTaskMemFree (pv=0x1c07b330) [0247.005] GetForegroundWindow () returned 0x10080 [0247.006] CoTaskMemAlloc (cb=0x204) returned 0x1c07b330 [0247.006] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b330, nMaxCount=256 | out: lpString="") returned 0 [0247.006] CoTaskMemFree (pv=0x1c07b330) [0247.133] GetForegroundWindow () returned 0x10080 [0247.133] CoTaskMemAlloc (cb=0x204) returned 0x1c07ce00 [0247.133] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07ce00, nMaxCount=256 | out: lpString="") returned 0 [0247.134] CoTaskMemFree (pv=0x1c07ce00) [0247.135] GetForegroundWindow () returned 0x10080 [0247.135] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0247.135] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0247.135] CoTaskMemFree (pv=0x1c07b960) [0247.260] GetForegroundWindow () returned 0x100d4 [0247.260] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0247.260] EnumProcesses (in: lpidProcess=0x2930310, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2930310, lpcbNeeded=0x1be8f460) returned 1 [0247.262] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12881078, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12881078, ResultLength=0x1be8f400*=0xf9b8) returned 0x0 [0247.263] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0247.263] CoTaskMemAlloc (cb=0x204) returned 0x1c07bd80 [0247.264] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07bd80, nMaxCount=256 | out: lpString="FolderView") returned 10 [0247.264] CoTaskMemFree (pv=0x1c07bd80) [0247.266] GetForegroundWindow () returned 0x10080 [0247.276] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0247.277] EnumProcesses (in: lpidProcess=0x294e3a0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x294e3a0, lpcbNeeded=0x1be8f450) returned 1 [0247.278] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a10a8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x128a10a8, ResultLength=0x1be8f3f0*=0xf9b8) returned 0x0 [0247.279] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0247.279] CoTaskMemAlloc (cb=0x204) returned 0x1c07c9e0 [0247.279] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c9e0, nMaxCount=256 | out: lpString="") returned 0 [0247.280] CoTaskMemFree (pv=0x1c07c9e0) [0247.399] GetForegroundWindow () returned 0x10080 [0247.399] CoTaskMemAlloc (cb=0x204) returned 0x1c07bb70 [0247.399] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bb70, nMaxCount=256 | out: lpString="") returned 0 [0247.399] CoTaskMemFree (pv=0x1c07bb70) [0247.401] GetForegroundWindow () returned 0x10080 [0247.401] CoTaskMemAlloc (cb=0x204) returned 0x1c07bb70 [0247.401] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bb70, nMaxCount=256 | out: lpString="") returned 0 [0247.401] CoTaskMemFree (pv=0x1c07bb70) [0247.524] GetForegroundWindow () returned 0x10080 [0247.525] CoTaskMemAlloc (cb=0x204) returned 0x1c07b330 [0247.525] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b330, nMaxCount=256 | out: lpString="") returned 0 [0247.525] CoTaskMemFree (pv=0x1c07b330) [0247.526] GetForegroundWindow () returned 0x100d4 [0247.527] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0247.527] EnumProcesses (in: lpidProcess=0x298b4c0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x298b4c0, lpcbNeeded=0x1be8f450) returned 1 [0247.528] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x1299d8c0, ResultLength=0x1be8f3f0*=0xf9b8) returned 0x0 [0247.548] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0247.548] CoTaskMemAlloc (cb=0x204) returned 0x1c07c1a0 [0247.548] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07c1a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0247.548] CoTaskMemFree (pv=0x1c07c1a0) [0247.727] GetForegroundWindow () returned 0x10080 [0247.728] CoTaskMemAlloc (cb=0x204) returned 0x1c07c1a0 [0247.728] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c1a0, nMaxCount=256 | out: lpString="") returned 0 [0247.728] CoTaskMemFree (pv=0x1c07c1a0) [0247.729] GetForegroundWindow () returned 0x10080 [0247.730] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0247.730] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="") returned 0 [0247.730] CoTaskMemFree (pv=0x1c07cbf0) [0247.852] GetForegroundWindow () returned 0x10080 [0247.852] CoTaskMemAlloc (cb=0x204) returned 0x1c07b540 [0247.853] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b540, nMaxCount=256 | out: lpString="") returned 0 [0247.853] CoTaskMemFree (pv=0x1c07b540) [0247.854] GetForegroundWindow () returned 0x10080 [0247.854] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0247.854] EnumProcesses (in: lpidProcess=0x283b090, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x283b090, lpcbNeeded=0x1be8f450) returned 1 [0247.856] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1be8f3f0*=0xf9b8) returned 0x0 [0247.859] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0247.859] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0247.859] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="") returned 0 [0247.860] CoTaskMemFree (pv=0x1c07bf90) [0247.978] GetForegroundWindow () returned 0x100d4 [0247.979] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0247.979] EnumProcesses (in: lpidProcess=0x2859670, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2859670, lpcbNeeded=0x1be8f460) returned 1 [0247.980] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1be8f400*=0xf9b8) returned 0x0 [0247.983] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0247.983] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0247.983] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0247.983] CoTaskMemFree (pv=0x1c07cbf0) [0247.985] GetForegroundWindow () returned 0x10080 [0247.985] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0247.985] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="") returned 0 [0247.985] CoTaskMemFree (pv=0x1c07bf90) [0248.104] GetForegroundWindow () returned 0x10080 [0248.104] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0248.104] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0248.104] CoTaskMemFree (pv=0x1c07b960) [0248.106] GetForegroundWindow () returned 0x10080 [0248.106] CoTaskMemAlloc (cb=0x204) returned 0x1c07c1a0 [0248.106] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c1a0, nMaxCount=256 | out: lpString="") returned 0 [0248.106] CoTaskMemFree (pv=0x1c07c1a0) [0248.284] GetForegroundWindow () returned 0x10080 [0248.284] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0248.284] EnumProcesses (in: lpidProcess=0x27c40a0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27c40a0, lpcbNeeded=0x1be8f460) returned 1 [0248.285] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12700a18, ResultLength=0x1be8f400*=0xf9b8) returned 0x0 [0248.286] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0248.286] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0248.286] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0248.287] CoTaskMemFree (pv=0x1c07c3b0) [0248.288] GetForegroundWindow () returned 0x100d4 [0248.289] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0248.289] EnumProcesses (in: lpidProcess=0x27e28d0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27e28d0, lpcbNeeded=0x1be8f450) returned 1 [0248.290] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12720a48, ResultLength=0x1be8f3f0*=0xf9b8) returned 0x0 [0248.291] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0248.291] CoTaskMemAlloc (cb=0x204) returned 0x1c07bd80 [0248.291] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07bd80, nMaxCount=256 | out: lpString="FolderView") returned 10 [0248.291] CoTaskMemFree (pv=0x1c07bd80) [0248.415] GetForegroundWindow () returned 0x10080 [0248.415] CoTaskMemAlloc (cb=0x204) returned 0x1c07c1a0 [0248.415] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c1a0, nMaxCount=256 | out: lpString="") returned 0 [0248.415] CoTaskMemFree (pv=0x1c07c1a0) [0248.416] GetForegroundWindow () returned 0x10080 [0248.416] CoTaskMemAlloc (cb=0x204) returned 0x1c07b330 [0248.416] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b330, nMaxCount=256 | out: lpString="") returned 0 [0248.416] CoTaskMemFree (pv=0x1c07b330) [0248.541] GetForegroundWindow () returned 0x10080 [0248.541] CoTaskMemAlloc (cb=0x204) returned 0x1c07c5c0 [0248.541] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c5c0, nMaxCount=256 | out: lpString="") returned 0 [0248.541] CoTaskMemFree (pv=0x1c07c5c0) [0248.543] GetForegroundWindow () returned 0x10080 [0248.543] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0248.544] EnumProcesses (in: lpidProcess=0x283d7e0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x283d7e0, lpcbNeeded=0x1be8f450) returned 1 [0248.545] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12780ad8, ResultLength=0x1be8f3f0*=0xf9b8) returned 0x0 [0248.546] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0248.546] CoTaskMemAlloc (cb=0x204) returned 0x1c07b120 [0248.546] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b120, nMaxCount=256 | out: lpString="") returned 0 [0248.547] CoTaskMemFree (pv=0x1c07b120) [0248.666] GetForegroundWindow () returned 0x100d4 [0248.666] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0248.666] EnumProcesses (in: lpidProcess=0x285be38, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x285be38, lpcbNeeded=0x1be8f460) returned 1 [0248.667] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x127a0b08, ResultLength=0x1be8f400*=0xf9b8) returned 0x0 [0248.668] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0248.668] CoTaskMemAlloc (cb=0x204) returned 0x1c07c7d0 [0248.668] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07c7d0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0248.668] CoTaskMemFree (pv=0x1c07c7d0) [0248.669] GetForegroundWindow () returned 0x10080 [0248.669] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0248.669] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="") returned 0 [0248.670] CoTaskMemFree (pv=0x1c07bf90) [0248.790] GetForegroundWindow () returned 0x10080 [0248.790] CoTaskMemAlloc (cb=0x204) returned 0x1c07b330 [0248.790] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b330, nMaxCount=256 | out: lpString="") returned 0 [0248.790] CoTaskMemFree (pv=0x1c07b330) [0248.792] GetForegroundWindow () returned 0x10080 [0248.792] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0248.792] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0248.792] CoTaskMemFree (pv=0x1c07b960) [0248.922] GetForegroundWindow () returned 0x10080 [0248.922] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0248.923] EnumProcesses (in: lpidProcess=0x28b6d48, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28b6d48, lpcbNeeded=0x1be8f460) returned 1 [0248.924] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800fb8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12800fb8, ResultLength=0x1be8f400*=0xf9b8) returned 0x0 [0248.925] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0248.925] CoTaskMemAlloc (cb=0x204) returned 0x1c07c9e0 [0248.925] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c9e0, nMaxCount=256 | out: lpString="") returned 0 [0248.925] CoTaskMemFree (pv=0x1c07c9e0) [0248.926] GetForegroundWindow () returned 0x100d4 [0248.927] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0248.927] EnumProcesses (in: lpidProcess=0x28d4dc8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x28d4dc8, lpcbNeeded=0x1be8f450) returned 1 [0248.928] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820fe8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12820fe8, ResultLength=0x1be8f3f0*=0xf9b8) returned 0x0 [0248.928] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0248.928] CoTaskMemAlloc (cb=0x204) returned 0x1c07ce00 [0248.928] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07ce00, nMaxCount=256 | out: lpString="FolderView") returned 10 [0248.929] CoTaskMemFree (pv=0x1c07ce00) [0249.056] GetForegroundWindow () returned 0x10080 [0249.057] CoTaskMemAlloc (cb=0x204) returned 0x1c07c9e0 [0249.057] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c9e0, nMaxCount=256 | out: lpString="") returned 0 [0249.057] CoTaskMemFree (pv=0x1c07c9e0) [0249.059] GetForegroundWindow () returned 0x10080 [0249.059] CoTaskMemAlloc (cb=0x204) returned 0x1c07c5c0 [0249.059] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c5c0, nMaxCount=256 | out: lpString="") returned 0 [0249.059] CoTaskMemFree (pv=0x1c07c5c0) [0249.118] GetForegroundWindow () returned 0x10080 [0249.118] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0249.118] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0249.118] CoTaskMemFree (pv=0x1c07b960) [0249.119] GetForegroundWindow () returned 0x10080 [0249.119] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0249.120] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0249.120] CoTaskMemFree (pv=0x1c07c3b0) [0249.246] GetForegroundWindow () returned 0x100d4 [0249.246] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0249.246] EnumProcesses (in: lpidProcess=0x292fd90, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x292fd90, lpcbNeeded=0x1be8f460) returned 1 [0249.247] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12881078, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12881078, ResultLength=0x1be8f400*=0xf8c8) returned 0x0 [0249.248] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0249.248] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0249.248] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0249.248] CoTaskMemFree (pv=0x1c07cbf0) [0249.250] GetForegroundWindow () returned 0x10080 [0249.250] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0249.250] EnumProcesses (in: lpidProcess=0x294dc70, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x294dc70, lpcbNeeded=0x1be8f450) returned 1 [0249.251] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a10a8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x128a10a8, ResultLength=0x1be8f3f0*=0xf8c8) returned 0x0 [0249.252] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0249.252] CoTaskMemAlloc (cb=0x204) returned 0x1c07b540 [0249.252] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b540, nMaxCount=256 | out: lpString="") returned 0 [0249.252] CoTaskMemFree (pv=0x1c07b540) [0249.368] GetForegroundWindow () returned 0x10080 [0249.368] CoTaskMemAlloc (cb=0x204) returned 0x1c07c1a0 [0249.368] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c1a0, nMaxCount=256 | out: lpString="") returned 0 [0249.369] CoTaskMemFree (pv=0x1c07c1a0) [0249.370] GetForegroundWindow () returned 0x10080 [0249.370] CoTaskMemAlloc (cb=0x204) returned 0x1c07b540 [0249.370] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b540, nMaxCount=256 | out: lpString="") returned 0 [0249.370] CoTaskMemFree (pv=0x1c07b540) [0249.508] GetForegroundWindow () returned 0x10080 [0249.509] CoTaskMemAlloc (cb=0x204) returned 0x1c07c5c0 [0249.509] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c5c0, nMaxCount=256 | out: lpString="") returned 0 [0249.509] CoTaskMemFree (pv=0x1c07c5c0) [0249.510] GetForegroundWindow () returned 0x100d4 [0249.511] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0249.511] EnumProcesses (in: lpidProcess=0x298aa30, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x298aa30, lpcbNeeded=0x1be8f450) returned 1 [0249.512] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x1299d8c0, ResultLength=0x1be8f3f0*=0xf8c8) returned 0x0 [0249.521] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0249.521] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0249.521] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="FolderView") returned 10 [0249.521] CoTaskMemFree (pv=0x1c07bf90) [0249.681] GetForegroundWindow () returned 0x10080 [0249.682] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0249.682] EnumProcesses (in: lpidProcess=0x27fd390, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27fd390, lpcbNeeded=0x1be8f460) returned 1 [0249.683] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x129fd950, ResultLength=0x1be8f400*=0xf8c8) returned 0x0 [0249.685] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0249.685] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0249.685] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0249.685] CoTaskMemFree (pv=0x1c07b960) [0249.686] GetForegroundWindow () returned 0x10080 [0249.686] CoTaskMemAlloc (cb=0x204) returned 0x1c07c1a0 [0249.686] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c1a0, nMaxCount=256 | out: lpString="") returned 0 [0249.686] CoTaskMemFree (pv=0x1c07c1a0) [0249.805] GetForegroundWindow () returned 0x10080 [0249.805] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0249.805] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="") returned 0 [0249.806] CoTaskMemFree (pv=0x1c07cbf0) [0249.807] GetForegroundWindow () returned 0x10080 [0249.807] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0249.807] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="") returned 0 [0249.807] CoTaskMemFree (pv=0x1c07bf90) [0249.930] GetForegroundWindow () returned 0x100d4 [0249.930] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0249.931] EnumProcesses (in: lpidProcess=0x283a7d8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x283a7d8, lpcbNeeded=0x1be8f460) returned 1 [0249.933] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1be8f400*=0xf878) returned 0x0 [0249.937] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0249.937] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0249.937] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="FolderView") returned 10 [0249.937] CoTaskMemFree (pv=0x1c07bf90) [0249.939] GetForegroundWindow () returned 0x10080 [0249.939] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0249.939] EnumProcesses (in: lpidProcess=0x2858628, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2858628, lpcbNeeded=0x1be8f450) returned 1 [0249.940] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1be8f3f0*=0xf878) returned 0x0 [0249.944] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0249.944] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0249.944] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0249.944] CoTaskMemFree (pv=0x1c07c3b0) [0250.102] GetForegroundWindow () returned 0x10080 [0250.102] CoTaskMemAlloc (cb=0x204) returned 0x1c07b330 [0250.102] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b330, nMaxCount=256 | out: lpString="") returned 0 [0250.103] CoTaskMemFree (pv=0x1c07b330) [0250.104] GetForegroundWindow () returned 0x10080 [0250.104] CoTaskMemAlloc (cb=0x204) returned 0x1c07c7d0 [0250.104] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c7d0, nMaxCount=256 | out: lpString="") returned 0 [0250.105] CoTaskMemFree (pv=0x1c07c7d0) [0250.445] GetForegroundWindow () returned 0x10080 [0250.445] CoTaskMemAlloc (cb=0x204) returned 0x1c07b120 [0250.445] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b120, nMaxCount=256 | out: lpString="") returned 0 [0250.446] CoTaskMemFree (pv=0x1c07b120) [0250.447] GetForegroundWindow () returned 0x100d4 [0250.447] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0250.448] EnumProcesses (in: lpidProcess=0x2895540, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2895540, lpcbNeeded=0x1be8f450) returned 1 [0250.478] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x126b6e90, ResultLength=0x1be8f3f0*=0xf878) returned 0x0 [0250.479] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0250.479] CoTaskMemAlloc (cb=0x204) returned 0x1c07b540 [0250.479] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07b540, nMaxCount=256 | out: lpString="FolderView") returned 10 [0250.479] CoTaskMemFree (pv=0x1c07b540) [0250.607] GetForegroundWindow () returned 0x10080 [0250.607] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0250.607] EnumProcesses (in: lpidProcess=0x27ffb58, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27ffb58, lpcbNeeded=0x1be8f460) returned 1 [0250.608] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12740a78, ResultLength=0x1be8f400*=0xf878) returned 0x0 [0250.608] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0250.609] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0250.609] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="") returned 0 [0250.609] CoTaskMemFree (pv=0x1c07cbf0) [0250.610] GetForegroundWindow () returned 0x10080 [0250.610] CoTaskMemAlloc (cb=0x204) returned 0x1c07bb70 [0250.610] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bb70, nMaxCount=256 | out: lpString="") returned 0 [0250.611] CoTaskMemFree (pv=0x1c07bb70) [0250.713] WSASend (in: s=0x410, lpBuffers=0x1be8f2e0*=((len=0xc, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1be8f2d8, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1be8f2d8*=0xc, lpOverlapped=0x27ce1c8) returned 0 [0250.816] GetForegroundWindow () returned 0x10080 [0250.816] CoTaskMemAlloc (cb=0x204) returned 0x1c07b120 [0250.816] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b120, nMaxCount=256 | out: lpString="") returned 0 [0250.816] CoTaskMemFree (pv=0x1c07b120) [0250.818] GetForegroundWindow () returned 0x10080 [0250.818] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0250.818] EnumProcesses (in: lpidProcess=0x283c690, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x283c690, lpcbNeeded=0x1be8f450) returned 1 [0250.819] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12780ad8, ResultLength=0x1be8f3f0*=0xf828) returned 0x0 [0250.820] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0250.823] CoTaskMemAlloc (cb=0x204) returned 0x1c07ce00 [0250.823] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07ce00, nMaxCount=256 | out: lpString="") returned 0 [0250.823] CoTaskMemFree (pv=0x1c07ce00) [0250.950] GetForegroundWindow () returned 0x100d4 [0250.950] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0250.950] EnumProcesses (in: lpidProcess=0x285a9a0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x285a9a0, lpcbNeeded=0x1be8f460) returned 1 [0250.951] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x127a0b08, ResultLength=0x1be8f400*=0xf828) returned 0x0 [0250.952] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0250.952] CoTaskMemAlloc (cb=0x204) returned 0x1c07c5c0 [0250.952] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07c5c0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0250.952] CoTaskMemFree (pv=0x1c07c5c0) [0250.956] GetForegroundWindow () returned 0x10080 [0250.956] CoTaskMemAlloc (cb=0x204) returned 0x1c07bd80 [0250.956] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bd80, nMaxCount=256 | out: lpString="") returned 0 [0250.956] CoTaskMemFree (pv=0x1c07bd80) [0251.076] GetForegroundWindow () returned 0x10080 [0251.076] CoTaskMemAlloc (cb=0x204) returned 0x1c07bb70 [0251.076] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bb70, nMaxCount=256 | out: lpString="") returned 0 [0251.076] CoTaskMemFree (pv=0x1c07bb70) [0251.078] GetForegroundWindow () returned 0x10080 [0251.078] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0251.078] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="") returned 0 [0251.079] CoTaskMemFree (pv=0x1c07cbf0) [0251.139] GetForegroundWindow () returned 0x10080 [0251.140] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0251.140] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="") returned 0 [0251.140] CoTaskMemFree (pv=0x1c07cbf0) [0251.141] GetForegroundWindow () returned 0x100d4 [0251.142] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0251.142] EnumProcesses (in: lpidProcess=0x28972c8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x28972c8, lpcbNeeded=0x1be8f450) returned 1 [0251.143] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127e0b68, ResultLength=0x1be8f3f0*=0xf828) returned 0x0 [0251.143] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0251.143] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0251.143] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0251.144] CoTaskMemFree (pv=0x1c07cbf0) [0251.291] GetForegroundWindow () returned 0x10080 [0251.292] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0251.292] EnumProcesses (in: lpidProcess=0x28f0bf8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28f0bf8, lpcbNeeded=0x1be8f460) returned 1 [0251.293] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12841018, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12841018, ResultLength=0x1be8f400*=0xf828) returned 0x0 [0251.294] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0251.294] CoTaskMemAlloc (cb=0x204) returned 0x1c07bb70 [0251.294] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bb70, nMaxCount=256 | out: lpString="") returned 0 [0251.294] CoTaskMemFree (pv=0x1c07bb70) [0251.296] GetForegroundWindow () returned 0x10080 [0251.296] CoTaskMemAlloc (cb=0x204) returned 0x1c07bd80 [0251.296] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bd80, nMaxCount=256 | out: lpString="") returned 0 [0251.296] CoTaskMemFree (pv=0x1c07bd80) [0251.419] GetForegroundWindow () returned 0x10080 [0251.419] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0251.419] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0251.420] CoTaskMemFree (pv=0x1c07c3b0) [0251.421] GetForegroundWindow () returned 0x10080 [0251.421] CoTaskMemAlloc (cb=0x204) returned 0x1c07c7d0 [0251.421] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c7d0, nMaxCount=256 | out: lpString="") returned 0 [0251.422] CoTaskMemFree (pv=0x1c07c7d0) [0251.544] GetForegroundWindow () returned 0x100d4 [0251.544] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0251.544] EnumProcesses (in: lpidProcess=0x292d6f8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x292d6f8, lpcbNeeded=0x1be8f460) returned 1 [0251.545] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12881078, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12881078, ResultLength=0x1be8f400*=0xf788) returned 0x0 [0251.546] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0251.546] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0251.546] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="FolderView") returned 10 [0251.546] CoTaskMemFree (pv=0x1c07bf90) [0251.548] GetForegroundWindow () returned 0x10080 [0251.548] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0251.548] EnumProcesses (in: lpidProcess=0x294b398, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x294b398, lpcbNeeded=0x1be8f450) returned 1 [0251.549] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a10a8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x128a10a8, ResultLength=0x1be8f3f0*=0xf788) returned 0x0 [0251.549] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0251.549] CoTaskMemAlloc (cb=0x204) returned 0x1c07c1a0 [0251.549] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c1a0, nMaxCount=256 | out: lpString="") returned 0 [0251.550] CoTaskMemFree (pv=0x1c07c1a0) [0251.669] GetForegroundWindow () returned 0x10080 [0251.669] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0251.669] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0251.669] CoTaskMemFree (pv=0x1c07c3b0) [0251.670] GetForegroundWindow () returned 0x10080 [0251.671] CoTaskMemAlloc (cb=0x204) returned 0x1c07c5c0 [0251.671] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c5c0, nMaxCount=256 | out: lpString="") returned 0 [0251.671] CoTaskMemFree (pv=0x1c07c5c0) [0251.731] GetForegroundWindow () returned 0x10080 [0251.731] CoTaskMemAlloc (cb=0x204) returned 0x1c07b330 [0251.731] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b330, nMaxCount=256 | out: lpString="") returned 0 [0251.731] CoTaskMemFree (pv=0x1c07b330) [0251.733] GetForegroundWindow () returned 0x100d4 [0251.733] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0251.733] EnumProcesses (in: lpidProcess=0x29877f0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x29877f0, lpcbNeeded=0x1be8f450) returned 1 [0251.734] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x1299d8c0, ResultLength=0x1be8f3f0*=0xf788) returned 0x0 [0251.734] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0251.734] CoTaskMemAlloc (cb=0x204) returned 0x1c07bb70 [0251.735] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07bb70, nMaxCount=256 | out: lpString="FolderView") returned 10 [0251.735] CoTaskMemFree (pv=0x1c07bb70) [0251.872] GetForegroundWindow () returned 0x10080 [0251.872] CoTaskMemAlloc (cb=0x204) returned 0x1c07c5c0 [0251.872] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c5c0, nMaxCount=256 | out: lpString="") returned 0 [0251.872] CoTaskMemFree (pv=0x1c07c5c0) [0251.873] GetForegroundWindow () returned 0x10080 [0251.873] CoTaskMemAlloc (cb=0x204) returned 0x1c07b330 [0251.873] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b330, nMaxCount=256 | out: lpString="") returned 0 [0251.874] CoTaskMemFree (pv=0x1c07b330) [0252.090] GetForegroundWindow () returned 0x10080 [0252.090] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0252.091] EnumProcesses (in: lpidProcess=0x27f0cc8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27f0cc8, lpcbNeeded=0x1be8f460) returned 1 [0252.093] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x129fd950, ResultLength=0x1be8f400*=0xf788) returned 0x0 [0252.096] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0252.096] CoTaskMemAlloc (cb=0x204) returned 0x1c07ce00 [0252.096] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07ce00, nMaxCount=256 | out: lpString="") returned 0 [0252.096] CoTaskMemFree (pv=0x1c07ce00) [0252.097] GetForegroundWindow () returned 0x10080 [0252.097] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0252.097] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0252.097] CoTaskMemFree (pv=0x1c07c3b0) [0252.236] GetForegroundWindow () returned 0x100d4 [0252.236] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0252.237] EnumProcesses (in: lpidProcess=0x280f168, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x280f168, lpcbNeeded=0x1be8f460) returned 1 [0252.238] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12a1d980, ResultLength=0x1be8f400*=0xf788) returned 0x0 [0252.241] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0252.242] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0252.242] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0252.242] CoTaskMemFree (pv=0x1c07cbf0) [0252.243] GetForegroundWindow () returned 0x10080 [0252.243] CoTaskMemAlloc (cb=0x204) returned 0x1c07ce00 [0252.243] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07ce00, nMaxCount=256 | out: lpString="") returned 0 [0252.244] CoTaskMemFree (pv=0x1c07ce00) [0252.387] GetForegroundWindow () returned 0x10080 [0252.387] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0252.388] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="") returned 0 [0252.388] CoTaskMemFree (pv=0x1c07cbf0) [0252.389] GetForegroundWindow () returned 0x10080 [0252.389] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0252.389] EnumProcesses (in: lpidProcess=0x2868c98, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2868c98, lpcbNeeded=0x1be8f450) returned 1 [0252.391] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7da10, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12a7da10, ResultLength=0x1be8f3f0*=0xf788) returned 0x0 [0252.394] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0252.394] CoTaskMemAlloc (cb=0x204) returned 0x1c07b540 [0252.394] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b540, nMaxCount=256 | out: lpString="") returned 0 [0252.394] CoTaskMemFree (pv=0x1c07b540) [0252.513] GetForegroundWindow () returned 0x10080 [0252.513] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0252.513] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0252.513] CoTaskMemFree (pv=0x1c07c3b0) [0252.514] GetForegroundWindow () returned 0x100d4 [0252.514] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0252.514] EnumProcesses (in: lpidProcess=0x2887138, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2887138, lpcbNeeded=0x1be8f450) returned 1 [0252.529] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x126b6e90, ResultLength=0x1be8f3f0*=0xf788) returned 0x0 [0252.530] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0252.530] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0252.531] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0252.531] CoTaskMemFree (pv=0x1c07cbf0) [0252.656] GetForegroundWindow () returned 0x10080 [0252.656] CoTaskMemAlloc (cb=0x204) returned 0x1c07bd80 [0252.656] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bd80, nMaxCount=256 | out: lpString="") returned 0 [0252.656] CoTaskMemFree (pv=0x1c07bd80) [0252.658] GetForegroundWindow () returned 0x10080 [0252.658] CoTaskMemAlloc (cb=0x204) returned 0x1c07b330 [0252.658] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b330, nMaxCount=256 | out: lpString="") returned 0 [0252.658] CoTaskMemFree (pv=0x1c07b330) [0252.778] GetForegroundWindow () returned 0x10080 [0252.778] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0252.778] EnumProcesses (in: lpidProcess=0x27ff330, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27ff330, lpcbNeeded=0x1be8f460) returned 1 [0252.779] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12740a78, ResultLength=0x1be8f400*=0xf738) returned 0x0 [0252.780] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0252.780] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0252.780] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0252.781] CoTaskMemFree (pv=0x1c07c3b0) [0252.782] GetForegroundWindow () returned 0x10080 [0252.782] CoTaskMemAlloc (cb=0x204) returned 0x1c07b540 [0252.782] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b540, nMaxCount=256 | out: lpString="") returned 0 [0252.782] CoTaskMemFree (pv=0x1c07b540) [0252.903] GetForegroundWindow () returned 0x100d4 [0252.903] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0252.903] EnumProcesses (in: lpidProcess=0x281d740, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x281d740, lpcbNeeded=0x1be8f460) returned 1 [0252.904] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12760aa8, ResultLength=0x1be8f400*=0xf738) returned 0x0 [0252.905] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0252.905] CoTaskMemAlloc (cb=0x204) returned 0x1c07c5c0 [0252.905] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07c5c0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0252.905] CoTaskMemFree (pv=0x1c07c5c0) [0252.907] GetForegroundWindow () returned 0x10080 [0252.907] CoTaskMemAlloc (cb=0x204) returned 0x1c07ce00 [0252.907] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07ce00, nMaxCount=256 | out: lpString="") returned 0 [0252.907] CoTaskMemFree (pv=0x1c07ce00) [0253.045] GetForegroundWindow () returned 0x10080 [0253.048] CoTaskMemAlloc (cb=0x204) returned 0x1c07bd80 [0253.048] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bd80, nMaxCount=256 | out: lpString="") returned 0 [0253.048] CoTaskMemFree (pv=0x1c07bd80) [0253.050] GetForegroundWindow () returned 0x10080 [0253.050] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0253.050] EnumProcesses (in: lpidProcess=0x2876fa0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2876fa0, lpcbNeeded=0x1be8f450) returned 1 [0253.051] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127c0b38, ResultLength=0x1be8f3f0*=0xf6e8) returned 0x0 [0253.052] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0253.052] CoTaskMemAlloc (cb=0x204) returned 0x1c07b540 [0253.052] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b540, nMaxCount=256 | out: lpString="") returned 0 [0253.052] CoTaskMemFree (pv=0x1c07b540) [0253.170] GetForegroundWindow () returned 0x10080 [0253.170] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0253.170] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="") returned 0 [0253.170] CoTaskMemFree (pv=0x1c07cbf0) [0253.172] GetForegroundWindow () returned 0x100d4 [0253.172] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0253.172] EnumProcesses (in: lpidProcess=0x2895368, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2895368, lpcbNeeded=0x1be8f450) returned 1 [0253.173] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127e0b68, ResultLength=0x1be8f3f0*=0xf6e8) returned 0x0 [0253.173] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0253.173] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0253.173] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0253.174] CoTaskMemFree (pv=0x1c07cbf0) [0253.309] GetForegroundWindow () returned 0x10080 [0253.309] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0253.309] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="") returned 0 [0253.309] CoTaskMemFree (pv=0x1c07bf90) [0253.310] GetForegroundWindow () returned 0x10080 [0253.310] CoTaskMemAlloc (cb=0x204) returned 0x1c07bd80 [0253.311] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bd80, nMaxCount=256 | out: lpString="") returned 0 [0253.311] CoTaskMemFree (pv=0x1c07bd80) [0253.434] GetForegroundWindow () returned 0x10080 [0253.434] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0253.434] EnumProcesses (in: lpidProcess=0x28ef098, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28ef098, lpcbNeeded=0x1be8f460) returned 1 [0253.435] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12841018, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12841018, ResultLength=0x1be8f400*=0xf6e8) returned 0x0 [0253.436] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0253.436] CoTaskMemAlloc (cb=0x204) returned 0x1c07b120 [0253.436] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b120, nMaxCount=256 | out: lpString="") returned 0 [0253.436] CoTaskMemFree (pv=0x1c07b120) [0253.437] GetForegroundWindow () returned 0x10080 [0253.437] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0253.437] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0253.437] CoTaskMemFree (pv=0x1c07c3b0) [0253.560] GetForegroundWindow () returned 0x100d4 [0253.560] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0253.560] EnumProcesses (in: lpidProcess=0x290d418, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x290d418, lpcbNeeded=0x1be8f460) returned 1 [0253.561] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12861048, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12861048, ResultLength=0x1be8f400*=0xf6e8) returned 0x0 [0253.562] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0253.562] CoTaskMemAlloc (cb=0x204) returned 0x1c07bb70 [0253.562] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07bb70, nMaxCount=256 | out: lpString="FolderView") returned 10 [0253.562] CoTaskMemFree (pv=0x1c07bb70) [0253.563] GetForegroundWindow () returned 0x10080 [0253.563] CoTaskMemAlloc (cb=0x204) returned 0x1c07b120 [0253.563] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b120, nMaxCount=256 | out: lpString="") returned 0 [0253.563] CoTaskMemFree (pv=0x1c07b120) [0253.688] GetForegroundWindow () returned 0x10080 [0253.688] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0253.688] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="") returned 0 [0253.688] CoTaskMemFree (pv=0x1c07cbf0) [0253.689] GetForegroundWindow () returned 0x10080 [0253.689] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0253.689] EnumProcesses (in: lpidProcess=0x2966be8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2966be8, lpcbNeeded=0x1be8f450) returned 1 [0253.690] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c10d8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x128c10d8, ResultLength=0x1be8f3f0*=0xf6e8) returned 0x0 [0253.691] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0253.691] CoTaskMemAlloc (cb=0x204) returned 0x1c07bd80 [0253.691] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bd80, nMaxCount=256 | out: lpString="") returned 0 [0253.691] CoTaskMemFree (pv=0x1c07bd80) [0253.747] GetForegroundWindow () returned 0x10080 [0253.747] CoTaskMemAlloc (cb=0x204) returned 0x1c07c5c0 [0253.747] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c5c0, nMaxCount=256 | out: lpString="") returned 0 [0253.747] CoTaskMemFree (pv=0x1c07c5c0) [0253.751] GetForegroundWindow () returned 0x100d4 [0253.751] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0253.752] EnumProcesses (in: lpidProcess=0x2984a80, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2984a80, lpcbNeeded=0x1be8f450) returned 1 [0253.752] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x1299d8c0, ResultLength=0x1be8f3f0*=0xf6e8) returned 0x0 [0253.753] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0253.753] CoTaskMemAlloc (cb=0x204) returned 0x1c07bb70 [0253.753] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07bb70, nMaxCount=256 | out: lpString="FolderView") returned 10 [0253.753] CoTaskMemFree (pv=0x1c07bb70) [0253.888] GetForegroundWindow () returned 0x10080 [0253.888] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0253.888] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0253.888] CoTaskMemFree (pv=0x1c08ac60) [0253.889] GetForegroundWindow () returned 0x10080 [0253.889] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0253.889] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0253.889] CoTaskMemFree (pv=0x1c089df0) [0254.066] GetForegroundWindow () returned 0x10080 [0254.066] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0254.066] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0254.067] CoTaskMemFree (pv=0x1c089be0) [0254.068] GetForegroundWindow () returned 0x10080 [0254.068] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0254.068] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0254.068] CoTaskMemFree (pv=0x1c088f80) [0254.184] GetForegroundWindow () returned 0x100d4 [0254.184] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0254.185] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089df0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0254.185] CoTaskMemFree (pv=0x1c089df0) [0254.186] GetForegroundWindow () returned 0x10080 [0254.186] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0254.186] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0254.187] CoTaskMemFree (pv=0x1c08aa50) [0254.309] GetForegroundWindow () returned 0x10080 [0254.309] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0254.309] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0254.310] CoTaskMemFree (pv=0x1c08a000) [0254.311] GetForegroundWindow () returned 0x10080 [0254.311] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0254.311] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0254.311] CoTaskMemFree (pv=0x1c08a630) [0254.434] GetForegroundWindow () returned 0x10080 [0254.435] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0254.435] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0254.435] CoTaskMemFree (pv=0x1c08aa50) [0254.436] GetForegroundWindow () returned 0x100d4 [0254.436] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0254.436] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0254.436] CoTaskMemFree (pv=0x1c0893a0) [0254.560] GetForegroundWindow () returned 0x10080 [0254.560] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0254.560] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0254.560] CoTaskMemFree (pv=0x1c089df0) [0254.561] GetForegroundWindow () returned 0x10080 [0254.561] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0254.561] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0254.562] CoTaskMemFree (pv=0x1c08a210) [0254.684] GetForegroundWindow () returned 0x10080 [0254.685] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0254.685] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0254.685] CoTaskMemFree (pv=0x1c0899d0) [0254.686] GetForegroundWindow () returned 0x10080 [0254.686] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0254.686] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0254.687] CoTaskMemFree (pv=0x1c0899d0) [0254.809] GetForegroundWindow () returned 0x100d4 [0254.810] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0254.810] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a630, nMaxCount=256 | out: lpString="FolderView") returned 10 [0254.810] CoTaskMemFree (pv=0x1c08a630) [0254.811] GetForegroundWindow () returned 0x10080 [0254.811] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0254.811] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0254.811] CoTaskMemFree (pv=0x1c0895b0) [0254.934] GetForegroundWindow () returned 0x10080 [0254.934] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0254.935] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0254.935] CoTaskMemFree (pv=0x1c08aa50) [0254.936] GetForegroundWindow () returned 0x10080 [0254.936] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0254.936] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0254.936] CoTaskMemFree (pv=0x1c08ac60) [0255.154] GetForegroundWindow () returned 0x10080 [0255.154] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0255.154] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0255.154] CoTaskMemFree (pv=0x1c089190) [0255.156] GetLastInputInfo (in: plii=0x1be8f580 | out: plii=0x1be8f580*(cbSize=0x8, dwTime=0x195f1)) returned 1 [0255.157] GetForegroundWindow () returned 0x100d4 [0255.157] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0255.157] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0255.157] CoTaskMemFree (pv=0x1c0897c0) [0255.292] GetForegroundWindow () returned 0x10080 [0255.292] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0255.292] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0255.292] CoTaskMemFree (pv=0x1c08a420) [0255.294] GetForegroundWindow () returned 0x10080 [0255.294] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0255.294] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0255.294] CoTaskMemFree (pv=0x1c08aa50) [0255.595] GetForegroundWindow () returned 0x10080 [0255.595] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0255.595] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0255.595] CoTaskMemFree (pv=0x1c08a840) [0255.596] GetForegroundWindow () returned 0x10080 [0255.597] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0255.597] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0255.597] CoTaskMemFree (pv=0x1c08aa50) [0255.719] GetForegroundWindow () returned 0x100d4 [0255.719] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0255.719] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0255.719] CoTaskMemFree (pv=0x1c08aa50) [0255.721] GetForegroundWindow () returned 0x10080 [0255.721] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0255.721] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0255.721] CoTaskMemFree (pv=0x1c08a840) [0255.781] GetForegroundWindow () returned 0x10080 [0255.782] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0255.782] EnumProcesses (in: lpidProcess=0x2800848, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2800848, lpcbNeeded=0x1be8f460) returned 1 [0255.783] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12740a78, ResultLength=0x1be8f400*=0xf738) returned 0x0 [0255.791] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0255.791] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0255.791] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0255.791] CoTaskMemFree (pv=0x1c089df0) [0255.793] GetForegroundWindow () returned 0x10080 [0255.793] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0255.793] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0255.793] CoTaskMemFree (pv=0x1c0893a0) [0255.931] GetForegroundWindow () returned 0x10080 [0255.931] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0255.931] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0255.932] CoTaskMemFree (pv=0x1c089df0) [0255.933] GetForegroundWindow () returned 0x100d4 [0255.933] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0255.933] EnumProcesses (in: lpidProcess=0x281ef08, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x281ef08, lpcbNeeded=0x1be8f450) returned 1 [0255.934] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12760aa8, ResultLength=0x1be8f3f0*=0xf738) returned 0x0 [0255.935] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0255.935] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0255.935] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0255.935] CoTaskMemFree (pv=0x1c0893a0) [0256.063] GetForegroundWindow () returned 0x10080 [0256.063] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0256.063] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0256.063] CoTaskMemFree (pv=0x1c08a840) [0256.065] GetForegroundWindow () returned 0x10080 [0256.065] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0256.065] EnumProcesses (in: lpidProcess=0x283d338, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x283d338, lpcbNeeded=0x1be8f450) returned 1 [0256.066] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12780ad8, ResultLength=0x1be8f3f0*=0xf738) returned 0x0 [0256.067] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0256.067] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0256.067] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0256.067] CoTaskMemFree (pv=0x1c08a840) [0256.188] GetForegroundWindow () returned 0x10080 [0256.188] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0256.188] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0256.188] CoTaskMemFree (pv=0x1c0893a0) [0256.189] GetForegroundWindow () returned 0x10080 [0256.189] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0256.190] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0256.190] CoTaskMemFree (pv=0x1c08a210) [0256.319] GetForegroundWindow () returned 0x100d4 [0256.319] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0256.319] EnumProcesses (in: lpidProcess=0x285bf58, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x285bf58, lpcbNeeded=0x1be8f460) returned 1 [0256.320] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x127a0b08, ResultLength=0x1be8f400*=0xf6e8) returned 0x0 [0256.321] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0256.321] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0256.321] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0256.322] CoTaskMemFree (pv=0x1c08aa50) [0256.323] GetForegroundWindow () returned 0x10080 [0256.323] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0256.323] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0256.323] CoTaskMemFree (pv=0x1c089be0) [0256.438] GetForegroundWindow () returned 0x10080 [0256.438] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0256.438] EnumProcesses (in: lpidProcess=0x287a2f8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x287a2f8, lpcbNeeded=0x1be8f460) returned 1 [0256.439] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x127c0b38, ResultLength=0x1be8f400*=0xf6e8) returned 0x0 [0256.439] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0256.439] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0256.439] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0256.440] CoTaskMemFree (pv=0x1c08aa50) [0256.440] GetForegroundWindow () returned 0x10080 [0256.441] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0256.441] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0256.441] CoTaskMemFree (pv=0x1c0897c0) [0256.563] GetForegroundWindow () returned 0x10080 [0256.563] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0256.563] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0256.563] CoTaskMemFree (pv=0x1c08a420) [0256.564] GetForegroundWindow () returned 0x100d4 [0256.564] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0256.565] EnumProcesses (in: lpidProcess=0x2898928, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2898928, lpcbNeeded=0x1be8f450) returned 1 [0256.565] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127e0b68, ResultLength=0x1be8f3f0*=0xf6e8) returned 0x0 [0256.566] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0256.567] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0256.567] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0256.567] CoTaskMemFree (pv=0x1c0897c0) [0256.688] GetForegroundWindow () returned 0x10080 [0256.688] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0256.688] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0256.689] CoTaskMemFree (pv=0x1c08a210) [0256.690] GetForegroundWindow () returned 0x10080 [0256.690] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0256.690] EnumProcesses (in: lpidProcess=0x28b6cc8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x28b6cc8, lpcbNeeded=0x1be8f450) returned 1 [0256.691] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800fb8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12800fb8, ResultLength=0x1be8f3f0*=0xf6e8) returned 0x0 [0256.692] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0256.692] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0256.692] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0256.692] CoTaskMemFree (pv=0x1c0893a0) [0256.861] GetForegroundWindow () returned 0x10080 [0256.861] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0256.861] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0256.861] CoTaskMemFree (pv=0x1c08a210) [0256.862] GetForegroundWindow () returned 0x10080 [0256.863] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0256.863] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0256.863] CoTaskMemFree (pv=0x1c08a630) [0256.992] GetForegroundWindow () returned 0x100d4 [0256.993] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0256.993] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a630, nMaxCount=256 | out: lpString="FolderView") returned 10 [0256.993] CoTaskMemFree (pv=0x1c08a630) [0256.994] GetForegroundWindow () returned 0x10080 [0256.994] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0256.994] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0256.995] CoTaskMemFree (pv=0x1c08a420) [0257.118] GetForegroundWindow () returned 0x10080 [0257.118] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0257.118] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0257.119] CoTaskMemFree (pv=0x1c08a000) [0257.120] GetForegroundWindow () returned 0x10080 [0257.120] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0257.120] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0257.120] CoTaskMemFree (pv=0x1c08ac60) [0257.180] GetForegroundWindow () returned 0x10080 [0257.180] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0257.180] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0257.180] CoTaskMemFree (pv=0x1c08a420) [0257.181] GetForegroundWindow () returned 0x100d4 [0257.182] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0257.182] EnumProcesses (in: lpidProcess=0x29122e8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x29122e8, lpcbNeeded=0x1be8f450) returned 1 [0257.183] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12861048, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12861048, ResultLength=0x1be8f3f0*=0xf6e8) returned 0x0 [0257.183] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0257.183] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0257.183] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089df0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0257.184] CoTaskMemFree (pv=0x1c089df0) [0257.314] GetForegroundWindow () returned 0x10080 [0257.314] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0257.314] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0257.314] CoTaskMemFree (pv=0x1c08aa50) [0257.315] GetForegroundWindow () returned 0x10080 [0257.315] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0257.315] EnumProcesses (in: lpidProcess=0x2930688, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2930688, lpcbNeeded=0x1be8f450) returned 1 [0257.316] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12881078, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12881078, ResultLength=0x1be8f3f0*=0xf6e8) returned 0x0 [0257.317] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0257.317] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0257.317] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0257.317] CoTaskMemFree (pv=0x1c08a000) [0257.446] GetForegroundWindow () returned 0x10080 [0257.446] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0257.446] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0257.446] CoTaskMemFree (pv=0x1c0893a0) [0257.447] GetForegroundWindow () returned 0x10080 [0257.447] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0257.447] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0257.447] CoTaskMemFree (pv=0x1c08a000) [0257.587] GetForegroundWindow () returned 0x100d4 [0257.587] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0257.587] EnumProcesses (in: lpidProcess=0x294f218, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x294f218, lpcbNeeded=0x1be8f460) returned 1 [0257.588] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a10a8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x128a10a8, ResultLength=0x1be8f400*=0xf6e8) returned 0x0 [0257.588] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0257.588] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0257.588] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089190, nMaxCount=256 | out: lpString="FolderView") returned 10 [0257.588] CoTaskMemFree (pv=0x1c089190) [0257.590] GetForegroundWindow () returned 0x10080 [0257.590] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0257.590] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0257.590] CoTaskMemFree (pv=0x1c08a210) [0257.711] GetForegroundWindow () returned 0x10080 [0257.711] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0257.712] EnumProcesses (in: lpidProcess=0x296d5b8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x296d5b8, lpcbNeeded=0x1be8f460) returned 1 [0257.712] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c10d8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x128c10d8, ResultLength=0x1be8f400*=0xf6e8) returned 0x0 [0257.713] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0257.713] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0257.713] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0257.714] CoTaskMemFree (pv=0x1c08a630) [0257.715] GetForegroundWindow () returned 0x10080 [0257.715] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0257.715] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0257.715] CoTaskMemFree (pv=0x1c088f80) [0257.915] GetForegroundWindow () returned 0x10080 [0257.915] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0257.915] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0257.915] CoTaskMemFree (pv=0x1c08a210) [0257.923] GetForegroundWindow () returned 0x100d4 [0257.923] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0257.923] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089df0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0257.923] CoTaskMemFree (pv=0x1c089df0) [0258.055] GetForegroundWindow () returned 0x10080 [0258.055] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0258.055] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0258.056] CoTaskMemFree (pv=0x1c0895b0) [0258.057] GetForegroundWindow () returned 0x10080 [0258.057] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0258.057] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0258.057] CoTaskMemFree (pv=0x1c0893a0) [0258.180] GetForegroundWindow () returned 0x10080 [0258.180] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0258.180] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0258.180] CoTaskMemFree (pv=0x1c089be0) [0258.181] GetForegroundWindow () returned 0x10080 [0258.181] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0258.181] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0258.181] CoTaskMemFree (pv=0x1c08a630) [0258.366] GetForegroundWindow () returned 0x100d4 [0258.366] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0258.366] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a630, nMaxCount=256 | out: lpString="FolderView") returned 10 [0258.366] CoTaskMemFree (pv=0x1c08a630) [0258.368] GetForegroundWindow () returned 0x10080 [0258.368] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0258.368] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0258.368] CoTaskMemFree (pv=0x1c08a420) [0258.492] GetForegroundWindow () returned 0x10080 [0258.492] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0258.493] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0258.493] CoTaskMemFree (pv=0x1c08a210) [0258.494] GetForegroundWindow () returned 0x10080 [0258.494] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0258.494] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0258.494] CoTaskMemFree (pv=0x1c0897c0) [0258.617] GetForegroundWindow () returned 0x10080 [0258.618] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0258.618] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0258.618] CoTaskMemFree (pv=0x1c08aa50) [0258.619] GetForegroundWindow () returned 0x100d4 [0258.619] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0258.619] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a420, nMaxCount=256 | out: lpString="FolderView") returned 10 [0258.619] CoTaskMemFree (pv=0x1c08a420) [0258.743] GetForegroundWindow () returned 0x10080 [0258.743] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0258.743] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0258.743] CoTaskMemFree (pv=0x1c08a210) [0258.745] GetForegroundWindow () returned 0x10080 [0258.745] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0258.745] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0258.745] CoTaskMemFree (pv=0x1c08aa50) [0258.873] GetForegroundWindow () returned 0x10080 [0258.873] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0258.873] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0258.874] CoTaskMemFree (pv=0x1c0897c0) [0258.875] GetForegroundWindow () returned 0x10080 [0258.875] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0258.875] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0258.875] CoTaskMemFree (pv=0x1c089190) [0258.993] GetForegroundWindow () returned 0x100d4 [0258.993] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0258.993] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0258.993] CoTaskMemFree (pv=0x1c0897c0) [0258.994] GetForegroundWindow () returned 0x10080 [0258.994] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0258.994] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0258.994] CoTaskMemFree (pv=0x1c089be0) [0259.118] GetForegroundWindow () returned 0x10080 [0259.118] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0259.118] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0259.119] CoTaskMemFree (pv=0x1c08a840) [0259.120] GetForegroundWindow () returned 0x10080 [0259.120] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0259.120] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0259.120] CoTaskMemFree (pv=0x1c0893a0) [0259.258] GetForegroundWindow () returned 0x10080 [0259.258] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0259.258] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0259.258] CoTaskMemFree (pv=0x1c08a000) [0259.259] GetForegroundWindow () returned 0x100d4 [0259.260] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0259.260] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="FolderView") returned 10 [0259.260] CoTaskMemFree (pv=0x1c08ac60) [0259.383] GetForegroundWindow () returned 0x10080 [0259.383] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0259.383] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0259.384] CoTaskMemFree (pv=0x1c08a630) [0259.385] GetForegroundWindow () returned 0x10080 [0259.385] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0259.385] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0259.385] CoTaskMemFree (pv=0x1c089df0) [0259.510] GetForegroundWindow () returned 0x10080 [0259.510] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0259.510] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0259.510] CoTaskMemFree (pv=0x1c089be0) [0259.511] GetForegroundWindow () returned 0x10080 [0259.512] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0259.512] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0259.512] CoTaskMemFree (pv=0x1c08a000) [0259.633] GetForegroundWindow () returned 0x100d4 [0259.633] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0259.633] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a210, nMaxCount=256 | out: lpString="FolderView") returned 10 [0259.634] CoTaskMemFree (pv=0x1c08a210) [0259.635] GetForegroundWindow () returned 0x10080 [0259.635] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0259.635] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0259.635] CoTaskMemFree (pv=0x1c0893a0) [0259.758] GetForegroundWindow () returned 0x10080 [0259.758] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0259.758] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0259.759] CoTaskMemFree (pv=0x1c08a630) [0259.760] GetForegroundWindow () returned 0x10080 [0259.760] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0259.760] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0259.760] CoTaskMemFree (pv=0x1c08a210) [0259.884] GetForegroundWindow () returned 0x10080 [0259.884] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0259.884] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0259.884] CoTaskMemFree (pv=0x1c089be0) [0259.885] GetForegroundWindow () returned 0x100d4 [0259.885] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0259.885] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c088f80, nMaxCount=256 | out: lpString="FolderView") returned 10 [0259.885] CoTaskMemFree (pv=0x1c088f80) [0260.009] GetForegroundWindow () returned 0x10080 [0260.009] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0260.009] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0260.009] CoTaskMemFree (pv=0x1c08a210) [0260.010] GetForegroundWindow () returned 0x10080 [0260.010] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0260.010] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0260.011] CoTaskMemFree (pv=0x1c08ac60) [0260.135] GetForegroundWindow () returned 0x10080 [0260.135] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0260.135] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0260.136] CoTaskMemFree (pv=0x1c089df0) [0260.137] GetForegroundWindow () returned 0x10080 [0260.137] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0260.137] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0260.137] CoTaskMemFree (pv=0x1c0897c0) [0260.260] GetForegroundWindow () returned 0x100d4 [0260.260] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0260.260] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a210, nMaxCount=256 | out: lpString="FolderView") returned 10 [0260.260] CoTaskMemFree (pv=0x1c08a210) [0260.261] GetForegroundWindow () returned 0x10080 [0260.261] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0260.261] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0260.262] CoTaskMemFree (pv=0x1c0899d0) [0260.400] GetForegroundWindow () returned 0x10080 [0260.400] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0260.400] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0260.403] CoTaskMemFree (pv=0x1c089190) [0260.405] GetForegroundWindow () returned 0x10080 [0260.405] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0260.405] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0260.405] CoTaskMemFree (pv=0x1c089be0) [0260.530] GetForegroundWindow () returned 0x10080 [0260.530] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0260.530] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0260.530] CoTaskMemFree (pv=0x1c08a840) [0260.531] GetForegroundWindow () returned 0x100d4 [0260.532] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0260.532] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0260.532] CoTaskMemFree (pv=0x1c0893a0) [0260.650] GetForegroundWindow () returned 0x10080 [0260.651] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0260.651] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0260.651] CoTaskMemFree (pv=0x1c088f80) [0260.652] GetForegroundWindow () returned 0x10080 [0260.652] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0260.652] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0260.652] CoTaskMemFree (pv=0x1c08a630) [0260.775] GetForegroundWindow () returned 0x10080 [0260.776] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0260.776] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0260.776] CoTaskMemFree (pv=0x1c08a210) [0260.777] GetForegroundWindow () returned 0x10080 [0260.777] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0260.777] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0260.777] CoTaskMemFree (pv=0x1c088f80) [0260.900] GetForegroundWindow () returned 0x100d4 [0260.901] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0260.901] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a210, nMaxCount=256 | out: lpString="FolderView") returned 10 [0260.901] CoTaskMemFree (pv=0x1c08a210) [0260.902] GetForegroundWindow () returned 0x10080 [0260.902] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0260.902] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0260.902] CoTaskMemFree (pv=0x1c0893a0) [0261.025] GetForegroundWindow () returned 0x10080 [0261.026] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0261.026] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0261.026] CoTaskMemFree (pv=0x1c08aa50) [0261.027] GetForegroundWindow () returned 0x10080 [0261.027] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0261.027] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0261.027] CoTaskMemFree (pv=0x1c08a840) [0261.178] GetForegroundWindow () returned 0x10080 [0261.178] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0261.178] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0261.178] CoTaskMemFree (pv=0x1c089190) [0261.179] GetForegroundWindow () returned 0x100d4 [0261.180] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0261.180] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0261.180] CoTaskMemFree (pv=0x1c08aa50) [0261.228] GetForegroundWindow () returned 0x10080 [0261.229] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0261.229] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0261.229] CoTaskMemFree (pv=0x1c0895b0) [0261.230] GetForegroundWindow () returned 0x10080 [0261.230] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0261.230] EnumProcesses (in: lpidProcess=0x2930fc8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2930fc8, lpcbNeeded=0x1be8f450) returned 1 [0261.231] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12881078, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12881078, ResultLength=0x1be8f3f0*=0xf6e8) returned 0x0 [0261.232] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0261.232] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0261.232] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0261.232] CoTaskMemFree (pv=0x1c08a630) [0261.369] GetForegroundWindow () returned 0x10080 [0261.369] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0261.369] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0261.370] CoTaskMemFree (pv=0x1c08aa50) [0261.371] GetForegroundWindow () returned 0x10080 [0261.371] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0261.371] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0261.371] CoTaskMemFree (pv=0x1c08a210) [0261.494] GetForegroundWindow () returned 0x100d4 [0261.494] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0261.494] EnumProcesses (in: lpidProcess=0x294fb58, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x294fb58, lpcbNeeded=0x1be8f460) returned 1 [0261.496] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a10a8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x128a10a8, ResultLength=0x1be8f400*=0xf6e8) returned 0x0 [0261.496] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0261.497] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0261.497] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a000, nMaxCount=256 | out: lpString="FolderView") returned 10 [0261.497] CoTaskMemFree (pv=0x1c08a000) [0261.498] GetForegroundWindow () returned 0x10080 [0261.498] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0261.498] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0261.499] CoTaskMemFree (pv=0x1c08a840) [0261.619] GetForegroundWindow () returned 0x10080 [0261.619] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0261.619] EnumProcesses (in: lpidProcess=0x296def8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x296def8, lpcbNeeded=0x1be8f460) returned 1 [0261.620] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c10d8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x128c10d8, ResultLength=0x1be8f400*=0xf6e8) returned 0x0 [0261.621] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0261.621] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0261.621] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0261.621] CoTaskMemFree (pv=0x1c08a420) [0261.622] GetForegroundWindow () returned 0x10080 [0261.623] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0261.623] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0261.623] CoTaskMemFree (pv=0x1c089be0) [0261.746] GetForegroundWindow () returned 0x10080 [0261.746] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0261.746] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0261.747] CoTaskMemFree (pv=0x1c08a630) [0261.748] GetForegroundWindow () returned 0x100d4 [0261.748] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0261.748] EnumProcesses (in: lpidProcess=0x298c528, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x298c528, lpcbNeeded=0x1be8f450) returned 1 [0261.749] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x1299d8c0, ResultLength=0x1be8f3f0*=0xf6e8) returned 0x0 [0261.757] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0261.758] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0261.758] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0261.758] CoTaskMemFree (pv=0x1c0895b0) [0261.962] GetForegroundWindow () returned 0x10080 [0261.963] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0261.963] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0261.963] CoTaskMemFree (pv=0x1c089df0) [0261.964] GetForegroundWindow () returned 0x10080 [0261.964] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0261.964] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0261.964] CoTaskMemFree (pv=0x1c0899d0) [0262.088] GetForegroundWindow () returned 0x10080 [0262.088] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0262.088] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0262.088] CoTaskMemFree (pv=0x1c0899d0) [0262.090] GetForegroundWindow () returned 0x10080 [0262.090] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0262.090] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0262.090] CoTaskMemFree (pv=0x1c0895b0) [0262.213] GetForegroundWindow () returned 0x100d4 [0262.213] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0262.213] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c088f80, nMaxCount=256 | out: lpString="FolderView") returned 10 [0262.213] CoTaskMemFree (pv=0x1c088f80) [0262.214] GetForegroundWindow () returned 0x10080 [0262.214] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0262.214] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0262.215] CoTaskMemFree (pv=0x1c0899d0) [0262.338] GetForegroundWindow () returned 0x10080 [0262.338] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0262.338] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0262.338] CoTaskMemFree (pv=0x1c08a630) [0262.339] GetForegroundWindow () returned 0x10080 [0262.340] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0262.340] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0262.340] CoTaskMemFree (pv=0x1c089df0) [0262.463] GetForegroundWindow () returned 0x10080 [0262.463] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0262.463] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0262.464] CoTaskMemFree (pv=0x1c0897c0) [0262.465] GetForegroundWindow () returned 0x100d4 [0262.465] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0262.465] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0262.465] CoTaskMemFree (pv=0x1c0895b0) [0262.588] GetForegroundWindow () returned 0x10080 [0262.588] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0262.588] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0262.588] CoTaskMemFree (pv=0x1c0897c0) [0262.590] GetForegroundWindow () returned 0x10080 [0262.590] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0262.590] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0262.590] CoTaskMemFree (pv=0x1c08a210) [0262.713] GetForegroundWindow () returned 0x10080 [0262.713] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0262.713] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0262.713] CoTaskMemFree (pv=0x1c08aa50) [0262.714] GetForegroundWindow () returned 0x10080 [0262.715] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0262.715] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0262.715] CoTaskMemFree (pv=0x1c08aa50) [0262.857] GetForegroundWindow () returned 0x100d4 [0262.857] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0262.857] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089be0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0262.857] CoTaskMemFree (pv=0x1c089be0) [0262.858] GetForegroundWindow () returned 0x10080 [0262.858] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0262.858] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0262.859] CoTaskMemFree (pv=0x1c08ac60) [0262.978] GetForegroundWindow () returned 0x10080 [0262.978] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0262.978] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0262.979] CoTaskMemFree (pv=0x1c08aa50) [0262.980] GetForegroundWindow () returned 0x10080 [0262.980] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0262.980] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0262.980] CoTaskMemFree (pv=0x1c089df0) [0263.119] GetForegroundWindow () returned 0x10080 [0263.119] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0263.119] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0263.119] CoTaskMemFree (pv=0x1c0895b0) [0263.121] GetForegroundWindow () returned 0x100d4 [0263.121] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0263.121] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0263.121] CoTaskMemFree (pv=0x1c0897c0) [0263.228] GetLastInputInfo (in: plii=0x1be8f580 | out: plii=0x1be8f580*(cbSize=0x8, dwTime=0x1b9d5)) returned 1 [0263.312] GetForegroundWindow () returned 0x10080 [0263.312] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0263.312] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0263.312] CoTaskMemFree (pv=0x1c0893a0) [0263.313] GetForegroundWindow () returned 0x10080 [0263.314] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0263.314] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0263.314] CoTaskMemFree (pv=0x1c08a630) [0263.434] GetForegroundWindow () returned 0x10080 [0263.434] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0263.435] EnumProcesses (in: lpidProcess=0x2800020, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2800020, lpcbNeeded=0x1be8f460) returned 1 [0263.435] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12740a78, ResultLength=0x1be8f400*=0xf648) returned 0x0 [0263.436] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0263.437] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0263.437] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0263.437] CoTaskMemFree (pv=0x1c08a000) [0263.438] GetForegroundWindow () returned 0x10080 [0263.438] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0263.438] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0263.438] CoTaskMemFree (pv=0x1c0899d0) [0263.557] GetForegroundWindow () returned 0x100d4 [0263.557] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0263.557] EnumProcesses (in: lpidProcess=0x281e1e0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x281e1e0, lpcbNeeded=0x1be8f460) returned 1 [0263.558] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12760aa8, ResultLength=0x1be8f400*=0xf648) returned 0x0 [0263.559] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0263.559] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0263.559] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0263.559] CoTaskMemFree (pv=0x1c0895b0) [0263.560] GetForegroundWindow () returned 0x10080 [0263.560] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0263.560] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0263.561] CoTaskMemFree (pv=0x1c08a420) [0263.682] GetForegroundWindow () returned 0x10080 [0263.682] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0263.682] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0263.682] CoTaskMemFree (pv=0x1c08ac60) [0263.683] GetForegroundWindow () returned 0x10080 [0263.683] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0263.684] EnumProcesses (in: lpidProcess=0x2877350, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2877350, lpcbNeeded=0x1be8f450) returned 1 [0263.685] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127c0b38, ResultLength=0x1be8f3f0*=0xf5f8) returned 0x0 [0263.685] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0263.685] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0263.686] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0263.686] CoTaskMemFree (pv=0x1c0899d0) [0263.807] GetForegroundWindow () returned 0x10080 [0263.807] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0263.807] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0263.807] CoTaskMemFree (pv=0x1c088f80) [0263.808] GetForegroundWindow () returned 0x100d4 [0263.808] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0263.809] EnumProcesses (in: lpidProcess=0x2895480, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2895480, lpcbNeeded=0x1be8f450) returned 1 [0263.809] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127e0b68, ResultLength=0x1be8f3f0*=0xf5f8) returned 0x0 [0263.810] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0263.810] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0263.810] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0263.811] CoTaskMemFree (pv=0x1c0895b0) [0263.944] GetForegroundWindow () returned 0x10080 [0263.945] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0263.945] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0263.945] CoTaskMemFree (pv=0x1c08a000) [0263.946] GetForegroundWindow () returned 0x10080 [0263.946] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0263.946] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0263.947] CoTaskMemFree (pv=0x1c0897c0) [0264.072] GetForegroundWindow () returned 0x10080 [0264.072] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0264.072] EnumProcesses (in: lpidProcess=0x28eeb38, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28eeb38, lpcbNeeded=0x1be8f460) returned 1 [0264.073] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12841018, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12841018, ResultLength=0x1be8f400*=0xf5f8) returned 0x0 [0264.074] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0264.074] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0264.074] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0264.075] CoTaskMemFree (pv=0x1c089190) [0264.076] GetForegroundWindow () returned 0x10080 [0264.076] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0264.076] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0264.076] CoTaskMemFree (pv=0x1c08ac60) [0264.197] GetForegroundWindow () returned 0x100d4 [0264.197] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0264.197] EnumProcesses (in: lpidProcess=0x290cc68, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x290cc68, lpcbNeeded=0x1be8f460) returned 1 [0264.198] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12861048, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12861048, ResultLength=0x1be8f400*=0xf5f8) returned 0x0 [0264.199] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0264.199] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0264.199] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089190, nMaxCount=256 | out: lpString="FolderView") returned 10 [0264.200] CoTaskMemFree (pv=0x1c089190) [0264.201] GetForegroundWindow () returned 0x10080 [0264.201] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0264.201] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0264.201] CoTaskMemFree (pv=0x1c089190) [0264.322] GetForegroundWindow () returned 0x10080 [0264.322] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0264.322] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0264.323] CoTaskMemFree (pv=0x1c08ac60) [0264.327] GetForegroundWindow () returned 0x10080 [0264.327] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0264.327] EnumProcesses (in: lpidProcess=0x2965d48, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2965d48, lpcbNeeded=0x1be8f450) returned 1 [0264.328] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c10d8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x128c10d8, ResultLength=0x1be8f3f0*=0xf5f8) returned 0x0 [0264.329] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0264.329] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0264.329] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0264.329] CoTaskMemFree (pv=0x1c0897c0) [0264.447] GetForegroundWindow () returned 0x10080 [0264.447] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0264.447] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0264.447] CoTaskMemFree (pv=0x1c089be0) [0264.448] GetForegroundWindow () returned 0x100d4 [0264.448] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0264.448] EnumProcesses (in: lpidProcess=0x2983e78, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2983e78, lpcbNeeded=0x1be8f450) returned 1 [0264.449] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x1299d8c0, ResultLength=0x1be8f3f0*=0xf5f8) returned 0x0 [0264.450] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0264.450] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0264.450] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a840, nMaxCount=256 | out: lpString="FolderView") returned 10 [0264.450] CoTaskMemFree (pv=0x1c08a840) [0264.588] GetForegroundWindow () returned 0x10080 [0264.588] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0264.588] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0264.588] CoTaskMemFree (pv=0x1c0899d0) [0264.589] GetForegroundWindow () returned 0x10080 [0264.589] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0264.589] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0264.589] CoTaskMemFree (pv=0x1c0899d0) [0264.712] GetForegroundWindow () returned 0x10080 [0264.713] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0264.713] EnumProcesses (in: lpidProcess=0x27edb68, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27edb68, lpcbNeeded=0x1be8f460) returned 1 [0264.714] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x129fd950, ResultLength=0x1be8f400*=0xf5f8) returned 0x0 [0264.716] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0264.717] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0264.717] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0264.717] CoTaskMemFree (pv=0x1c089190) [0264.718] GetForegroundWindow () returned 0x10080 [0264.718] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0264.718] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0264.718] CoTaskMemFree (pv=0x1c08a000) [0264.838] GetForegroundWindow () returned 0x100d4 [0264.838] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0264.838] EnumProcesses (in: lpidProcess=0x280bc98, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x280bc98, lpcbNeeded=0x1be8f460) returned 1 [0264.840] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12a1d980, ResultLength=0x1be8f400*=0xf5f8) returned 0x0 [0264.842] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0264.842] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0264.842] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a000, nMaxCount=256 | out: lpString="FolderView") returned 10 [0264.842] CoTaskMemFree (pv=0x1c08a000) [0264.847] GetForegroundWindow () returned 0x10080 [0264.847] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0264.847] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0264.847] CoTaskMemFree (pv=0x1c08aa50) [0264.900] GetForegroundWindow () returned 0x10080 [0264.900] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0264.900] EnumProcesses (in: lpidProcess=0x28298f0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28298f0, lpcbNeeded=0x1be8f460) returned 1 [0264.902] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1be8f400*=0xf5f8) returned 0x0 [0264.905] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0264.906] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0264.906] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0264.906] CoTaskMemFree (pv=0x1c0893a0) [0264.907] GetForegroundWindow () returned 0x10080 [0264.907] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0264.907] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0264.908] CoTaskMemFree (pv=0x1c089df0) [0265.025] GetForegroundWindow () returned 0x10080 [0265.025] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0265.025] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0265.025] CoTaskMemFree (pv=0x1c08aa50) [0265.026] GetForegroundWindow () returned 0x100d4 [0265.026] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0265.026] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089df0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0265.027] CoTaskMemFree (pv=0x1c089df0) [0265.150] GetForegroundWindow () returned 0x10080 [0265.150] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0265.150] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0265.150] CoTaskMemFree (pv=0x1c0897c0) [0265.151] GetForegroundWindow () returned 0x10080 [0265.151] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0265.151] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0265.152] CoTaskMemFree (pv=0x1c08a000) [0265.228] GetLastInputInfo (in: plii=0x1be8f580 | out: plii=0x1be8f580*(cbSize=0x8, dwTime=0x1b9d5)) returned 1 [0265.360] GetForegroundWindow () returned 0x10080 [0265.361] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0265.361] EnumProcesses (in: lpidProcess=0x27c2288, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27c2288, lpcbNeeded=0x1be8f460) returned 1 [0265.362] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12700a18, ResultLength=0x1be8f400*=0xf5f8) returned 0x0 [0265.362] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0265.362] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0265.363] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0265.363] CoTaskMemFree (pv=0x1c08a210) [0265.364] GetForegroundWindow () returned 0x10080 [0265.364] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0265.364] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0265.364] CoTaskMemFree (pv=0x1c089be0) [0265.509] GetForegroundWindow () returned 0x100d4 [0265.509] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0265.509] EnumProcesses (in: lpidProcess=0x27e0ee0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27e0ee0, lpcbNeeded=0x1be8f460) returned 1 [0265.510] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12720a48, ResultLength=0x1be8f400*=0xf5f8) returned 0x0 [0265.511] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0265.511] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0265.511] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a000, nMaxCount=256 | out: lpString="FolderView") returned 10 [0265.511] CoTaskMemFree (pv=0x1c08a000) [0265.512] GetForegroundWindow () returned 0x10080 [0265.513] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0265.513] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0265.513] CoTaskMemFree (pv=0x1c089190) [0265.641] GetForegroundWindow () returned 0x10080 [0265.641] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0265.641] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0265.642] CoTaskMemFree (pv=0x1c08a420) [0265.643] GetForegroundWindow () returned 0x10080 [0265.643] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0265.643] EnumProcesses (in: lpidProcess=0x2839fc0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2839fc0, lpcbNeeded=0x1be8f450) returned 1 [0265.644] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12780ad8, ResultLength=0x1be8f3f0*=0xf5f8) returned 0x0 [0265.645] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0265.645] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0265.645] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0265.645] CoTaskMemFree (pv=0x1c088f80) [0265.767] GetForegroundWindow () returned 0x10080 [0265.767] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0265.767] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0265.767] CoTaskMemFree (pv=0x1c08a630) [0265.768] GetForegroundWindow () returned 0x100d4 [0265.768] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0265.769] EnumProcesses (in: lpidProcess=0x28580f0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x28580f0, lpcbNeeded=0x1be8f450) returned 1 [0265.770] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127a0b08, ResultLength=0x1be8f3f0*=0xf5f8) returned 0x0 [0265.770] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0265.771] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0265.771] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089df0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0265.771] CoTaskMemFree (pv=0x1c089df0) [0265.893] WSASend (in: s=0x410, lpBuffers=0x1be8f2e0*=((len=0xc, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1be8f2d8, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1be8f2d8*=0xc, lpOverlapped=0x27ce1c8) returned 0 [0265.895] GetForegroundWindow () returned 0x10080 [0265.895] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0265.895] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0265.896] CoTaskMemFree (pv=0x1c08a840) [0265.896] GetForegroundWindow () returned 0x10080 [0265.896] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0265.897] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0265.897] CoTaskMemFree (pv=0x1c08ac60) [0266.016] GetForegroundWindow () returned 0x10080 [0266.016] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0266.017] EnumProcesses (in: lpidProcess=0x28b18f8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28b18f8, lpcbNeeded=0x1be8f460) returned 1 [0266.017] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800fb8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12800fb8, ResultLength=0x1be8f400*=0xf5f8) returned 0x0 [0266.018] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0266.018] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0266.018] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0266.019] CoTaskMemFree (pv=0x1c08a840) [0266.020] GetForegroundWindow () returned 0x10080 [0266.020] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0266.020] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0266.020] CoTaskMemFree (pv=0x1c08a420) [0266.141] GetForegroundWindow () returned 0x100d4 [0266.141] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0266.141] EnumProcesses (in: lpidProcess=0x28d00a0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28d00a0, lpcbNeeded=0x1be8f460) returned 1 [0266.142] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820fe8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12820fe8, ResultLength=0x1be8f400*=0xf5f8) returned 0x0 [0266.143] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0266.143] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0266.143] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0266.143] CoTaskMemFree (pv=0x1c0895b0) [0266.144] GetForegroundWindow () returned 0x10080 [0266.144] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0266.144] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0266.144] CoTaskMemFree (pv=0x1c08a210) [0266.269] GetForegroundWindow () returned 0x10080 [0266.269] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0266.269] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0266.269] CoTaskMemFree (pv=0x1c08aa50) [0266.270] GetForegroundWindow () returned 0x10080 [0266.270] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0266.270] EnumProcesses (in: lpidProcess=0x2929180, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2929180, lpcbNeeded=0x1be8f450) returned 1 [0266.271] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12881078, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12881078, ResultLength=0x1be8f3f0*=0xf5f8) returned 0x0 [0266.272] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0266.272] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0266.272] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0266.272] CoTaskMemFree (pv=0x1c0893a0) [0266.391] GetForegroundWindow () returned 0x10080 [0266.391] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0266.392] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0266.392] CoTaskMemFree (pv=0x1c08a000) [0266.393] GetForegroundWindow () returned 0x100d4 [0266.393] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0266.393] EnumProcesses (in: lpidProcess=0x29472b0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x29472b0, lpcbNeeded=0x1be8f450) returned 1 [0266.394] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a10a8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x128a10a8, ResultLength=0x1be8f3f0*=0xf5f8) returned 0x0 [0266.395] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0266.395] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0266.395] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0266.396] CoTaskMemFree (pv=0x1c0893a0) [0266.517] GetForegroundWindow () returned 0x10080 [0266.517] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0266.517] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0266.517] CoTaskMemFree (pv=0x1c08a420) [0266.519] GetForegroundWindow () returned 0x10080 [0266.519] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0266.519] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0266.519] CoTaskMemFree (pv=0x1c089df0) [0266.647] GetForegroundWindow () returned 0x10080 [0266.647] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0266.647] EnumProcesses (in: lpidProcess=0x29a08f0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x29a08f0, lpcbNeeded=0x1be8f460) returned 1 [0266.649] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x129bd8f0, ResultLength=0x1be8f400*=0xf5f8) returned 0x0 [0266.656] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0266.656] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0266.656] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0266.657] CoTaskMemFree (pv=0x1c0895b0) [0266.658] GetForegroundWindow () returned 0x10080 [0266.658] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0266.658] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0266.658] CoTaskMemFree (pv=0x1c08a000) [0266.779] GetForegroundWindow () returned 0x100d4 [0266.779] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0266.779] EnumProcesses (in: lpidProcess=0x27cf328, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27cf328, lpcbNeeded=0x1be8f460) returned 1 [0266.781] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x129dd920, ResultLength=0x1be8f400*=0xf5f8) returned 0x0 [0266.783] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0266.784] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0266.784] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0266.784] CoTaskMemFree (pv=0x1c08aa50) [0266.785] GetForegroundWindow () returned 0x10080 [0266.785] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0266.785] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0266.785] CoTaskMemFree (pv=0x1c089df0) [0266.921] GetForegroundWindow () returned 0x10080 [0266.921] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0266.921] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0266.921] CoTaskMemFree (pv=0x1c089df0) [0266.922] GetForegroundWindow () returned 0x10080 [0266.922] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0266.922] EnumProcesses (in: lpidProcess=0x2828480, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2828480, lpcbNeeded=0x1be8f450) returned 1 [0266.924] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1be8f3f0*=0xf5f8) returned 0x0 [0266.926] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0266.927] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0266.927] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0266.927] CoTaskMemFree (pv=0x1c08a210) [0267.045] GetForegroundWindow () returned 0x10080 [0267.045] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0267.045] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0267.045] CoTaskMemFree (pv=0x1c089190) [0267.046] GetForegroundWindow () returned 0x100d4 [0267.046] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0267.047] EnumProcesses (in: lpidProcess=0x28465b0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x28465b0, lpcbNeeded=0x1be8f450) returned 1 [0267.051] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1be8f3f0*=0xf5f8) returned 0x0 [0267.054] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0267.054] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0267.054] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a630, nMaxCount=256 | out: lpString="FolderView") returned 10 [0267.054] CoTaskMemFree (pv=0x1c08a630) [0267.170] GetForegroundWindow () returned 0x10080 [0267.170] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0267.170] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0267.170] CoTaskMemFree (pv=0x1c088f80) [0267.171] GetForegroundWindow () returned 0x10080 [0267.171] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0267.171] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0267.172] CoTaskMemFree (pv=0x1c0893a0) [0267.310] GetForegroundWindow () returned 0x10080 [0267.310] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0267.311] EnumProcesses (in: lpidProcess=0x27c22e0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27c22e0, lpcbNeeded=0x1be8f460) returned 1 [0267.311] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12700a18, ResultLength=0x1be8f400*=0xf5f8) returned 0x0 [0267.312] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0267.312] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0267.312] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0267.313] CoTaskMemFree (pv=0x1c08aa50) [0267.314] GetForegroundWindow () returned 0x10080 [0267.314] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0267.314] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0267.314] CoTaskMemFree (pv=0x1c0899d0) [0267.511] GetForegroundWindow () returned 0x100d4 [0267.512] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0267.512] EnumProcesses (in: lpidProcess=0x27e0c68, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27e0c68, lpcbNeeded=0x1be8f460) returned 1 [0267.513] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12720a48, ResultLength=0x1be8f400*=0xf698) returned 0x0 [0267.513] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0267.514] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0267.514] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089df0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0267.514] CoTaskMemFree (pv=0x1c089df0) [0267.515] GetForegroundWindow () returned 0x10080 [0267.515] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0267.515] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0267.515] CoTaskMemFree (pv=0x1c08ac60) [0268.401] GetForegroundWindow () returned 0x10080 [0268.401] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0268.401] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0268.401] CoTaskMemFree (pv=0x1c088f80) [0268.402] GetForegroundWindow () returned 0x10080 [0268.402] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0268.402] EnumProcesses (in: lpidProcess=0x283a360, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x283a360, lpcbNeeded=0x1be8f450) returned 1 [0268.403] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12780ad8, ResultLength=0x1be8f3f0*=0xf828) returned 0x0 [0268.404] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0268.405] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0268.405] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0268.405] CoTaskMemFree (pv=0x1c08ac60) [0268.779] GetForegroundWindow () returned 0x10080 [0268.779] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0268.779] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0268.779] CoTaskMemFree (pv=0x1c08a420) [0268.780] GetForegroundWindow () returned 0x100d4 [0268.781] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0268.781] EnumProcesses (in: lpidProcess=0x2858880, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2858880, lpcbNeeded=0x1be8f450) returned 1 [0268.782] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127a0b08, ResultLength=0x1be8f3f0*=0xf968) returned 0x0 [0268.782] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0268.782] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0268.782] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089be0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0268.783] CoTaskMemFree (pv=0x1c089be0) [0268.973] GetForegroundWindow () returned 0x10080 [0268.973] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0268.973] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0268.973] CoTaskMemFree (pv=0x1c0899d0) [0268.974] GetForegroundWindow () returned 0x10080 [0268.974] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0268.974] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0268.975] CoTaskMemFree (pv=0x1c08aa50) [0269.249] GetForegroundWindow () returned 0x10080 [0269.249] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0269.250] EnumProcesses (in: lpidProcess=0x28b3db0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28b3db0, lpcbNeeded=0x1be8f460) returned 1 [0269.251] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800fb8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12800fb8, ResultLength=0x1be8f400*=0xf968) returned 0x0 [0269.251] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0269.252] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0269.252] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0269.252] CoTaskMemFree (pv=0x1c08aa50) [0269.253] GetLastInputInfo (in: plii=0x1be8f580 | out: plii=0x1be8f580*(cbSize=0x8, dwTime=0x1b9d5)) returned 1 [0269.254] GetForegroundWindow () returned 0x10080 [0269.254] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0269.254] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0269.254] CoTaskMemFree (pv=0x1c08aa50) [0269.604] GetForegroundWindow () returned 0x100d4 [0269.604] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0269.604] EnumProcesses (in: lpidProcess=0x28d29f0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28d29f0, lpcbNeeded=0x1be8f460) returned 1 [0269.605] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820fe8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12820fe8, ResultLength=0x1be8f400*=0xf9b8) returned 0x0 [0269.606] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0269.606] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0269.606] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0269.606] CoTaskMemFree (pv=0x1c0899d0) [0269.607] GetForegroundWindow () returned 0x10080 [0269.607] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0269.607] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0269.607] CoTaskMemFree (pv=0x1c0893a0) [0270.336] GetForegroundWindow () returned 0x10080 [0270.338] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0270.338] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0270.339] CoTaskMemFree (pv=0x1c08aa50) [0270.340] GetForegroundWindow () returned 0x10080 [0270.340] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0270.340] EnumProcesses (in: lpidProcess=0x292ded0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x292ded0, lpcbNeeded=0x1be8f450) returned 1 [0270.340] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12881078, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12881078, ResultLength=0x1be8f3f0*=0xfaf8) returned 0x0 [0270.341] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0270.341] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0270.341] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0270.341] CoTaskMemFree (pv=0x1c088f80) [0270.459] GetForegroundWindow () returned 0x10080 [0270.459] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0270.459] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0270.461] CoTaskMemFree (pv=0x1c0893a0) [0270.462] GetForegroundWindow () returned 0x100d4 [0270.462] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0270.462] EnumProcesses (in: lpidProcess=0x294cff8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x294cff8, lpcbNeeded=0x1be8f450) returned 1 [0270.463] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a10a8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x128a10a8, ResultLength=0x1be8f3f0*=0xfaf8) returned 0x0 [0270.464] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0270.464] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0270.464] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0270.464] CoTaskMemFree (pv=0x1c0895b0) [0270.642] GetForegroundWindow () returned 0x10080 [0270.642] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0270.642] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0270.642] CoTaskMemFree (pv=0x1c0895b0) [0270.643] GetForegroundWindow () returned 0x10080 [0270.643] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0270.643] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0270.643] CoTaskMemFree (pv=0x1c089df0) [0270.820] GetForegroundWindow () returned 0x10080 [0270.820] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0270.820] EnumProcesses (in: lpidProcess=0x27c09e0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27c09e0, lpcbNeeded=0x1be8f460) returned 1 [0270.822] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x129bd8f0, ResultLength=0x1be8f400*=0xfd78) returned 0x0 [0270.826] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0270.826] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0270.826] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0270.826] CoTaskMemFree (pv=0x1c0895b0) [0270.827] GetForegroundWindow () returned 0x10080 [0270.827] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0270.827] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0270.828] CoTaskMemFree (pv=0x1c0899d0) [0271.154] GetForegroundWindow () returned 0x100d4 [0271.154] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0271.154] EnumProcesses (in: lpidProcess=0x27e0548, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27e0548, lpcbNeeded=0x1be8f460) returned 1 [0271.156] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x129dd920, ResultLength=0x1be8f400*=0xfd78) returned 0x0 [0271.159] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0271.159] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0271.159] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a420, nMaxCount=256 | out: lpString="FolderView") returned 10 [0271.160] CoTaskMemFree (pv=0x1c08a420) [0271.161] GetForegroundWindow () returned 0x10080 [0271.161] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0271.161] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0271.162] CoTaskMemFree (pv=0x1c089190) [0271.326] GetForegroundWindow () returned 0x10080 [0271.326] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0271.326] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0271.326] CoTaskMemFree (pv=0x1c08ac60) [0271.327] GetLastInputInfo (in: plii=0x1be8f580 | out: plii=0x1be8f580*(cbSize=0x8, dwTime=0x1e133)) returned 1 [0271.328] GetForegroundWindow () returned 0x10080 [0271.328] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0271.328] EnumProcesses (in: lpidProcess=0x283ce50, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x283ce50, lpcbNeeded=0x1be8f450) returned 1 [0271.330] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1be8f3f0*=0xfd78) returned 0x0 [0271.333] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0271.333] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0271.333] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0271.334] CoTaskMemFree (pv=0x1c08a210) [0271.521] GetForegroundWindow () returned 0x10080 [0271.521] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0271.521] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0271.522] CoTaskMemFree (pv=0x1c08aa50) [0271.523] GetForegroundWindow () returned 0x100d4 [0271.523] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0271.523] EnumProcesses (in: lpidProcess=0x285c220, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x285c220, lpcbNeeded=0x1be8f450) returned 1 [0271.525] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1be8f3f0*=0xfdc8) returned 0x0 [0271.528] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0271.529] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0271.529] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="FolderView") returned 10 [0271.529] CoTaskMemFree (pv=0x1c08ac60) [0271.663] WSASend (in: s=0x410, lpBuffers=0x1be8f2e0*=((len=0xc, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1be8f2d8, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1be8f2d8*=0xc, lpOverlapped=0x27ce1c8) returned 0 [0271.665] GetForegroundWindow () returned 0x10080 [0271.665] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0271.665] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0271.666] CoTaskMemFree (pv=0x1c08a210) [0271.666] GetForegroundWindow () returned 0x10080 [0271.666] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0271.666] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0271.667] CoTaskMemFree (pv=0x1c08aa50) [0271.972] GetForegroundWindow () returned 0x10080 [0271.972] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0271.972] EnumProcesses (in: lpidProcess=0x27c43f0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27c43f0, lpcbNeeded=0x1be8f460) returned 1 [0271.973] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12700a18, ResultLength=0x1be8f400*=0xfdc8) returned 0x0 [0271.974] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0271.974] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0271.974] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0271.975] CoTaskMemFree (pv=0x1c089be0) [0271.976] GetForegroundWindow () returned 0x10080 [0271.976] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0271.976] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0271.976] CoTaskMemFree (pv=0x1c089190) [0272.099] GetForegroundWindow () returned 0x100d4 [0272.100] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0272.100] EnumProcesses (in: lpidProcess=0x27e4150, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27e4150, lpcbNeeded=0x1be8f460) returned 1 [0272.101] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12720a48, ResultLength=0x1be8f400*=0xfdc8) returned 0x0 [0272.101] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0272.102] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0272.102] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a210, nMaxCount=256 | out: lpString="FolderView") returned 10 [0272.102] CoTaskMemFree (pv=0x1c08a210) [0272.103] GetForegroundWindow () returned 0x10080 [0272.103] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0272.103] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0272.103] CoTaskMemFree (pv=0x1c0893a0) [0272.225] GetForegroundWindow () returned 0x10080 [0272.225] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0272.225] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0272.225] CoTaskMemFree (pv=0x1c08a420) [0272.226] GetForegroundWindow () returned 0x10080 [0272.226] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0272.226] EnumProcesses (in: lpidProcess=0x2840da0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2840da0, lpcbNeeded=0x1be8f450) returned 1 [0272.227] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12780ad8, ResultLength=0x1be8f3f0*=0xfdc8) returned 0x0 [0272.228] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0272.228] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0272.228] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0272.229] CoTaskMemFree (pv=0x1c08ac60) [0272.350] GetForegroundWindow () returned 0x10080 [0272.350] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0272.350] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0272.350] CoTaskMemFree (pv=0x1c089be0) [0272.352] GetForegroundWindow () returned 0x100d4 [0272.352] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0272.352] EnumProcesses (in: lpidProcess=0x28602a0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x28602a0, lpcbNeeded=0x1be8f450) returned 1 [0272.353] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127a0b08, ResultLength=0x1be8f3f0*=0xfdc8) returned 0x0 [0272.354] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0272.354] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0272.354] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0272.354] CoTaskMemFree (pv=0x1c0893a0) [0272.475] GetForegroundWindow () returned 0x10080 [0272.475] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0272.475] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0272.475] CoTaskMemFree (pv=0x1c08aa50) [0272.476] GetForegroundWindow () returned 0x10080 [0272.476] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0272.476] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0272.477] CoTaskMemFree (pv=0x1c08aa50) [0272.602] GetForegroundWindow () returned 0x10080 [0272.602] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0272.602] EnumProcesses (in: lpidProcess=0x28bd450, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28bd450, lpcbNeeded=0x1be8f460) returned 1 [0272.603] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800fb8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12800fb8, ResultLength=0x1be8f400*=0xfdc8) returned 0x0 [0272.604] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0272.604] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0272.604] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0272.604] CoTaskMemFree (pv=0x1c089df0) [0272.605] GetForegroundWindow () returned 0x10080 [0272.605] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0272.605] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0272.606] CoTaskMemFree (pv=0x1c089be0) [0272.725] GetForegroundWindow () returned 0x100d4 [0272.725] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0272.725] EnumProcesses (in: lpidProcess=0x28dc9c8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28dc9c8, lpcbNeeded=0x1be8f460) returned 1 [0272.726] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820fe8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12820fe8, ResultLength=0x1be8f400*=0xfdc8) returned 0x0 [0272.727] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0272.727] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0272.727] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c088f80, nMaxCount=256 | out: lpString="FolderView") returned 10 [0272.727] CoTaskMemFree (pv=0x1c088f80) [0272.729] GetForegroundWindow () returned 0x10080 [0272.729] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0272.729] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0272.729] CoTaskMemFree (pv=0x1c08a210) [0272.852] GetForegroundWindow () returned 0x10080 [0272.852] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0272.852] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0272.852] CoTaskMemFree (pv=0x1c0899d0) [0272.854] GetForegroundWindow () returned 0x10080 [0272.854] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0272.854] EnumProcesses (in: lpidProcess=0x2939618, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2939618, lpcbNeeded=0x1be8f450) returned 1 [0272.855] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12881078, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12881078, ResultLength=0x1be8f3f0*=0xfe18) returned 0x0 [0272.856] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0272.856] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0272.856] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0272.856] CoTaskMemFree (pv=0x1c088f80) [0272.974] GetForegroundWindow () returned 0x10080 [0272.974] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0272.975] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0272.975] CoTaskMemFree (pv=0x1c08aa50) [0272.979] GetForegroundWindow () returned 0x100d4 [0272.979] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0272.979] EnumProcesses (in: lpidProcess=0x2958ba8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2958ba8, lpcbNeeded=0x1be8f450) returned 1 [0272.980] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a10a8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x128a10a8, ResultLength=0x1be8f3f0*=0xfe18) returned 0x0 [0272.980] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0272.980] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0272.981] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089be0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0272.981] CoTaskMemFree (pv=0x1c089be0) [0273.100] GetForegroundWindow () returned 0x10080 [0273.100] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0273.100] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0273.100] CoTaskMemFree (pv=0x1c08a420) [0273.101] GetForegroundWindow () returned 0x10080 [0273.102] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0273.102] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0273.102] CoTaskMemFree (pv=0x1c0899d0) [0273.240] GetForegroundWindow () returned 0x10080 [0273.240] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0273.240] EnumProcesses (in: lpidProcess=0x27c8fe0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27c8fe0, lpcbNeeded=0x1be8f460) returned 1 [0273.242] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x129bd8f0, ResultLength=0x1be8f400*=0xfe68) returned 0x0 [0273.245] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0273.245] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0273.245] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0273.246] CoTaskMemFree (pv=0x1c08ac60) [0273.247] GetForegroundWindow () returned 0x10080 [0273.247] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0273.247] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0273.248] CoTaskMemFree (pv=0x1c089df0) [0273.334] GetLastInputInfo (in: plii=0x1be8f580 | out: plii=0x1be8f580*(cbSize=0x8, dwTime=0x1e133)) returned 1 [0273.475] GetForegroundWindow () returned 0x100d4 [0273.475] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0273.475] EnumProcesses (in: lpidProcess=0x2807e38, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2807e38, lpcbNeeded=0x1be8f460) returned 1 [0273.477] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x129fd950, ResultLength=0x1be8f400*=0xfe18) returned 0x0 [0273.480] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0273.480] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0273.480] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089be0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0273.480] CoTaskMemFree (pv=0x1c089be0) [0273.481] GetForegroundWindow () returned 0x10080 [0273.481] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0273.481] EnumProcesses (in: lpidProcess=0x2826bc8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2826bc8, lpcbNeeded=0x1be8f450) returned 1 [0273.483] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12a1d980, ResultLength=0x1be8f3f0*=0xfe18) returned 0x0 [0273.486] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0273.486] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0273.486] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0273.486] CoTaskMemFree (pv=0x1c088f80) [0273.615] GetForegroundWindow () returned 0x10080 [0273.615] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0273.615] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0273.615] CoTaskMemFree (pv=0x1c089df0) [0273.616] GetForegroundWindow () returned 0x10080 [0273.617] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0273.617] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0273.617] CoTaskMemFree (pv=0x1c08aa50) [0273.740] GetForegroundWindow () returned 0x10080 [0273.740] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0273.740] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0273.740] CoTaskMemFree (pv=0x1c08a000) [0273.742] GetForegroundWindow () returned 0x100d4 [0273.742] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0273.742] EnumProcesses (in: lpidProcess=0x2865760, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2865760, lpcbNeeded=0x1be8f450) returned 1 [0273.744] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1be8f3f0*=0xfe18) returned 0x0 [0273.747] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0273.747] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0273.747] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a630, nMaxCount=256 | out: lpString="FolderView") returned 10 [0273.747] CoTaskMemFree (pv=0x1c08a630) [0273.896] GetForegroundWindow () returned 0x10080 [0273.896] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0273.897] EnumProcesses (in: lpidProcess=0x27c41e0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27c41e0, lpcbNeeded=0x1be8f460) returned 1 [0273.897] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12700a18, ResultLength=0x1be8f400*=0xfe18) returned 0x0 [0273.898] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0273.898] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0273.898] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0273.899] CoTaskMemFree (pv=0x1c08aa50) [0273.900] GetForegroundWindow () returned 0x10080 [0273.900] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0273.900] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0273.900] CoTaskMemFree (pv=0x1c0893a0) [0274.021] GetForegroundWindow () returned 0x10080 [0274.021] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0274.021] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0274.022] CoTaskMemFree (pv=0x1c089df0) [0274.023] GetForegroundWindow () returned 0x10080 [0274.023] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0274.023] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0274.023] CoTaskMemFree (pv=0x1c08a210) [0274.153] GetForegroundWindow () returned 0x100d4 [0274.153] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0274.153] EnumProcesses (in: lpidProcess=0x28034d0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28034d0, lpcbNeeded=0x1be8f460) returned 1 [0274.154] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12740a78, ResultLength=0x1be8f400*=0xfe18) returned 0x0 [0274.155] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0274.156] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0274.156] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0274.156] CoTaskMemFree (pv=0x1c0899d0) [0274.157] GetForegroundWindow () returned 0x10080 [0274.157] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0274.157] EnumProcesses (in: lpidProcess=0x2822260, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2822260, lpcbNeeded=0x1be8f450) returned 1 [0274.158] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12760aa8, ResultLength=0x1be8f3f0*=0xfe18) returned 0x0 [0274.159] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0274.159] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0274.159] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0274.159] CoTaskMemFree (pv=0x1c0899d0) [0274.290] GetForegroundWindow () returned 0x10080 [0274.290] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0274.290] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0274.290] CoTaskMemFree (pv=0x1c08a630) [0274.292] GetForegroundWindow () returned 0x10080 [0274.292] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0274.292] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0274.292] CoTaskMemFree (pv=0x1c0895b0) [0274.412] GetForegroundWindow () returned 0x10080 [0274.412] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0274.412] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0274.412] CoTaskMemFree (pv=0x1c08aa50) [0274.414] GetForegroundWindow () returned 0x100d4 [0274.414] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0274.414] EnumProcesses (in: lpidProcess=0x28613f8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x28613f8, lpcbNeeded=0x1be8f450) returned 1 [0274.415] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127a0b08, ResultLength=0x1be8f3f0*=0xfe18) returned 0x0 [0274.416] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0274.416] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0274.416] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="FolderView") returned 10 [0274.416] CoTaskMemFree (pv=0x1c08ac60) [0274.540] GetForegroundWindow () returned 0x10080 [0274.540] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0274.540] EnumProcesses (in: lpidProcess=0x28bdc98, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28bdc98, lpcbNeeded=0x1be8f460) returned 1 [0274.541] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800fb8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12800fb8, ResultLength=0x1be8f400*=0xfe18) returned 0x0 [0274.542] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0274.542] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0274.542] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0274.542] CoTaskMemFree (pv=0x1c089190) [0274.543] GetForegroundWindow () returned 0x10080 [0274.543] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0274.543] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0274.544] CoTaskMemFree (pv=0x1c0897c0) [0274.662] GetForegroundWindow () returned 0x10080 [0274.662] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0274.662] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0274.662] CoTaskMemFree (pv=0x1c08a420) [0274.663] GetForegroundWindow () returned 0x10080 [0274.663] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0274.663] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0274.664] CoTaskMemFree (pv=0x1c08aa50) [0274.724] GetForegroundWindow () returned 0x100d4 [0274.724] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0274.725] EnumProcesses (in: lpidProcess=0x28dd800, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28dd800, lpcbNeeded=0x1be8f460) returned 1 [0274.726] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820fe8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12820fe8, ResultLength=0x1be8f400*=0xfe18) returned 0x0 [0274.726] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0274.726] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0274.726] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a840, nMaxCount=256 | out: lpString="FolderView") returned 10 [0274.727] CoTaskMemFree (pv=0x1c08a840) [0274.728] GetForegroundWindow () returned 0x10080 [0274.728] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0274.728] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0274.728] CoTaskMemFree (pv=0x1c08aa50) [0274.850] GetForegroundWindow () returned 0x10080 [0274.850] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0274.850] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0274.850] CoTaskMemFree (pv=0x1c08aa50) [0274.851] GetForegroundWindow () returned 0x10080 [0274.851] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0274.852] EnumProcesses (in: lpidProcess=0x293a600, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x293a600, lpcbNeeded=0x1be8f450) returned 1 [0274.852] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12881078, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12881078, ResultLength=0x1be8f3f0*=0xfe18) returned 0x0 [0274.853] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0274.853] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0274.853] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0274.854] CoTaskMemFree (pv=0x1c08a840) [0274.974] GetForegroundWindow () returned 0x10080 [0274.975] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0274.975] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0274.975] CoTaskMemFree (pv=0x1c089df0) [0274.976] GetForegroundWindow () returned 0x100d4 [0274.976] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0274.976] EnumProcesses (in: lpidProcess=0x2959b90, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2959b90, lpcbNeeded=0x1be8f450) returned 1 [0274.977] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a10a8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x128a10a8, ResultLength=0x1be8f3f0*=0xfe18) returned 0x0 [0274.978] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0274.978] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0274.978] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0274.978] CoTaskMemFree (pv=0x1c0893a0) [0275.137] GetForegroundWindow () returned 0x10080 [0275.138] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0275.138] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0275.138] CoTaskMemFree (pv=0x1c089df0) [0275.139] GetForegroundWindow () returned 0x10080 [0275.139] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0275.139] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0275.139] CoTaskMemFree (pv=0x1c0893a0) [0275.288] GetForegroundWindow () returned 0x10080 [0275.288] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0275.288] EnumProcesses (in: lpidProcess=0x27c8208, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27c8208, lpcbNeeded=0x1be8f460) returned 1 [0275.292] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x129bd8f0, ResultLength=0x1be8f400*=0xf328) returned 0x0 [0275.296] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0275.296] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0275.296] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0275.296] CoTaskMemFree (pv=0x1c08a840) [0275.299] GetForegroundWindow () returned 0x10080 [0275.299] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0275.300] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0275.300] CoTaskMemFree (pv=0x1c08a840) [0275.425] GetForegroundWindow () returned 0x100d4 [0275.425] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0275.425] EnumProcesses (in: lpidProcess=0x27e6c20, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27e6c20, lpcbNeeded=0x1be8f460) returned 1 [0275.427] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x129dd920, ResultLength=0x1be8f400*=0xf328) returned 0x0 [0275.435] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0275.436] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0275.436] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0275.436] CoTaskMemFree (pv=0x1c0893a0) [0275.437] GetForegroundWindow () returned 0x10080 [0275.437] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0275.437] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0275.437] CoTaskMemFree (pv=0x1c08a210) [0275.582] GetForegroundWindow () returned 0x10080 [0275.582] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0275.582] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0275.582] CoTaskMemFree (pv=0x1c08aa50) [0275.583] GetForegroundWindow () returned 0x10080 [0275.583] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0275.584] EnumProcesses (in: lpidProcess=0x283f8b0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x283f8b0, lpcbNeeded=0x1be8f450) returned 1 [0275.585] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1be8f3f0*=0xf328) returned 0x0 [0275.588] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0275.588] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0275.588] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0275.588] CoTaskMemFree (pv=0x1c089be0) [0275.708] GetForegroundWindow () returned 0x10080 [0275.708] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0275.708] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0275.708] CoTaskMemFree (pv=0x1c08aa50) [0275.709] GetForegroundWindow () returned 0x100d4 [0275.709] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0275.709] EnumProcesses (in: lpidProcess=0x285d8e8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x285d8e8, lpcbNeeded=0x1be8f450) returned 1 [0275.711] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1be8f3f0*=0xf328) returned 0x0 [0275.714] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0275.714] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0275.714] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0275.714] CoTaskMemFree (pv=0x1c0897c0) [0275.832] GetForegroundWindow () returned 0x10080 [0275.832] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0275.832] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0275.832] CoTaskMemFree (pv=0x1c08a420) [0275.833] GetForegroundWindow () returned 0x10080 [0275.833] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0275.833] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0275.834] CoTaskMemFree (pv=0x1c0897c0) [0275.972] GetForegroundWindow () returned 0x10080 [0275.973] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0275.973] EnumProcesses (in: lpidProcess=0x27c2eb0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27c2eb0, lpcbNeeded=0x1be8f460) returned 1 [0275.974] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12700a18, ResultLength=0x1be8f400*=0xf328) returned 0x0 [0275.975] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0275.975] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0275.975] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0275.975] CoTaskMemFree (pv=0x1c08a210) [0275.976] GetForegroundWindow () returned 0x10080 [0275.976] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0275.976] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0275.977] CoTaskMemFree (pv=0x1c0893a0) [0276.097] GetForegroundWindow () returned 0x100d4 [0276.098] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0276.098] EnumProcesses (in: lpidProcess=0x27e16b8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27e16b8, lpcbNeeded=0x1be8f460) returned 1 [0276.099] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12720a48, ResultLength=0x1be8f400*=0xf328) returned 0x0 [0276.099] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0276.100] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0276.100] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a210, nMaxCount=256 | out: lpString="FolderView") returned 10 [0276.100] CoTaskMemFree (pv=0x1c08a210) [0276.101] GetForegroundWindow () returned 0x10080 [0276.101] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0276.101] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0276.101] CoTaskMemFree (pv=0x1c08a630) [0276.225] GetForegroundWindow () returned 0x10080 [0276.225] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0276.225] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0276.225] CoTaskMemFree (pv=0x1c08a630) [0276.226] GetForegroundWindow () returned 0x10080 [0276.226] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0276.227] EnumProcesses (in: lpidProcess=0x283a348, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x283a348, lpcbNeeded=0x1be8f450) returned 1 [0276.227] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12780ad8, ResultLength=0x1be8f3f0*=0xf328) returned 0x0 [0276.228] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0276.228] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0276.228] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0276.228] CoTaskMemFree (pv=0x1c08a420) [0276.363] GetForegroundWindow () returned 0x10080 [0276.363] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0276.363] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0276.363] CoTaskMemFree (pv=0x1c08a000) [0276.365] GetForegroundWindow () returned 0x100d4 [0276.365] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0276.365] EnumProcesses (in: lpidProcess=0x2858308, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2858308, lpcbNeeded=0x1be8f450) returned 1 [0276.366] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127a0b08, ResultLength=0x1be8f3f0*=0xf328) returned 0x0 [0276.367] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0276.367] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0276.367] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="FolderView") returned 10 [0276.367] CoTaskMemFree (pv=0x1c08ac60) [0276.497] GetForegroundWindow () returned 0x10080 [0276.497] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0276.497] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0276.498] CoTaskMemFree (pv=0x1c08a420) [0276.499] GetForegroundWindow () returned 0x10080 [0276.499] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0276.499] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0276.499] CoTaskMemFree (pv=0x1c089df0) [0276.633] GetForegroundWindow () returned 0x10080 [0276.634] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0276.634] EnumProcesses (in: lpidProcess=0x28b14f8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28b14f8, lpcbNeeded=0x1be8f460) returned 1 [0276.635] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800fb8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12800fb8, ResultLength=0x1be8f400*=0xf378) returned 0x0 [0276.636] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0276.636] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0276.636] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0276.636] CoTaskMemFree (pv=0x1c08aa50) [0276.637] GetForegroundWindow () returned 0x10080 [0276.637] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0276.638] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0276.638] CoTaskMemFree (pv=0x1c08a000) [0276.874] GetForegroundWindow () returned 0x100d4 [0276.874] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0276.875] EnumProcesses (in: lpidProcess=0x28cf710, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28cf710, lpcbNeeded=0x1be8f460) returned 1 [0276.875] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820fe8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12820fe8, ResultLength=0x1be8f400*=0xf2d8) returned 0x0 [0276.876] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0276.876] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0276.876] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0276.877] CoTaskMemFree (pv=0x1c0893a0) [0276.878] GetForegroundWindow () returned 0x10080 [0276.878] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0276.878] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0276.878] CoTaskMemFree (pv=0x1c08a000) [0277.006] GetForegroundWindow () returned 0x10080 [0277.007] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0277.007] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0277.007] CoTaskMemFree (pv=0x1c089190) [0277.008] GetForegroundWindow () returned 0x10080 [0277.008] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0277.008] EnumProcesses (in: lpidProcess=0x29281f0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x29281f0, lpcbNeeded=0x1be8f450) returned 1 [0277.009] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12881078, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12881078, ResultLength=0x1be8f3f0*=0xf2d8) returned 0x0 [0277.010] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0277.010] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0277.010] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0277.010] CoTaskMemFree (pv=0x1c08a210) [0277.132] GetForegroundWindow () returned 0x10080 [0277.132] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0277.132] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0277.132] CoTaskMemFree (pv=0x1c08a630) [0277.133] GetForegroundWindow () returned 0x100d4 [0277.133] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0277.134] EnumProcesses (in: lpidProcess=0x2946120, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2946120, lpcbNeeded=0x1be8f450) returned 1 [0277.134] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a10a8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x128a10a8, ResultLength=0x1be8f3f0*=0xf2d8) returned 0x0 [0277.135] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0277.135] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0277.135] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c088f80, nMaxCount=256 | out: lpString="FolderView") returned 10 [0277.136] CoTaskMemFree (pv=0x1c088f80) [0277.272] GetForegroundWindow () returned 0x10080 [0277.272] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0277.272] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0277.273] CoTaskMemFree (pv=0x1c08a210) [0277.274] GetForegroundWindow () returned 0x10080 [0277.274] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0277.274] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0277.274] CoTaskMemFree (pv=0x1c089df0) [0277.382] GetLastInputInfo (in: plii=0x1be8f580 | out: plii=0x1be8f580*(cbSize=0x8, dwTime=0x1e133)) returned 1 [0277.475] GetForegroundWindow () returned 0x10080 [0277.475] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0277.476] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0277.476] CoTaskMemFree (pv=0x1c0895b0) [0277.477] GetForegroundWindow () returned 0x10080 [0277.477] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0277.477] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0277.477] CoTaskMemFree (pv=0x1c0893a0) [0277.611] GetForegroundWindow () returned 0x100d4 [0277.611] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0277.612] EnumProcesses (in: lpidProcess=0x27ec248, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27ec248, lpcbNeeded=0x1be8f460) returned 1 [0277.613] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x129fd950, ResultLength=0x1be8f400*=0xf288) returned 0x0 [0277.617] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0277.617] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0277.617] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089be0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0277.617] CoTaskMemFree (pv=0x1c089be0) [0277.618] GetForegroundWindow () returned 0x10080 [0277.618] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0277.618] EnumProcesses (in: lpidProcess=0x28098e8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x28098e8, lpcbNeeded=0x1be8f450) returned 1 [0277.620] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12a1d980, ResultLength=0x1be8f3f0*=0xf288) returned 0x0 [0277.623] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0277.623] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0277.623] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0277.624] CoTaskMemFree (pv=0x1c08a630) [0277.742] GetForegroundWindow () returned 0x10080 [0277.742] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0277.742] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0277.742] CoTaskMemFree (pv=0x1c08a630) [0277.743] GetForegroundWindow () returned 0x10080 [0277.744] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0277.744] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0277.744] CoTaskMemFree (pv=0x1c08a420) [0277.866] GetForegroundWindow () returned 0x10080 [0277.866] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0277.866] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0277.866] CoTaskMemFree (pv=0x1c08a210) [0277.868] GetForegroundWindow () returned 0x100d4 [0277.868] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0277.868] EnumProcesses (in: lpidProcess=0x28456a0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x28456a0, lpcbNeeded=0x1be8f450) returned 1 [0277.870] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1be8f3f0*=0xf2d8) returned 0x0 [0277.873] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0277.873] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0277.873] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0277.873] CoTaskMemFree (pv=0x1c0897c0) [0278.101] GetForegroundWindow () returned 0x10080 [0278.101] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0278.101] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0278.102] CoTaskMemFree (pv=0x1c08aa50) [0278.103] GetForegroundWindow () returned 0x10080 [0278.103] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0278.103] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0278.103] CoTaskMemFree (pv=0x1c08a420) [0278.242] GetForegroundWindow () returned 0x10080 [0278.242] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0278.242] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0278.242] CoTaskMemFree (pv=0x1c08a210) [0278.243] GetForegroundWindow () returned 0x10080 [0278.243] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0278.243] EnumProcesses (in: lpidProcess=0x27fe148, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27fe148, lpcbNeeded=0x1be8f450) returned 1 [0278.244] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12740a78, ResultLength=0x1be8f3f0*=0xf2d8) returned 0x0 [0278.245] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0278.245] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0278.245] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0278.245] CoTaskMemFree (pv=0x1c08aa50) [0278.366] GetForegroundWindow () returned 0x100d4 [0278.366] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0278.366] EnumProcesses (in: lpidProcess=0x281bdc8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x281bdc8, lpcbNeeded=0x1be8f460) returned 1 [0278.367] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12760aa8, ResultLength=0x1be8f400*=0xf2d8) returned 0x0 [0278.367] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0278.367] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0278.368] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0278.368] CoTaskMemFree (pv=0x1c0897c0) [0278.369] GetForegroundWindow () returned 0x10080 [0278.369] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0278.369] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0278.369] CoTaskMemFree (pv=0x1c089190) [0278.491] GetForegroundWindow () returned 0x10080 [0278.491] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0278.491] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0278.491] CoTaskMemFree (pv=0x1c0897c0) [0278.493] GetForegroundWindow () returned 0x10080 [0278.493] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0278.493] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0278.493] CoTaskMemFree (pv=0x1c089be0) [0278.711] GetForegroundWindow () returned 0x10080 [0278.712] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0278.712] EnumProcesses (in: lpidProcess=0x28750b8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28750b8, lpcbNeeded=0x1be8f460) returned 1 [0278.713] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x127c0b38, ResultLength=0x1be8f400*=0xf2d8) returned 0x0 [0278.713] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0278.714] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0278.714] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0278.714] CoTaskMemFree (pv=0x1c08a840) [0278.715] GetForegroundWindow () returned 0x100d4 [0278.715] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0278.715] EnumProcesses (in: lpidProcess=0x28927d8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x28927d8, lpcbNeeded=0x1be8f450) returned 1 [0278.716] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127e0b68, ResultLength=0x1be8f3f0*=0xf2d8) returned 0x0 [0278.717] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0278.717] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0278.717] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0278.717] CoTaskMemFree (pv=0x1c0893a0) [0278.916] GetForegroundWindow () returned 0x10080 [0278.917] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0278.917] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0278.917] CoTaskMemFree (pv=0x1c08a000) [0278.918] GetForegroundWindow () returned 0x10080 [0278.918] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0278.918] EnumProcesses (in: lpidProcess=0x28eb5e0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x28eb5e0, lpcbNeeded=0x1be8f450) returned 1 [0278.919] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12841018, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12841018, ResultLength=0x1be8f3f0*=0xf2d8) returned 0x0 [0278.920] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0278.920] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0278.920] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0278.920] CoTaskMemFree (pv=0x1c08ac60) [0279.038] GetForegroundWindow () returned 0x10080 [0279.038] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0279.038] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0279.038] CoTaskMemFree (pv=0x1c08a630) [0279.039] GetForegroundWindow () returned 0x10080 [0279.039] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0279.039] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0279.039] CoTaskMemFree (pv=0x1c089df0) [0279.163] GetForegroundWindow () returned 0x100d4 [0279.163] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0279.163] EnumProcesses (in: lpidProcess=0x2909d20, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2909d20, lpcbNeeded=0x1be8f460) returned 1 [0279.164] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12861048, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12861048, ResultLength=0x1be8f400*=0xf2d8) returned 0x0 [0279.165] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0279.165] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0279.165] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089be0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0279.165] CoTaskMemFree (pv=0x1c089be0) [0279.167] GetForegroundWindow () returned 0x10080 [0279.167] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0279.167] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0279.167] CoTaskMemFree (pv=0x1c08a000) [0279.288] GetForegroundWindow () returned 0x10080 [0279.288] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0279.288] EnumProcesses (in: lpidProcess=0x2927c70, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2927c70, lpcbNeeded=0x1be8f460) returned 1 [0279.289] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12881078, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12881078, ResultLength=0x1be8f400*=0xf2d8) returned 0x0 [0279.290] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0279.290] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0279.290] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0279.290] CoTaskMemFree (pv=0x1c08a210) [0279.291] GetForegroundWindow () returned 0x10080 [0279.291] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0279.291] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0279.291] CoTaskMemFree (pv=0x1c0893a0) [0279.416] GetForegroundWindow () returned 0x10080 [0279.416] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0279.416] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0279.416] CoTaskMemFree (pv=0x1c08a630) [0279.417] GetLastInputInfo (in: plii=0x1be8f580 | out: plii=0x1be8f580*(cbSize=0x8, dwTime=0x1e133)) returned 1 [0279.418] GetForegroundWindow () returned 0x100d4 [0279.418] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0279.418] EnumProcesses (in: lpidProcess=0x2945e98, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2945e98, lpcbNeeded=0x1be8f450) returned 1 [0279.419] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a10a8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x128a10a8, ResultLength=0x1be8f3f0*=0xf2d8) returned 0x0 [0279.420] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0279.420] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0279.420] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a210, nMaxCount=256 | out: lpString="FolderView") returned 10 [0279.420] CoTaskMemFree (pv=0x1c08a210) [0279.538] GetForegroundWindow () returned 0x10080 [0279.538] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0279.538] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0279.538] CoTaskMemFree (pv=0x1c089be0) [0279.539] GetForegroundWindow () returned 0x10080 [0279.539] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0279.540] EnumProcesses (in: lpidProcess=0x2963de8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2963de8, lpcbNeeded=0x1be8f450) returned 1 [0279.540] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c10d8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x128c10d8, ResultLength=0x1be8f3f0*=0xf2d8) returned 0x0 [0279.541] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0279.541] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0279.541] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0279.541] CoTaskMemFree (pv=0x1c088f80) [0279.663] GetForegroundWindow () returned 0x10080 [0279.663] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0279.663] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0279.663] CoTaskMemFree (pv=0x1c08a210) [0279.664] GetForegroundWindow () returned 0x10080 [0279.664] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0279.664] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0279.664] CoTaskMemFree (pv=0x1c08ac60) [0279.806] GetForegroundWindow () returned 0x100d4 [0279.806] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0279.806] EnumProcesses (in: lpidProcess=0x2982528, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2982528, lpcbNeeded=0x1be8f460) returned 1 [0279.808] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x1299d8c0, ResultLength=0x1be8f400*=0xf2d8) returned 0x0 [0279.809] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0279.809] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0279.809] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089df0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0279.809] CoTaskMemFree (pv=0x1c089df0) [0279.810] GetForegroundWindow () returned 0x10080 [0279.810] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0279.810] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0279.811] CoTaskMemFree (pv=0x1c0897c0) [0279.866] GetForegroundWindow () returned 0x10080 [0279.866] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0279.866] EnumProcesses (in: lpidProcess=0x299ff80, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x299ff80, lpcbNeeded=0x1be8f460) returned 1 [0279.871] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x129bd8f0, ResultLength=0x1be8f400*=0xf378) returned 0x0 [0279.882] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0279.882] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0279.882] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0279.882] CoTaskMemFree (pv=0x1c08a210) [0279.883] GetForegroundWindow () returned 0x10080 [0279.883] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0279.883] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0279.884] CoTaskMemFree (pv=0x1c0899d0) [0280.007] GetForegroundWindow () returned 0x10080 [0280.007] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0280.007] EnumProcesses (in: lpidProcess=0x27ec390, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27ec390, lpcbNeeded=0x1be8f460) returned 1 [0280.009] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x129fd950, ResultLength=0x1be8f400*=0xf378) returned 0x0 [0280.011] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0280.011] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0280.012] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0280.012] CoTaskMemFree (pv=0x1c089190) [0280.013] GetForegroundWindow () returned 0x100d4 [0280.013] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0280.013] EnumProcesses (in: lpidProcess=0x2809bd0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2809bd0, lpcbNeeded=0x1be8f450) returned 1 [0280.015] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12a1d980, ResultLength=0x1be8f3f0*=0xf378) returned 0x0 [0280.018] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0280.018] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0280.018] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089be0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0280.018] CoTaskMemFree (pv=0x1c089be0) [0280.147] GetForegroundWindow () returned 0x10080 [0280.147] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0280.147] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0280.148] CoTaskMemFree (pv=0x1c08a840) [0280.149] GetForegroundWindow () returned 0x10080 [0280.149] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0280.149] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0280.149] CoTaskMemFree (pv=0x1c0893a0) [0280.319] GetForegroundWindow () returned 0x10080 [0280.319] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0280.319] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0280.319] CoTaskMemFree (pv=0x1c088f80) [0280.321] GetForegroundWindow () returned 0x10080 [0280.321] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0280.321] EnumProcesses (in: lpidProcess=0x2863220, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2863220, lpcbNeeded=0x1be8f450) returned 1 [0280.322] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7da10, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12a7da10, ResultLength=0x1be8f3f0*=0xf378) returned 0x0 [0280.327] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0280.327] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0280.327] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0280.327] CoTaskMemFree (pv=0x1c08a630) [0280.447] GetForegroundWindow () returned 0x100d4 [0280.447] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0280.447] EnumProcesses (in: lpidProcess=0x2881238, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2881238, lpcbNeeded=0x1be8f460) returned 1 [0280.467] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x126b6e90, ResultLength=0x1be8f400*=0xf378) returned 0x0 [0280.468] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0280.468] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0280.468] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a210, nMaxCount=256 | out: lpString="FolderView") returned 10 [0280.468] CoTaskMemFree (pv=0x1c08a210) [0280.469] GetForegroundWindow () returned 0x10080 [0280.469] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0280.470] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0280.470] CoTaskMemFree (pv=0x1c088f80) [0280.590] GetForegroundWindow () returned 0x10080 [0280.590] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0280.590] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0280.591] CoTaskMemFree (pv=0x1c08a210) [0280.592] GetForegroundWindow () returned 0x10080 [0280.592] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0280.592] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0280.592] CoTaskMemFree (pv=0x1c0893a0) [0280.713] GetForegroundWindow () returned 0x10080 [0280.713] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0280.713] EnumProcesses (in: lpidProcess=0x27fe4c8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27fe4c8, lpcbNeeded=0x1be8f460) returned 1 [0280.714] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12740a78, ResultLength=0x1be8f400*=0xf378) returned 0x0 [0280.715] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0280.715] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0280.715] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0280.716] CoTaskMemFree (pv=0x1c08aa50) [0280.717] GetForegroundWindow () returned 0x100d4 [0280.717] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0280.717] EnumProcesses (in: lpidProcess=0x281bd08, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x281bd08, lpcbNeeded=0x1be8f450) returned 1 [0280.718] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12760aa8, ResultLength=0x1be8f3f0*=0xf378) returned 0x0 [0280.719] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0280.719] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0280.719] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a840, nMaxCount=256 | out: lpString="FolderView") returned 10 [0280.719] CoTaskMemFree (pv=0x1c08a840) [0280.839] GetForegroundWindow () returned 0x10080 [0280.839] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0280.839] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0280.840] CoTaskMemFree (pv=0x1c089190) [0280.840] GetForegroundWindow () returned 0x10080 [0280.840] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0280.841] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0280.841] CoTaskMemFree (pv=0x1c08aa50) [0280.961] GetForegroundWindow () returned 0x10080 [0280.964] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0280.964] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0280.964] CoTaskMemFree (pv=0x1c0895b0) [0280.965] GetForegroundWindow () returned 0x10080 [0280.965] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0280.965] EnumProcesses (in: lpidProcess=0x2874fe0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2874fe0, lpcbNeeded=0x1be8f450) returned 1 [0280.966] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127c0b38, ResultLength=0x1be8f3f0*=0xf198) returned 0x0 [0280.967] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0280.967] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0280.967] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0280.967] CoTaskMemFree (pv=0x1c08a630) [0281.086] GetForegroundWindow () returned 0x100d4 [0281.086] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0281.086] EnumProcesses (in: lpidProcess=0x2892a20, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2892a20, lpcbNeeded=0x1be8f460) returned 1 [0281.087] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x127e0b68, ResultLength=0x1be8f400*=0xf198) returned 0x0 [0281.088] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0281.088] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0281.088] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0281.088] CoTaskMemFree (pv=0x1c08aa50) [0281.089] GetForegroundWindow () returned 0x10080 [0281.090] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0281.090] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0281.090] CoTaskMemFree (pv=0x1c08a210) [0281.268] GetForegroundWindow () returned 0x10080 [0281.268] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0281.268] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0281.269] CoTaskMemFree (pv=0x1c08a000) [0281.270] GetForegroundWindow () returned 0x10080 [0281.270] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0281.270] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0281.270] CoTaskMemFree (pv=0x1c08a840) [0281.430] GetForegroundWindow () returned 0x10080 [0281.430] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0281.430] EnumProcesses (in: lpidProcess=0x28eb650, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28eb650, lpcbNeeded=0x1be8f460) returned 1 [0281.431] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12841018, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12841018, ResultLength=0x1be8f400*=0xf198) returned 0x0 [0281.432] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0281.432] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0281.432] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0281.433] CoTaskMemFree (pv=0x1c08a420) [0281.434] GetLastInputInfo (in: plii=0x1be8f580 | out: plii=0x1be8f580*(cbSize=0x8, dwTime=0x209e9)) returned 1 [0281.435] GetForegroundWindow () returned 0x100d4 [0281.435] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0281.435] EnumProcesses (in: lpidProcess=0x2908b78, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2908b78, lpcbNeeded=0x1be8f450) returned 1 [0281.436] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12861048, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12861048, ResultLength=0x1be8f3f0*=0xf198) returned 0x0 [0281.437] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0281.437] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0281.437] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089be0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0281.437] CoTaskMemFree (pv=0x1c089be0) [0281.555] GetForegroundWindow () returned 0x10080 [0281.556] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0281.556] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0281.556] CoTaskMemFree (pv=0x1c08a630) [0281.557] GetForegroundWindow () returned 0x10080 [0281.557] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0281.557] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0281.557] CoTaskMemFree (pv=0x1c0895b0) [0281.679] GetForegroundWindow () returned 0x10080 [0281.679] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0281.680] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0281.680] CoTaskMemFree (pv=0x1c089df0) [0281.681] GetForegroundWindow () returned 0x10080 [0281.681] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0281.681] EnumProcesses (in: lpidProcess=0x29617a8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x29617a8, lpcbNeeded=0x1be8f450) returned 1 [0281.682] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c10d8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x128c10d8, ResultLength=0x1be8f3f0*=0xf198) returned 0x0 [0281.682] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0281.682] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0281.682] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0281.682] CoTaskMemFree (pv=0x1c0899d0) [0281.804] GetForegroundWindow () returned 0x100d4 [0281.804] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0281.805] EnumProcesses (in: lpidProcess=0x297f1e8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x297f1e8, lpcbNeeded=0x1be8f460) returned 1 [0281.805] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x1299d8c0, ResultLength=0x1be8f400*=0xf198) returned 0x0 [0281.806] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0281.807] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0281.807] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0281.808] CoTaskMemFree (pv=0x1c0899d0) [0281.809] GetForegroundWindow () returned 0x10080 [0281.809] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0281.809] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0281.809] CoTaskMemFree (pv=0x1c0895b0) [0281.867] GetForegroundWindow () returned 0x10080 [0281.867] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0281.867] EnumProcesses (in: lpidProcess=0x299cb50, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x299cb50, lpcbNeeded=0x1be8f460) returned 1 [0281.869] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x129bd8f0, ResultLength=0x1be8f400*=0xf198) returned 0x0 [0281.881] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0281.881] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0281.881] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0281.881] CoTaskMemFree (pv=0x1c088f80) [0281.883] GetForegroundWindow () returned 0x10080 [0281.883] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0281.883] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0281.883] CoTaskMemFree (pv=0x1c0899d0) [0282.008] GetForegroundWindow () returned 0x10080 [0282.008] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0282.008] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0282.008] CoTaskMemFree (pv=0x1c08a630) [0282.009] GetForegroundWindow () returned 0x100d4 [0282.009] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0282.009] EnumProcesses (in: lpidProcess=0x27cc258, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27cc258, lpcbNeeded=0x1be8f450) returned 1 [0282.011] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x129dd920, ResultLength=0x1be8f3f0*=0xf198) returned 0x0 [0282.013] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0282.013] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0282.013] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089df0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0282.014] CoTaskMemFree (pv=0x1c089df0) [0282.148] GetForegroundWindow () returned 0x10080 [0282.148] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0282.149] EnumProcesses (in: lpidProcess=0x2824960, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2824960, lpcbNeeded=0x1be8f460) returned 1 [0282.150] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1be8f400*=0xf198) returned 0x0 [0282.153] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0282.153] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0282.153] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0282.153] CoTaskMemFree (pv=0x1c0897c0) [0282.154] GetForegroundWindow () returned 0x10080 [0282.154] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0282.154] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0282.155] CoTaskMemFree (pv=0x1c0895b0) [0282.273] GetForegroundWindow () returned 0x10080 [0282.273] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0282.273] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0282.274] CoTaskMemFree (pv=0x1c0897c0) [0282.275] GetForegroundWindow () returned 0x10080 [0282.275] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0282.275] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0282.275] CoTaskMemFree (pv=0x1c08a210) [0282.416] GetForegroundWindow () returned 0x100d4 [0282.416] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0282.416] EnumProcesses (in: lpidProcess=0x28603f0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28603f0, lpcbNeeded=0x1be8f460) returned 1 [0282.418] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7da10, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12a7da10, ResultLength=0x1be8f400*=0xf058) returned 0x0 [0282.420] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0282.420] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0282.420] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0282.420] CoTaskMemFree (pv=0x1c08aa50) [0282.422] GetForegroundWindow () returned 0x10080 [0282.422] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0282.422] EnumProcesses (in: lpidProcess=0x287d280, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x287d280, lpcbNeeded=0x1be8f450) returned 1 [0282.434] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x126b6e90, ResultLength=0x1be8f3f0*=0xf058) returned 0x0 [0282.435] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0282.435] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0282.435] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0282.435] CoTaskMemFree (pv=0x1c08aa50) [0282.554] GetForegroundWindow () returned 0x10080 [0282.554] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0282.554] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0282.555] CoTaskMemFree (pv=0x1c089be0) [0282.556] GetForegroundWindow () returned 0x10080 [0282.556] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0282.556] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0282.556] CoTaskMemFree (pv=0x1c08ac60) [0282.680] GetForegroundWindow () returned 0x10080 [0282.680] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0282.680] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0282.680] CoTaskMemFree (pv=0x1c08aa50) [0282.681] GetForegroundWindow () returned 0x100d4 [0282.682] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0282.682] EnumProcesses (in: lpidProcess=0x27dfbf0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27dfbf0, lpcbNeeded=0x1be8f450) returned 1 [0282.683] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12720a48, ResultLength=0x1be8f3f0*=0xf058) returned 0x0 [0282.683] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0282.684] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0282.684] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089df0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0282.684] CoTaskMemFree (pv=0x1c089df0) [0282.805] GetForegroundWindow () returned 0x10080 [0282.805] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0282.805] EnumProcesses (in: lpidProcess=0x2836790, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2836790, lpcbNeeded=0x1be8f460) returned 1 [0282.806] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12780ad8, ResultLength=0x1be8f400*=0xf058) returned 0x0 [0282.806] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0282.806] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0282.806] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0282.807] CoTaskMemFree (pv=0x1c0895b0) [0282.808] GetForegroundWindow () returned 0x10080 [0282.808] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0282.808] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0282.808] CoTaskMemFree (pv=0x1c0897c0) [0282.930] GetForegroundWindow () returned 0x10080 [0282.930] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0282.930] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0282.930] CoTaskMemFree (pv=0x1c0893a0) [0282.931] GetForegroundWindow () returned 0x10080 [0282.931] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0282.931] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0282.932] CoTaskMemFree (pv=0x1c08a630) [0283.054] GetForegroundWindow () returned 0x100d4 [0283.055] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0283.055] EnumProcesses (in: lpidProcess=0x2871538, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2871538, lpcbNeeded=0x1be8f460) returned 1 [0283.056] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x127c0b38, ResultLength=0x1be8f400*=0xf058) returned 0x0 [0283.056] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0283.056] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0283.056] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a000, nMaxCount=256 | out: lpString="FolderView") returned 10 [0283.057] CoTaskMemFree (pv=0x1c08a000) [0283.058] GetForegroundWindow () returned 0x10080 [0283.058] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0283.058] EnumProcesses (in: lpidProcess=0x288e3c8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x288e3c8, lpcbNeeded=0x1be8f450) returned 1 [0283.059] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127e0b68, ResultLength=0x1be8f3f0*=0xf058) returned 0x0 [0283.059] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0283.059] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0283.059] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0283.059] CoTaskMemFree (pv=0x1c0899d0) [0283.180] GetForegroundWindow () returned 0x10080 [0283.180] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0283.180] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0283.180] CoTaskMemFree (pv=0x1c0895b0) [0283.181] GetForegroundWindow () returned 0x10080 [0283.181] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0283.181] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0283.182] CoTaskMemFree (pv=0x1c08a420) [0283.367] GetForegroundWindow () returned 0x10080 [0283.367] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0283.367] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0283.368] CoTaskMemFree (pv=0x1c08ac60) [0283.369] GetForegroundWindow () returned 0x100d4 [0283.369] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0283.369] EnumProcesses (in: lpidProcess=0x28c90e8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x28c90e8, lpcbNeeded=0x1be8f450) returned 1 [0283.371] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820fe8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12820fe8, ResultLength=0x1be8f3f0*=0xf058) returned 0x0 [0283.372] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0283.372] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0283.373] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0283.373] CoTaskMemFree (pv=0x1c0899d0) [0283.508] GetForegroundWindow () returned 0x10080 [0283.508] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0283.508] EnumProcesses (in: lpidProcess=0x291fcd0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x291fcd0, lpcbNeeded=0x1be8f460) returned 1 [0283.508] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12881078, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12881078, ResultLength=0x1be8f400*=0xf058) returned 0x0 [0283.509] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0283.509] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0283.509] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0283.509] CoTaskMemFree (pv=0x1c088f80) [0283.510] GetForegroundWindow () returned 0x10080 [0283.510] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0283.510] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0283.510] CoTaskMemFree (pv=0x1c0895b0) [0283.633] GetForegroundWindow () returned 0x10080 [0283.633] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0283.633] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0283.633] CoTaskMemFree (pv=0x1c08a000) [0283.634] GetForegroundWindow () returned 0x10080 [0283.634] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0283.634] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0283.635] CoTaskMemFree (pv=0x1c0897c0) [0283.758] GetForegroundWindow () returned 0x100d4 [0283.758] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0283.758] EnumProcesses (in: lpidProcess=0x295aa00, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x295aa00, lpcbNeeded=0x1be8f460) returned 1 [0283.759] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c10d8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x128c10d8, ResultLength=0x1be8f400*=0xf058) returned 0x0 [0283.760] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0283.760] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0283.760] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089190, nMaxCount=256 | out: lpString="FolderView") returned 10 [0283.760] CoTaskMemFree (pv=0x1c089190) [0283.762] GetForegroundWindow () returned 0x10080 [0283.762] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0283.762] EnumProcesses (in: lpidProcess=0x2977890, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2977890, lpcbNeeded=0x1be8f450) returned 1 [0283.763] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x1299d8c0, ResultLength=0x1be8f3f0*=0xf058) returned 0x0 [0283.763] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0283.763] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0283.764] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0283.764] CoTaskMemFree (pv=0x1c08ac60) [0283.899] GetForegroundWindow () returned 0x10080 [0283.899] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0283.899] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0283.900] CoTaskMemFree (pv=0x1c089190) [0283.900] GetForegroundWindow () returned 0x10080 [0283.900] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0283.900] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0283.901] CoTaskMemFree (pv=0x1c089190) [0284.023] GetForegroundWindow () returned 0x10080 [0284.023] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0284.023] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0284.023] CoTaskMemFree (pv=0x1c08ac60) [0284.024] GetForegroundWindow () returned 0x100d4 [0284.024] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0284.025] EnumProcesses (in: lpidProcess=0x27c6d20, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27c6d20, lpcbNeeded=0x1be8f450) returned 1 [0284.026] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x129dd920, ResultLength=0x1be8f3f0*=0xf058) returned 0x0 [0284.028] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0284.028] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0284.028] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0284.029] CoTaskMemFree (pv=0x1c0897c0) [0284.148] GetForegroundWindow () returned 0x10080 [0284.148] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0284.148] EnumProcesses (in: lpidProcess=0x281e088, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x281e088, lpcbNeeded=0x1be8f460) returned 1 [0284.150] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1be8f400*=0xf058) returned 0x0 [0284.152] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0284.152] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0284.152] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0284.153] CoTaskMemFree (pv=0x1c089be0) [0284.154] GetForegroundWindow () returned 0x10080 [0284.154] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0284.154] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0284.154] CoTaskMemFree (pv=0x1c08a840) [0284.343] GetForegroundWindow () returned 0x10080 [0284.343] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0284.343] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0284.343] CoTaskMemFree (pv=0x1c0899d0) [0284.345] GetForegroundWindow () returned 0x10080 [0284.345] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0284.345] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0284.345] CoTaskMemFree (pv=0x1c0899d0) [0284.462] GetForegroundWindow () returned 0x100d4 [0284.462] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0284.462] EnumProcesses (in: lpidProcess=0x2858db8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2858db8, lpcbNeeded=0x1be8f460) returned 1 [0284.464] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7da10, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12a7da10, ResultLength=0x1be8f400*=0xf058) returned 0x0 [0284.466] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0284.466] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0284.466] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089190, nMaxCount=256 | out: lpString="FolderView") returned 10 [0284.467] CoTaskMemFree (pv=0x1c089190) [0284.468] GetForegroundWindow () returned 0x10080 [0284.468] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0284.468] EnumProcesses (in: lpidProcess=0x2875c48, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2875c48, lpcbNeeded=0x1be8f450) returned 1 [0284.484] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x126b6e90, ResultLength=0x1be8f3f0*=0xf058) returned 0x0 [0284.485] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0284.485] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0284.485] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0284.486] CoTaskMemFree (pv=0x1c08a000) [0284.612] GetForegroundWindow () returned 0x10080 [0284.612] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0284.612] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0284.613] CoTaskMemFree (pv=0x1c08a000) [0284.614] GetForegroundWindow () returned 0x10080 [0284.614] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0284.614] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0284.614] CoTaskMemFree (pv=0x1c08aa50) [0284.742] GetForegroundWindow () returned 0x10080 [0284.742] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0284.742] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0284.742] CoTaskMemFree (pv=0x1c0893a0) [0284.744] GetForegroundWindow () returned 0x100d4 [0284.744] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0284.744] EnumProcesses (in: lpidProcess=0x27dfbd8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27dfbd8, lpcbNeeded=0x1be8f450) returned 1 [0284.745] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12720a48, ResultLength=0x1be8f3f0*=0xf058) returned 0x0 [0284.746] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0284.746] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0284.746] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089df0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0284.746] CoTaskMemFree (pv=0x1c089df0) [0284.867] GetForegroundWindow () returned 0x10080 [0284.867] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0284.867] EnumProcesses (in: lpidProcess=0x2836778, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2836778, lpcbNeeded=0x1be8f460) returned 1 [0284.868] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12780ad8, ResultLength=0x1be8f400*=0xf058) returned 0x0 [0284.868] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0284.869] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0284.869] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0284.869] CoTaskMemFree (pv=0x1c08aa50) [0284.870] GetForegroundWindow () returned 0x10080 [0284.870] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0284.870] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0284.870] CoTaskMemFree (pv=0x1c089df0) [0284.930] GetForegroundWindow () returned 0x10080 [0284.930] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0284.930] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0284.930] CoTaskMemFree (pv=0x1c0897c0) [0284.931] GetForegroundWindow () returned 0x10080 [0284.931] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0284.931] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0284.931] CoTaskMemFree (pv=0x1c08a000) [0285.055] GetForegroundWindow () returned 0x100d4 [0285.055] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0285.055] EnumProcesses (in: lpidProcess=0x28543e0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28543e0, lpcbNeeded=0x1be8f460) returned 1 [0285.056] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x127a0b08, ResultLength=0x1be8f400*=0xf058) returned 0x0 [0285.056] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0285.057] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0285.057] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a210, nMaxCount=256 | out: lpString="FolderView") returned 10 [0285.057] CoTaskMemFree (pv=0x1c08a210) [0285.058] GetForegroundWindow () returned 0x10080 [0285.058] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0285.058] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0285.058] CoTaskMemFree (pv=0x1c089be0) [0285.195] GetForegroundWindow () returned 0x10080 [0285.196] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0285.196] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0285.196] CoTaskMemFree (pv=0x1c08a000) [0285.197] GetForegroundWindow () returned 0x10080 [0285.197] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0285.198] EnumProcesses (in: lpidProcess=0x28ab4e0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x28ab4e0, lpcbNeeded=0x1be8f450) returned 1 [0285.201] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800fb8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12800fb8, ResultLength=0x1be8f3f0*=0xf058) returned 0x0 [0285.202] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0285.202] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0285.202] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0285.203] CoTaskMemFree (pv=0x1c089190) [0285.534] GetForegroundWindow () returned 0x10080 [0285.534] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0285.534] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0285.535] CoTaskMemFree (pv=0x1c08a420) [0285.536] GetForegroundWindow () returned 0x100d4 [0285.536] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0285.536] EnumProcesses (in: lpidProcess=0x28c8e30, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x28c8e30, lpcbNeeded=0x1be8f450) returned 1 [0285.537] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820fe8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12820fe8, ResultLength=0x1be8f3f0*=0xf058) returned 0x0 [0285.537] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0285.537] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0285.537] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c088f80, nMaxCount=256 | out: lpString="FolderView") returned 10 [0285.538] CoTaskMemFree (pv=0x1c088f80) [0285.691] GetForegroundWindow () returned 0x10080 [0285.691] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0285.691] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0285.691] CoTaskMemFree (pv=0x1c08a630) [0285.692] GetForegroundWindow () returned 0x10080 [0285.692] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0285.692] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0285.693] CoTaskMemFree (pv=0x1c089df0) [0285.816] GetForegroundWindow () returned 0x10080 [0285.816] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0285.816] EnumProcesses (in: lpidProcess=0x2920490, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2920490, lpcbNeeded=0x1be8f460) returned 1 [0285.817] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12881078, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12881078, ResultLength=0x1be8f400*=0xf058) returned 0x0 [0285.817] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0285.817] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0285.817] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0285.818] CoTaskMemFree (pv=0x1c089190) [0285.819] GetForegroundWindow () returned 0x10080 [0285.819] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0285.819] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0285.819] CoTaskMemFree (pv=0x1c0897c0) [0286.004] GetForegroundWindow () returned 0x100d4 [0286.004] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0286.004] EnumProcesses (in: lpidProcess=0x295acd8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x295acd8, lpcbNeeded=0x1be8f460) returned 1 [0286.005] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c10d8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x128c10d8, ResultLength=0x1be8f400*=0xf058) returned 0x0 [0286.005] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0286.006] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0286.006] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a840, nMaxCount=256 | out: lpString="FolderView") returned 10 [0286.006] CoTaskMemFree (pv=0x1c08a840) [0286.007] GetForegroundWindow () returned 0x10080 [0286.007] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0286.007] EnumProcesses (in: lpidProcess=0x2977b68, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2977b68, lpcbNeeded=0x1be8f450) returned 1 [0286.008] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x1299d8c0, ResultLength=0x1be8f3f0*=0xf058) returned 0x0 [0286.008] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0286.008] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0286.008] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0286.009] CoTaskMemFree (pv=0x1c08ac60) [0286.146] GetForegroundWindow () returned 0x10080 [0286.146] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0286.146] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0286.147] CoTaskMemFree (pv=0x1c08a840) [0286.148] GetForegroundWindow () returned 0x10080 [0286.148] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0286.148] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0286.148] CoTaskMemFree (pv=0x1c08a420) [0286.388] GetForegroundWindow () returned 0x10080 [0286.388] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0286.388] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0286.388] CoTaskMemFree (pv=0x1c0895b0) [0286.390] GetForegroundWindow () returned 0x100d4 [0286.390] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0286.391] EnumProcesses (in: lpidProcess=0x27c6f40, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27c6f40, lpcbNeeded=0x1be8f450) returned 1 [0286.393] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x129dd920, ResultLength=0x1be8f3f0*=0xf058) returned 0x0 [0286.407] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0286.407] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0286.407] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a210, nMaxCount=256 | out: lpString="FolderView") returned 10 [0286.408] CoTaskMemFree (pv=0x1c08a210) [0286.548] GetForegroundWindow () returned 0x10080 [0286.548] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0286.548] EnumProcesses (in: lpidProcess=0x281e2b0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x281e2b0, lpcbNeeded=0x1be8f460) returned 1 [0286.550] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1be8f400*=0xf058) returned 0x0 [0286.553] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0286.553] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0286.553] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0286.553] CoTaskMemFree (pv=0x1c08aa50) [0286.555] GetForegroundWindow () returned 0x10080 [0286.555] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0286.555] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0286.555] CoTaskMemFree (pv=0x1c0893a0) [0286.678] GetForegroundWindow () returned 0x10080 [0286.678] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0286.678] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0286.679] CoTaskMemFree (pv=0x1c08a000) [0286.680] GetForegroundWindow () returned 0x10080 [0286.680] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0286.680] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0286.680] CoTaskMemFree (pv=0x1c0893a0) [0286.803] GetForegroundWindow () returned 0x100d4 [0286.803] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0286.804] EnumProcesses (in: lpidProcess=0x2858fe0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2858fe0, lpcbNeeded=0x1be8f460) returned 1 [0286.805] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7da10, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12a7da10, ResultLength=0x1be8f400*=0xf058) returned 0x0 [0286.808] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0286.809] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0286.809] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a420, nMaxCount=256 | out: lpString="FolderView") returned 10 [0286.809] CoTaskMemFree (pv=0x1c08a420) [0286.810] GetForegroundWindow () returned 0x10080 [0286.811] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0286.811] EnumProcesses (in: lpidProcess=0x2875e70, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2875e70, lpcbNeeded=0x1be8f450) returned 1 [0286.828] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x126b6e90, ResultLength=0x1be8f3f0*=0xf058) returned 0x0 [0286.828] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0286.829] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0286.829] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0286.829] CoTaskMemFree (pv=0x1c089df0) [0286.945] WSASend (in: s=0x410, lpBuffers=0x1be8f2e0*=((len=0xc, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1be8f2d8, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1be8f2d8*=0xc, lpOverlapped=0x27ce1c8) returned 0 [0286.947] GetForegroundWindow () returned 0x10080 [0286.948] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0286.948] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0286.948] CoTaskMemFree (pv=0x1c08aa50) [0286.949] GetForegroundWindow () returned 0x10080 [0286.949] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0286.949] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0286.949] CoTaskMemFree (pv=0x1c089df0) [0287.069] GetForegroundWindow () returned 0x10080 [0287.069] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0287.069] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0287.070] CoTaskMemFree (pv=0x1c089df0) [0287.071] GetForegroundWindow () returned 0x100d4 [0287.071] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0287.071] EnumProcesses (in: lpidProcess=0x27dfda0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27dfda0, lpcbNeeded=0x1be8f450) returned 1 [0287.072] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12720a48, ResultLength=0x1be8f3f0*=0xf058) returned 0x0 [0287.073] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0287.073] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0287.073] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a210, nMaxCount=256 | out: lpString="FolderView") returned 10 [0287.073] CoTaskMemFree (pv=0x1c08a210) [0287.194] GetForegroundWindow () returned 0x10080 [0287.194] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0287.194] EnumProcesses (in: lpidProcess=0x2836940, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2836940, lpcbNeeded=0x1be8f460) returned 1 [0287.195] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12780ad8, ResultLength=0x1be8f400*=0xf058) returned 0x0 [0287.196] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0287.196] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0287.196] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0287.196] CoTaskMemFree (pv=0x1c089190) [0287.197] GetForegroundWindow () returned 0x10080 [0287.197] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0287.197] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0287.197] CoTaskMemFree (pv=0x1c08a630) [0287.416] GetForegroundWindow () returned 0x10080 [0287.416] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0287.416] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0287.417] CoTaskMemFree (pv=0x1c088f80) [0287.418] GetForegroundWindow () returned 0x10080 [0287.418] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0287.418] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0287.418] CoTaskMemFree (pv=0x1c0893a0) [0287.553] GetForegroundWindow () returned 0x100d4 [0287.553] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0287.554] EnumProcesses (in: lpidProcess=0x28716b8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28716b8, lpcbNeeded=0x1be8f460) returned 1 [0287.555] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x127c0b38, ResultLength=0x1be8f400*=0xf058) returned 0x0 [0287.556] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0287.556] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0287.556] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0287.556] CoTaskMemFree (pv=0x1c08aa50) [0287.557] GetForegroundWindow () returned 0x10080 [0287.557] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0287.557] EnumProcesses (in: lpidProcess=0x288e548, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x288e548, lpcbNeeded=0x1be8f450) returned 1 [0287.558] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127e0b68, ResultLength=0x1be8f3f0*=0xf058) returned 0x0 [0287.559] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0287.559] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0287.559] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0287.559] CoTaskMemFree (pv=0x1c0899d0) [0287.694] GetForegroundWindow () returned 0x10080 [0287.694] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0287.694] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0287.694] CoTaskMemFree (pv=0x1c089df0) [0287.695] GetForegroundWindow () returned 0x10080 [0287.695] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0287.695] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0287.695] CoTaskMemFree (pv=0x1c08ac60) [0287.819] GetForegroundWindow () returned 0x10080 [0287.819] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0287.819] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0287.819] CoTaskMemFree (pv=0x1c088f80) [0287.821] GetForegroundWindow () returned 0x100d4 [0287.821] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0287.821] EnumProcesses (in: lpidProcess=0x28c9268, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x28c9268, lpcbNeeded=0x1be8f450) returned 1 [0287.822] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820fe8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12820fe8, ResultLength=0x1be8f3f0*=0xf058) returned 0x0 [0287.823] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0287.823] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0287.823] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="FolderView") returned 10 [0287.823] CoTaskMemFree (pv=0x1c08ac60) [0287.945] GetForegroundWindow () returned 0x10080 [0287.945] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0287.945] EnumProcesses (in: lpidProcess=0x291fe80, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x291fe80, lpcbNeeded=0x1be8f460) returned 1 [0287.946] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12881078, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12881078, ResultLength=0x1be8f400*=0xf058) returned 0x0 [0287.947] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0287.947] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0287.947] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0287.947] CoTaskMemFree (pv=0x1c08a420) [0287.948] GetForegroundWindow () returned 0x10080 [0287.948] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0287.948] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0287.948] CoTaskMemFree (pv=0x1c089be0) [0288.069] GetForegroundWindow () returned 0x10080 [0288.069] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0288.069] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0288.069] CoTaskMemFree (pv=0x1c0899d0) [0288.070] GetForegroundWindow () returned 0x10080 [0288.070] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0288.070] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0288.071] CoTaskMemFree (pv=0x1c08aa50) [0288.194] GetForegroundWindow () returned 0x100d4 [0288.194] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0288.194] EnumProcesses (in: lpidProcess=0x295abb0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x295abb0, lpcbNeeded=0x1be8f460) returned 1 [0288.195] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c10d8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x128c10d8, ResultLength=0x1be8f400*=0xf058) returned 0x0 [0288.196] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0288.196] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0288.196] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0288.196] CoTaskMemFree (pv=0x1c08aa50) [0288.197] GetForegroundWindow () returned 0x10080 [0288.197] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0288.197] EnumProcesses (in: lpidProcess=0x2977a40, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2977a40, lpcbNeeded=0x1be8f450) returned 1 [0288.198] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x1299d8c0, ResultLength=0x1be8f3f0*=0xf058) returned 0x0 [0288.199] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0288.199] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0288.199] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0288.199] CoTaskMemFree (pv=0x1c08aa50) [0288.491] GetForegroundWindow () returned 0x10080 [0288.491] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0288.491] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0288.492] CoTaskMemFree (pv=0x1c0899d0) [0288.493] GetForegroundWindow () returned 0x10080 [0288.493] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0288.493] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0288.493] CoTaskMemFree (pv=0x1c0893a0) [0288.626] GetForegroundWindow () returned 0x10080 [0288.626] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0288.626] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0288.627] CoTaskMemFree (pv=0x1c08aa50) [0288.628] GetForegroundWindow () returned 0x100d4 [0288.628] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0288.628] EnumProcesses (in: lpidProcess=0x27c6e78, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27c6e78, lpcbNeeded=0x1be8f450) returned 1 [0288.630] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x129dd920, ResultLength=0x1be8f3f0*=0xf058) returned 0x0 [0288.633] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0288.633] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0288.633] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c088f80, nMaxCount=256 | out: lpString="FolderView") returned 10 [0288.633] CoTaskMemFree (pv=0x1c088f80) [0288.799] GetForegroundWindow () returned 0x10080 [0288.799] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0288.800] EnumProcesses (in: lpidProcess=0x281e3d0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x281e3d0, lpcbNeeded=0x1be8f460) returned 1 [0288.801] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1be8f400*=0xf0a8) returned 0x0 [0288.805] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0288.805] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0288.805] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0288.806] CoTaskMemFree (pv=0x1c0893a0) [0288.807] GetForegroundWindow () returned 0x10080 [0288.807] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0288.807] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0288.807] CoTaskMemFree (pv=0x1c0895b0) [0288.945] GetForegroundWindow () returned 0x10080 [0288.945] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0288.945] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0288.945] CoTaskMemFree (pv=0x1c0895b0) [0288.946] GetForegroundWindow () returned 0x10080 [0288.946] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0288.946] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0288.946] CoTaskMemFree (pv=0x1c089df0) [0289.468] GetForegroundWindow () returned 0x100d4 [0289.468] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0289.468] EnumProcesses (in: lpidProcess=0x28594e8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28594e8, lpcbNeeded=0x1be8f460) returned 1 [0289.470] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7da10, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12a7da10, ResultLength=0x1be8f400*=0xf2d8) returned 0x0 [0289.473] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0289.473] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0289.473] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0289.473] CoTaskMemFree (pv=0x1c0895b0) [0289.474] GetForegroundWindow () returned 0x10080 [0289.474] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0289.475] EnumProcesses (in: lpidProcess=0x2876898, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2876898, lpcbNeeded=0x1be8f450) returned 1 [0289.491] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x126b6e90, ResultLength=0x1be8f3f0*=0xf2d8) returned 0x0 [0289.491] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0289.492] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0289.492] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0289.492] CoTaskMemFree (pv=0x1c0899d0) [0289.605] GetForegroundWindow () returned 0x10080 [0289.606] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0289.606] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0289.606] CoTaskMemFree (pv=0x1c08a420) [0289.607] GetForegroundWindow () returned 0x10080 [0289.607] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0289.607] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0289.607] CoTaskMemFree (pv=0x1c089190) [0290.429] GetForegroundWindow () returned 0x10080 [0290.429] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0290.429] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0290.429] CoTaskMemFree (pv=0x1c08ac60) [0290.430] GetForegroundWindow () returned 0x100d4 [0290.430] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0290.430] EnumProcesses (in: lpidProcess=0x27e06a8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27e06a8, lpcbNeeded=0x1be8f450) returned 1 [0290.431] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12720a48, ResultLength=0x1be8f3f0*=0xf2d8) returned 0x0 [0290.432] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0290.432] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0290.432] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a210, nMaxCount=256 | out: lpString="FolderView") returned 10 [0290.432] CoTaskMemFree (pv=0x1c08a210) [0290.580] GetForegroundWindow () returned 0x10080 [0290.580] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0290.580] EnumProcesses (in: lpidProcess=0x2838420, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2838420, lpcbNeeded=0x1be8f460) returned 1 [0290.581] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12780ad8, ResultLength=0x1be8f400*=0xf2d8) returned 0x0 [0290.587] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0290.587] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0290.587] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0290.588] CoTaskMemFree (pv=0x1c08aa50) [0290.589] GetForegroundWindow () returned 0x10080 [0290.590] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0290.590] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0290.591] CoTaskMemFree (pv=0x1c08ac60) [0290.728] GetForegroundWindow () returned 0x10080 [0290.729] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0290.729] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0290.729] CoTaskMemFree (pv=0x1c08aa50) [0290.731] GetForegroundWindow () returned 0x10080 [0290.731] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0290.731] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0290.731] CoTaskMemFree (pv=0x1c0893a0) [0290.875] GetForegroundWindow () returned 0x100d4 [0290.875] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0290.875] EnumProcesses (in: lpidProcess=0x2874208, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2874208, lpcbNeeded=0x1be8f460) returned 1 [0290.876] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x127c0b38, ResultLength=0x1be8f400*=0xf2d8) returned 0x0 [0290.877] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0290.877] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0290.877] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a210, nMaxCount=256 | out: lpString="FolderView") returned 10 [0290.877] CoTaskMemFree (pv=0x1c08a210) [0290.879] GetForegroundWindow () returned 0x10080 [0290.879] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0290.879] EnumProcesses (in: lpidProcess=0x28915b8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x28915b8, lpcbNeeded=0x1be8f450) returned 1 [0290.880] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127e0b68, ResultLength=0x1be8f3f0*=0xf2d8) returned 0x0 [0290.880] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0290.881] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0290.881] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0290.881] CoTaskMemFree (pv=0x1c08aa50) [0291.374] GetForegroundWindow () returned 0x10080 [0291.374] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0291.374] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0291.397] CoTaskMemFree (pv=0x1c089be0) [0291.399] GetForegroundWindow () returned 0x10080 [0291.399] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0291.399] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0291.399] CoTaskMemFree (pv=0x1c089190) [0292.331] GetForegroundWindow () returned 0x10080 [0292.331] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0292.331] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0292.331] CoTaskMemFree (pv=0x1c08a210) [0292.332] GetForegroundWindow () returned 0x100d4 [0292.332] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0292.332] EnumProcesses (in: lpidProcess=0x28ccf28, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x28ccf28, lpcbNeeded=0x1be8f450) returned 1 [0292.333] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820fe8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12820fe8, ResultLength=0x1be8f3f0*=0xf1e8) returned 0x0 [0292.334] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0292.334] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0292.334] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0292.334] CoTaskMemFree (pv=0x1c0893a0) [0292.469] GetForegroundWindow () returned 0x10080 [0292.469] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0292.469] EnumProcesses (in: lpidProcess=0x2924518, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2924518, lpcbNeeded=0x1be8f460) returned 1 [0292.470] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12881078, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12881078, ResultLength=0x1be8f400*=0xf1e8) returned 0x0 [0292.471] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0292.471] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0292.471] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0292.471] CoTaskMemFree (pv=0x1c08a420) [0292.472] GetForegroundWindow () returned 0x10080 [0292.472] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0292.472] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0292.472] CoTaskMemFree (pv=0x1c08ac60) [0292.594] GetForegroundWindow () returned 0x10080 [0292.594] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0292.594] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0292.595] CoTaskMemFree (pv=0x1c089be0) [0292.596] GetForegroundWindow () returned 0x10080 [0292.596] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0292.596] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0292.596] CoTaskMemFree (pv=0x1c0893a0) [0292.735] GetForegroundWindow () returned 0x100d4 [0292.735] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0292.735] EnumProcesses (in: lpidProcess=0x295f928, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x295f928, lpcbNeeded=0x1be8f460) returned 1 [0292.736] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c10d8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x128c10d8, ResultLength=0x1be8f400*=0xf1e8) returned 0x0 [0292.737] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0292.737] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0292.738] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0292.738] CoTaskMemFree (pv=0x1c08aa50) [0292.739] GetForegroundWindow () returned 0x10080 [0292.739] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0292.739] EnumProcesses (in: lpidProcess=0x297cb28, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x297cb28, lpcbNeeded=0x1be8f450) returned 1 [0292.740] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x1299d8c0, ResultLength=0x1be8f3f0*=0xf1e8) returned 0x0 [0292.741] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0292.741] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0292.741] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0292.741] CoTaskMemFree (pv=0x1c08aa50) [0292.892] GetForegroundWindow () returned 0x10080 [0292.892] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0292.892] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0292.892] CoTaskMemFree (pv=0x1c089df0) [0292.894] GetForegroundWindow () returned 0x10080 [0292.894] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0292.894] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0292.894] CoTaskMemFree (pv=0x1c089be0) [0293.016] GetForegroundWindow () returned 0x10080 [0293.016] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0293.016] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0293.016] CoTaskMemFree (pv=0x1c088f80) [0293.017] GetForegroundWindow () returned 0x100d4 [0293.017] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0293.018] EnumProcesses (in: lpidProcess=0x27ca760, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27ca760, lpcbNeeded=0x1be8f450) returned 1 [0293.019] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x129dd920, ResultLength=0x1be8f3f0*=0xf1e8) returned 0x0 [0293.022] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0293.022] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0293.022] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a210, nMaxCount=256 | out: lpString="FolderView") returned 10 [0293.023] CoTaskMemFree (pv=0x1c08a210) [0293.080] GetForegroundWindow () returned 0x10080 [0293.080] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0293.080] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0293.080] CoTaskMemFree (pv=0x1c0899d0) [0293.081] GetForegroundWindow () returned 0x10080 [0293.082] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0293.082] EnumProcesses (in: lpidProcess=0x27e8458, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27e8458, lpcbNeeded=0x1be8f450) returned 1 [0293.084] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x129fd950, ResultLength=0x1be8f3f0*=0xf1e8) returned 0x0 [0293.087] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0293.087] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0293.087] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0293.088] CoTaskMemFree (pv=0x1c088f80) [0293.235] GetForegroundWindow () returned 0x10080 [0293.235] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0293.235] EnumProcesses (in: lpidProcess=0x2822af8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2822af8, lpcbNeeded=0x1be8f460) returned 1 [0293.237] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1be8f400*=0xf1e8) returned 0x0 [0293.241] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0293.241] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0293.241] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0293.241] CoTaskMemFree (pv=0x1c08aa50) [0293.243] GetForegroundWindow () returned 0x10080 [0293.243] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0293.243] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0293.243] CoTaskMemFree (pv=0x1c089be0) [0293.516] GetForegroundWindow () returned 0x100d4 [0293.516] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0293.516] EnumProcesses (in: lpidProcess=0x28404f8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28404f8, lpcbNeeded=0x1be8f460) returned 1 [0293.518] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1be8f400*=0xf198) returned 0x0 [0293.521] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0293.521] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0293.521] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a420, nMaxCount=256 | out: lpString="FolderView") returned 10 [0293.522] CoTaskMemFree (pv=0x1c08a420) [0293.523] GetForegroundWindow () returned 0x10080 [0293.523] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0293.523] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0293.523] CoTaskMemFree (pv=0x1c0899d0) [0293.672] GetForegroundWindow () returned 0x10080 [0293.672] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0293.672] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0293.672] CoTaskMemFree (pv=0x1c08ac60) [0293.674] GetForegroundWindow () returned 0x10080 [0293.674] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0293.674] EnumProcesses (in: lpidProcess=0x27c1988, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27c1988, lpcbNeeded=0x1be8f450) returned 1 [0293.675] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12700a18, ResultLength=0x1be8f3f0*=0xf198) returned 0x0 [0293.676] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0293.676] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0293.676] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0293.676] CoTaskMemFree (pv=0x1c089df0) [0293.799] GetForegroundWindow () returned 0x10080 [0293.799] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0293.799] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0293.799] CoTaskMemFree (pv=0x1c089be0) [0293.800] GetForegroundWindow () returned 0x100d4 [0293.800] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0293.801] EnumProcesses (in: lpidProcess=0x27dfaa8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27dfaa8, lpcbNeeded=0x1be8f450) returned 1 [0293.801] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12720a48, ResultLength=0x1be8f3f0*=0xf198) returned 0x0 [0293.802] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0293.802] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0293.802] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c088f80, nMaxCount=256 | out: lpString="FolderView") returned 10 [0293.803] CoTaskMemFree (pv=0x1c088f80) [0293.938] GetForegroundWindow () returned 0x10080 [0293.938] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0293.938] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0293.938] CoTaskMemFree (pv=0x1c089df0) [0293.940] GetForegroundWindow () returned 0x10080 [0293.940] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0293.940] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0293.940] CoTaskMemFree (pv=0x1c08aa50) [0294.064] GetForegroundWindow () returned 0x10080 [0294.064] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0294.064] EnumProcesses (in: lpidProcess=0x2837990, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2837990, lpcbNeeded=0x1be8f460) returned 1 [0294.066] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12780ad8, ResultLength=0x1be8f400*=0xf148) returned 0x0 [0294.067] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0294.067] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0294.067] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0294.067] CoTaskMemFree (pv=0x1c08a000) [0294.068] GetLastInputInfo (in: plii=0x1be8f580 | out: plii=0x1be8f580*(cbSize=0x8, dwTime=0x22f92)) returned 1 [0294.069] GetForegroundWindow () returned 0x10080 [0294.069] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0294.069] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0294.069] CoTaskMemFree (pv=0x1c08a630) [0294.191] GetForegroundWindow () returned 0x100d4 [0294.191] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0294.191] EnumProcesses (in: lpidProcess=0x28552b8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28552b8, lpcbNeeded=0x1be8f460) returned 1 [0294.193] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x127a0b08, ResultLength=0x1be8f400*=0xf148) returned 0x0 [0294.194] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0294.194] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0294.194] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0294.194] CoTaskMemFree (pv=0x1c08aa50) [0294.195] GetForegroundWindow () returned 0x10080 [0294.195] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0294.195] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0294.196] CoTaskMemFree (pv=0x1c0893a0) [0294.392] GetForegroundWindow () returned 0x10080 [0294.392] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0294.392] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0294.393] CoTaskMemFree (pv=0x1c089df0) [0294.394] GetForegroundWindow () returned 0x10080 [0294.394] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0294.394] EnumProcesses (in: lpidProcess=0x28acaa8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x28acaa8, lpcbNeeded=0x1be8f450) returned 1 [0294.396] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800fb8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12800fb8, ResultLength=0x1be8f3f0*=0xf0f8) returned 0x0 [0294.397] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0294.397] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0294.397] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0294.397] CoTaskMemFree (pv=0x1c08a210) [0294.531] GetForegroundWindow () returned 0x10080 [0294.531] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0294.531] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0294.532] CoTaskMemFree (pv=0x1c0899d0) [0294.533] GetForegroundWindow () returned 0x100d4 [0294.533] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0294.533] EnumProcesses (in: lpidProcess=0x28ca2f8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x28ca2f8, lpcbNeeded=0x1be8f450) returned 1 [0294.535] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820fe8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12820fe8, ResultLength=0x1be8f3f0*=0xf0f8) returned 0x0 [0294.536] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0294.536] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0294.536] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0294.536] CoTaskMemFree (pv=0x1c0899d0) [0294.656] GetForegroundWindow () returned 0x10080 [0294.656] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0294.656] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0294.656] CoTaskMemFree (pv=0x1c08a630) [0294.658] GetForegroundWindow () returned 0x10080 [0294.658] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0294.658] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0294.658] CoTaskMemFree (pv=0x1c0895b0) [0294.781] GetForegroundWindow () returned 0x10080 [0294.781] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0294.781] EnumProcesses (in: lpidProcess=0x2921e98, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2921e98, lpcbNeeded=0x1be8f460) returned 1 [0294.783] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12881078, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12881078, ResultLength=0x1be8f400*=0xf0f8) returned 0x0 [0294.784] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0294.784] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0294.784] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0294.784] CoTaskMemFree (pv=0x1c08aa50) [0294.785] GetForegroundWindow () returned 0x10080 [0294.785] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0294.785] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0294.786] CoTaskMemFree (pv=0x1c08ac60) [0295.007] GetForegroundWindow () returned 0x100d4 [0295.008] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0295.008] EnumProcesses (in: lpidProcess=0x2941758, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2941758, lpcbNeeded=0x1be8f460) returned 1 [0295.009] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a10a8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x128a10a8, ResultLength=0x1be8f400*=0xf058) returned 0x0 [0295.010] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0295.010] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0295.010] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089190, nMaxCount=256 | out: lpString="FolderView") returned 10 [0295.010] CoTaskMemFree (pv=0x1c089190) [0295.012] GetForegroundWindow () returned 0x10080 [0295.012] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0295.012] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0295.012] CoTaskMemFree (pv=0x1c0897c0) [0295.174] GetForegroundWindow () returned 0x10080 [0295.175] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0295.175] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0295.175] CoTaskMemFree (pv=0x1c08a420) [0295.176] GetForegroundWindow () returned 0x10080 [0295.176] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0295.176] EnumProcesses (in: lpidProcess=0x29992f8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x29992f8, lpcbNeeded=0x1be8f450) returned 1 [0295.178] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x129bd8f0, ResultLength=0x1be8f3f0*=0xf008) returned 0x0 [0295.189] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0295.190] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0295.190] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0295.190] CoTaskMemFree (pv=0x1c08aa50) [0295.328] GetForegroundWindow () returned 0x10080 [0295.328] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0295.328] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0295.328] CoTaskMemFree (pv=0x1c08a840) [0295.329] GetForegroundWindow () returned 0x100d4 [0295.330] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0295.330] EnumProcesses (in: lpidProcess=0x27c9850, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27c9850, lpcbNeeded=0x1be8f450) returned 1 [0295.332] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x129dd920, ResultLength=0x1be8f3f0*=0xf008) returned 0x0 [0295.333] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0295.334] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0295.334] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0295.334] CoTaskMemFree (pv=0x1c08aa50) [0295.524] GetForegroundWindow () returned 0x10080 [0295.524] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0295.524] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0295.524] CoTaskMemFree (pv=0x1c08aa50) [0295.525] GetForegroundWindow () returned 0x10080 [0295.526] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0295.526] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0295.526] CoTaskMemFree (pv=0x1c08a840) [0295.662] GetForegroundWindow () returned 0x10080 [0295.662] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0295.662] EnumProcesses (in: lpidProcess=0x2821a90, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2821a90, lpcbNeeded=0x1be8f460) returned 1 [0295.664] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1be8f400*=0xf148) returned 0x0 [0295.665] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0295.665] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0295.666] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0295.666] CoTaskMemFree (pv=0x1c089be0) [0295.667] GetForegroundWindow () returned 0x10080 [0295.667] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0295.667] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0295.667] CoTaskMemFree (pv=0x1c08a420) [0295.784] GetForegroundWindow () returned 0x100d4 [0295.784] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0295.784] EnumProcesses (in: lpidProcess=0x283f1b0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x283f1b0, lpcbNeeded=0x1be8f460) returned 1 [0295.786] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1be8f400*=0xf1e8) returned 0x0 [0295.788] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0295.788] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0295.788] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089190, nMaxCount=256 | out: lpString="FolderView") returned 10 [0295.788] CoTaskMemFree (pv=0x1c089190) [0295.789] GetForegroundWindow () returned 0x10080 [0295.789] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0295.789] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0295.789] CoTaskMemFree (pv=0x1c08a000) [0295.954] GetForegroundWindow () returned 0x10080 [0295.954] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0295.954] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0295.955] CoTaskMemFree (pv=0x1c0893a0) [0295.956] GetForegroundWindow () returned 0x10080 [0295.960] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0295.960] EnumProcesses (in: lpidProcess=0x27c1cc8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27c1cc8, lpcbNeeded=0x1be8f450) returned 1 [0295.961] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12700a18, ResultLength=0x1be8f3f0*=0xf1e8) returned 0x0 [0295.962] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0295.962] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0295.962] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0295.962] CoTaskMemFree (pv=0x1c089df0) [0296.064] GetLastInputInfo (in: plii=0x1be8f580 | out: plii=0x1be8f580*(cbSize=0x8, dwTime=0x22f92)) returned 1 [0296.159] GetForegroundWindow () returned 0x10080 [0296.159] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0296.159] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0296.159] CoTaskMemFree (pv=0x1c0895b0) [0296.160] GetForegroundWindow () returned 0x100d4 [0296.160] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0296.161] EnumProcesses (in: lpidProcess=0x27e02c8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27e02c8, lpcbNeeded=0x1be8f450) returned 1 [0296.162] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12720a48, ResultLength=0x1be8f3f0*=0xf1e8) returned 0x0 [0296.163] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0296.163] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0296.163] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a210, nMaxCount=256 | out: lpString="FolderView") returned 10 [0296.163] CoTaskMemFree (pv=0x1c08a210) [0296.283] GetForegroundWindow () returned 0x10080 [0296.283] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0296.283] EnumProcesses (in: lpidProcess=0x2837378, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2837378, lpcbNeeded=0x1be8f460) returned 1 [0296.285] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12780ad8, ResultLength=0x1be8f400*=0xf1e8) returned 0x0 [0296.285] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0296.286] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0296.286] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0296.286] CoTaskMemFree (pv=0x1c08aa50) [0296.287] GetForegroundWindow () returned 0x10080 [0296.287] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0296.287] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0296.287] CoTaskMemFree (pv=0x1c089be0) [0296.408] GetForegroundWindow () returned 0x10080 [0296.408] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0296.408] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0296.409] CoTaskMemFree (pv=0x1c08aa50) [0296.410] GetForegroundWindow () returned 0x10080 [0296.410] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0296.410] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0296.410] CoTaskMemFree (pv=0x1c0897c0) [0296.547] GetForegroundWindow () returned 0x100d4 [0296.547] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0296.547] EnumProcesses (in: lpidProcess=0x2871a60, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2871a60, lpcbNeeded=0x1be8f460) returned 1 [0296.548] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x127c0b38, ResultLength=0x1be8f400*=0xec18) returned 0x0 [0296.549] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0296.549] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0296.549] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a420, nMaxCount=256 | out: lpString="FolderView") returned 10 [0296.549] CoTaskMemFree (pv=0x1c08a420) [0296.550] GetForegroundWindow () returned 0x10080 [0296.550] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0296.550] EnumProcesses (in: lpidProcess=0x288e0f8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x288e0f8, lpcbNeeded=0x1be8f450) returned 1 [0296.551] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127e0b68, ResultLength=0x1be8f3f0*=0xec18) returned 0x0 [0296.551] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0296.551] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0296.551] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0296.551] CoTaskMemFree (pv=0x1c0897c0) [0296.685] GetForegroundWindow () returned 0x10080 [0296.685] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0296.685] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0296.685] CoTaskMemFree (pv=0x1c08a210) [0296.686] GetForegroundWindow () returned 0x10080 [0296.686] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0296.686] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0296.687] CoTaskMemFree (pv=0x1c0893a0) [0296.810] GetForegroundWindow () returned 0x10080 [0296.810] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0296.810] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0296.810] CoTaskMemFree (pv=0x1c08a210) [0296.811] GetForegroundWindow () returned 0x100d4 [0296.812] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0296.812] EnumProcesses (in: lpidProcess=0x28c7e28, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x28c7e28, lpcbNeeded=0x1be8f450) returned 1 [0296.812] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820fe8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12820fe8, ResultLength=0x1be8f3f0*=0xec18) returned 0x0 [0296.813] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0296.813] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0296.813] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a630, nMaxCount=256 | out: lpString="FolderView") returned 10 [0296.813] CoTaskMemFree (pv=0x1c08a630) [0296.935] GetForegroundWindow () returned 0x10080 [0296.935] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0296.935] EnumProcesses (in: lpidProcess=0x291d1e0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x291d1e0, lpcbNeeded=0x1be8f460) returned 1 [0296.936] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12881078, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12881078, ResultLength=0x1be8f400*=0xec18) returned 0x0 [0296.937] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0296.937] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0296.937] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0296.937] CoTaskMemFree (pv=0x1c08a630) [0296.938] GetForegroundWindow () returned 0x10080 [0296.938] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0296.938] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0296.938] CoTaskMemFree (pv=0x1c08a420) [0297.060] GetForegroundWindow () returned 0x10080 [0297.060] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0297.060] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0297.061] CoTaskMemFree (pv=0x1c08a000) [0297.062] GetForegroundWindow () returned 0x10080 [0297.062] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0297.062] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0297.062] CoTaskMemFree (pv=0x1c08ac60) [0297.201] GetForegroundWindow () returned 0x100d4 [0297.201] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0297.201] EnumProcesses (in: lpidProcess=0x29570e8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x29570e8, lpcbNeeded=0x1be8f460) returned 1 [0297.202] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c10d8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x128c10d8, ResultLength=0x1be8f400*=0xec18) returned 0x0 [0297.202] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0297.203] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0297.203] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a420, nMaxCount=256 | out: lpString="FolderView") returned 10 [0297.203] CoTaskMemFree (pv=0x1c08a420) [0297.204] GetForegroundWindow () returned 0x10080 [0297.204] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0297.204] EnumProcesses (in: lpidProcess=0x2973780, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2973780, lpcbNeeded=0x1be8f450) returned 1 [0297.205] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x1299d8c0, ResultLength=0x1be8f3f0*=0xec18) returned 0x0 [0297.205] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0297.205] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0297.205] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0297.205] CoTaskMemFree (pv=0x1c088f80) [0297.342] GetForegroundWindow () returned 0x10080 [0297.342] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0297.342] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0297.342] CoTaskMemFree (pv=0x1c08a000) [0297.344] GetForegroundWindow () returned 0x10080 [0297.344] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0297.344] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0297.344] CoTaskMemFree (pv=0x1c0893a0) [0297.467] GetForegroundWindow () returned 0x10080 [0297.467] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0297.467] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0297.467] CoTaskMemFree (pv=0x1c08a000) [0297.468] GetForegroundWindow () returned 0x100d4 [0297.468] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0297.468] EnumProcesses (in: lpidProcess=0x27c34d8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27c34d8, lpcbNeeded=0x1be8f450) returned 1 [0297.470] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x129dd920, ResultLength=0x1be8f3f0*=0xec18) returned 0x0 [0297.471] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0297.471] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0297.471] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0297.472] CoTaskMemFree (pv=0x1c08aa50) [0297.592] GetForegroundWindow () returned 0x10080 [0297.592] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0297.592] EnumProcesses (in: lpidProcess=0x2819068, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2819068, lpcbNeeded=0x1be8f460) returned 1 [0297.593] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1be8f400*=0xec18) returned 0x0 [0297.594] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0297.595] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0297.595] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0297.595] CoTaskMemFree (pv=0x1c0893a0) [0297.596] GetForegroundWindow () returned 0x10080 [0297.596] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0297.596] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0297.596] CoTaskMemFree (pv=0x1c089df0) [0297.732] GetForegroundWindow () returned 0x10080 [0297.732] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0297.732] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0297.733] CoTaskMemFree (pv=0x1c08a420) [0297.734] GetForegroundWindow () returned 0x10080 [0297.734] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0297.734] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0297.734] CoTaskMemFree (pv=0x1c088f80) [0297.857] GetForegroundWindow () returned 0x100d4 [0297.857] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0297.857] EnumProcesses (in: lpidProcess=0x2852da8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2852da8, lpcbNeeded=0x1be8f460) returned 1 [0297.859] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7da10, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12a7da10, ResultLength=0x1be8f400*=0xec18) returned 0x0 [0297.861] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0297.861] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0297.861] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a210, nMaxCount=256 | out: lpString="FolderView") returned 10 [0297.861] CoTaskMemFree (pv=0x1c08a210) [0297.863] GetForegroundWindow () returned 0x10080 [0297.863] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0297.863] EnumProcesses (in: lpidProcess=0x286f440, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x286f440, lpcbNeeded=0x1be8f450) returned 1 [0297.880] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x126b6e90, ResultLength=0x1be8f3f0*=0xec18) returned 0x0 [0297.887] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0297.887] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0297.887] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0297.888] CoTaskMemFree (pv=0x1c089df0) [0298.014] GetForegroundWindow () returned 0x10080 [0298.014] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0298.014] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0298.014] CoTaskMemFree (pv=0x1c0895b0) [0298.015] GetForegroundWindow () returned 0x10080 [0298.015] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0298.015] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0298.016] CoTaskMemFree (pv=0x1c0893a0) [0298.140] GetForegroundWindow () returned 0x10080 [0298.140] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0298.140] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0298.140] CoTaskMemFree (pv=0x1c089be0) [0298.141] GetForegroundWindow () returned 0x100d4 [0298.141] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0298.141] EnumProcesses (in: lpidProcess=0x27def98, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27def98, lpcbNeeded=0x1be8f450) returned 1 [0298.142] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12720a48, ResultLength=0x1be8f3f0*=0xec18) returned 0x0 [0298.143] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0298.143] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0298.143] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a630, nMaxCount=256 | out: lpString="FolderView") returned 10 [0298.143] CoTaskMemFree (pv=0x1c08a630) [0298.279] GetForegroundWindow () returned 0x10080 [0298.279] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0298.279] EnumProcesses (in: lpidProcess=0x2834350, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2834350, lpcbNeeded=0x1be8f460) returned 1 [0298.280] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12780ad8, ResultLength=0x1be8f400*=0xec18) returned 0x0 [0298.281] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0298.281] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0298.281] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0298.282] CoTaskMemFree (pv=0x1c08a630) [0298.283] GetForegroundWindow () returned 0x10080 [0298.283] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0298.283] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0298.283] CoTaskMemFree (pv=0x1c08a420) [0298.404] GetForegroundWindow () returned 0x10080 [0298.404] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0298.404] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0298.404] CoTaskMemFree (pv=0x1c08a210) [0298.406] GetForegroundWindow () returned 0x10080 [0298.406] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0298.406] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0298.406] CoTaskMemFree (pv=0x1c0897c0) [0298.529] GetForegroundWindow () returned 0x100d4 [0298.529] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0298.530] EnumProcesses (in: lpidProcess=0x286e090, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x286e090, lpcbNeeded=0x1be8f460) returned 1 [0298.531] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x127c0b38, ResultLength=0x1be8f400*=0xec18) returned 0x0 [0298.531] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0298.532] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0298.532] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0298.532] CoTaskMemFree (pv=0x1c08aa50) [0298.533] GetForegroundWindow () returned 0x10080 [0298.533] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0298.533] EnumProcesses (in: lpidProcess=0x288a728, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x288a728, lpcbNeeded=0x1be8f450) returned 1 [0298.534] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127e0b68, ResultLength=0x1be8f3f0*=0xec18) returned 0x0 [0298.535] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0298.535] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0298.535] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0298.535] CoTaskMemFree (pv=0x1c08a420) [0298.685] GetForegroundWindow () returned 0x10080 [0298.685] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0298.686] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0298.686] CoTaskMemFree (pv=0x1c08a210) [0298.687] GetForegroundWindow () returned 0x10080 [0298.687] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0298.687] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0298.687] CoTaskMemFree (pv=0x1c08aa50) [0298.810] GetForegroundWindow () returned 0x10080 [0298.810] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0298.810] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0298.810] CoTaskMemFree (pv=0x1c0897c0) [0298.811] GetForegroundWindow () returned 0x100d4 [0298.811] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0298.812] EnumProcesses (in: lpidProcess=0x28c4ad0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x28c4ad0, lpcbNeeded=0x1be8f450) returned 1 [0298.812] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820fe8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12820fe8, ResultLength=0x1be8f3f0*=0xec18) returned 0x0 [0298.813] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0298.813] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0298.813] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089190, nMaxCount=256 | out: lpString="FolderView") returned 10 [0298.813] CoTaskMemFree (pv=0x1c089190) [0298.935] GetForegroundWindow () returned 0x10080 [0298.935] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0298.935] EnumProcesses (in: lpidProcess=0x2919e88, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2919e88, lpcbNeeded=0x1be8f460) returned 1 [0298.936] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12881078, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12881078, ResultLength=0x1be8f400*=0xec18) returned 0x0 [0298.937] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0298.937] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0298.937] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0298.937] CoTaskMemFree (pv=0x1c0897c0) [0298.939] GetForegroundWindow () returned 0x10080 [0298.939] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0298.939] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0298.939] CoTaskMemFree (pv=0x1c089be0) [0299.060] GetForegroundWindow () returned 0x10080 [0299.060] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0299.061] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0299.061] CoTaskMemFree (pv=0x1c08a840) [0299.062] GetForegroundWindow () returned 0x10080 [0299.062] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0299.062] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0299.062] CoTaskMemFree (pv=0x1c0893a0) [0299.248] GetForegroundWindow () returned 0x100d4 [0299.248] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0299.248] EnumProcesses (in: lpidProcess=0x2970578, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2970578, lpcbNeeded=0x1be8f460) returned 1 [0299.249] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x1299d8c0, ResultLength=0x1be8f400*=0xec18) returned 0x0 [0299.249] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0299.250] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0299.250] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a000, nMaxCount=256 | out: lpString="FolderView") returned 10 [0299.250] CoTaskMemFree (pv=0x1c08a000) [0299.251] GetForegroundWindow () returned 0x10080 [0299.251] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0299.251] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0299.251] CoTaskMemFree (pv=0x1c08ac60) [0299.388] GetForegroundWindow () returned 0x10080 [0299.388] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0299.388] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0299.389] CoTaskMemFree (pv=0x1c08a630) [0299.390] GetForegroundWindow () returned 0x10080 [0299.390] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0299.390] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0299.390] CoTaskMemFree (pv=0x1c089df0) [0299.513] GetForegroundWindow () returned 0x10080 [0299.513] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0299.514] EnumProcesses (in: lpidProcess=0x27de178, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27de178, lpcbNeeded=0x1be8f460) returned 1 [0299.515] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x129fd950, ResultLength=0x1be8f400*=0xec18) returned 0x0 [0299.517] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0299.517] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0299.517] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0299.517] CoTaskMemFree (pv=0x1c089be0) [0299.518] GetForegroundWindow () returned 0x100d4 [0299.518] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0299.518] EnumProcesses (in: lpidProcess=0x27fa800, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27fa800, lpcbNeeded=0x1be8f450) returned 1 [0299.520] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12a1d980, ResultLength=0x1be8f3f0*=0xec18) returned 0x0 [0299.521] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0299.521] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0299.521] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a000, nMaxCount=256 | out: lpString="FolderView") returned 10 [0299.522] CoTaskMemFree (pv=0x1c08a000) [0299.639] GetForegroundWindow () returned 0x10080 [0299.639] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0299.639] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0299.639] CoTaskMemFree (pv=0x1c08a210) [0299.641] GetForegroundWindow () returned 0x10080 [0299.641] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0299.641] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0299.641] CoTaskMemFree (pv=0x1c0893a0) [0299.764] GetForegroundWindow () returned 0x10080 [0299.764] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0299.764] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0299.764] CoTaskMemFree (pv=0x1c08a630) [0299.765] GetForegroundWindow () returned 0x10080 [0299.766] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0299.766] EnumProcesses (in: lpidProcess=0x2850928, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2850928, lpcbNeeded=0x1be8f450) returned 1 [0299.767] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7da10, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12a7da10, ResultLength=0x1be8f3f0*=0xec18) returned 0x0 [0299.769] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0299.769] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0299.769] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0299.769] CoTaskMemFree (pv=0x1c08a210) [0299.889] GetForegroundWindow () returned 0x100d4 [0299.889] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0299.889] EnumProcesses (in: lpidProcess=0x286d510, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x286d510, lpcbNeeded=0x1be8f460) returned 1 [0299.905] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x126b6e90, ResultLength=0x1be8f400*=0xec18) returned 0x0 [0299.906] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0299.906] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0299.906] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089be0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0299.906] CoTaskMemFree (pv=0x1c089be0) [0299.907] GetForegroundWindow () returned 0x10080 [0299.907] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0299.907] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0299.908] CoTaskMemFree (pv=0x1c088f80) [0300.029] GetForegroundWindow () returned 0x10080 [0300.030] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0300.030] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0300.030] CoTaskMemFree (pv=0x1c08a210) [0300.031] GetForegroundWindow () returned 0x10080 [0300.031] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0300.031] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0300.031] CoTaskMemFree (pv=0x1c08ac60) [0300.156] GetForegroundWindow () returned 0x10080 [0300.156] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0300.156] EnumProcesses (in: lpidProcess=0x27fb3a0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27fb3a0, lpcbNeeded=0x1be8f460) returned 1 [0300.157] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12740a78, ResultLength=0x1be8f400*=0xec18) returned 0x0 [0300.158] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0300.158] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0300.158] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0300.158] CoTaskMemFree (pv=0x1c089df0) [0300.159] GetForegroundWindow () returned 0x100d4 [0300.159] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0300.159] EnumProcesses (in: lpidProcess=0x2817a28, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2817a28, lpcbNeeded=0x1be8f450) returned 1 [0300.160] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12760aa8, ResultLength=0x1be8f3f0*=0xec18) returned 0x0 [0300.160] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0300.160] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0300.160] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0300.161] CoTaskMemFree (pv=0x1c0897c0) [0300.295] GetForegroundWindow () returned 0x10080 [0300.295] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0300.295] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0300.296] CoTaskMemFree (pv=0x1c08a210) [0300.297] GetForegroundWindow () returned 0x10080 [0300.297] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0300.297] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0300.297] CoTaskMemFree (pv=0x1c0899d0) [0300.420] GetForegroundWindow () returned 0x10080 [0300.420] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0300.420] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0300.421] CoTaskMemFree (pv=0x1c089190) [0300.422] GetForegroundWindow () returned 0x10080 [0300.422] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0300.422] EnumProcesses (in: lpidProcess=0x286db50, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x286db50, lpcbNeeded=0x1be8f450) returned 1 [0300.423] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127c0b38, ResultLength=0x1be8f3f0*=0xec18) returned 0x0 [0300.424] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0300.424] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0300.424] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0300.424] CoTaskMemFree (pv=0x1c089be0) [0300.546] GetForegroundWindow () returned 0x100d4 [0300.546] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0300.546] EnumProcesses (in: lpidProcess=0x288a9b0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x288a9b0, lpcbNeeded=0x1be8f460) returned 1 [0300.549] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x127e0b68, ResultLength=0x1be8f400*=0xec18) returned 0x0 [0300.550] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0300.550] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0300.550] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a840, nMaxCount=256 | out: lpString="FolderView") returned 10 [0300.550] CoTaskMemFree (pv=0x1c08a840) [0300.551] GetForegroundWindow () returned 0x10080 [0300.551] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0300.551] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0300.551] CoTaskMemFree (pv=0x1c0893a0) [0300.687] GetForegroundWindow () returned 0x10080 [0300.687] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0300.687] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0300.687] CoTaskMemFree (pv=0x1c088f80) [0300.688] GetForegroundWindow () returned 0x10080 [0300.688] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0300.688] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0300.688] CoTaskMemFree (pv=0x1c08a630) [0300.816] GetForegroundWindow () returned 0x10080 [0300.816] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0300.816] EnumProcesses (in: lpidProcess=0x28e0ad8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28e0ad8, lpcbNeeded=0x1be8f460) returned 1 [0300.817] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12841018, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12841018, ResultLength=0x1be8f400*=0xec18) returned 0x0 [0300.818] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0300.818] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0300.818] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0300.818] CoTaskMemFree (pv=0x1c08a210) [0300.819] GetForegroundWindow () returned 0x100d4 [0300.820] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0300.820] EnumProcesses (in: lpidProcess=0x28fd160, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x28fd160, lpcbNeeded=0x1be8f450) returned 1 [0300.820] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12861048, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12861048, ResultLength=0x1be8f3f0*=0xec18) returned 0x0 [0300.821] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0300.821] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0300.821] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c088f80, nMaxCount=256 | out: lpString="FolderView") returned 10 [0300.821] CoTaskMemFree (pv=0x1c088f80) [0300.937] GetForegroundWindow () returned 0x10080 [0300.937] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0300.937] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0300.937] CoTaskMemFree (pv=0x1c08a210) [0300.940] GetForegroundWindow () returned 0x10080 [0300.941] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0300.941] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0300.941] CoTaskMemFree (pv=0x1c0893a0) [0301.063] GetForegroundWindow () returned 0x10080 [0301.063] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0301.063] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0301.064] CoTaskMemFree (pv=0x1c08aa50) [0301.064] GetForegroundWindow () returned 0x10080 [0301.064] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0301.065] EnumProcesses (in: lpidProcess=0x2953288, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2953288, lpcbNeeded=0x1be8f450) returned 1 [0301.065] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c10d8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x128c10d8, ResultLength=0x1be8f3f0*=0xec18) returned 0x0 [0301.066] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0301.066] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0301.066] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0301.066] CoTaskMemFree (pv=0x1c08a840) [0301.265] GetForegroundWindow () returned 0x100d4 [0301.265] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0301.265] EnumProcesses (in: lpidProcess=0x2970448, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2970448, lpcbNeeded=0x1be8f460) returned 1 [0301.266] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x1299d8c0, ResultLength=0x1be8f400*=0xec18) returned 0x0 [0301.266] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0301.267] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0301.267] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089190, nMaxCount=256 | out: lpString="FolderView") returned 10 [0301.267] CoTaskMemFree (pv=0x1c089190) [0301.268] GetForegroundWindow () returned 0x10080 [0301.268] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0301.268] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0301.268] CoTaskMemFree (pv=0x1c08aa50) [0301.391] GetForegroundWindow () returned 0x10080 [0301.391] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0301.392] EnumProcesses (in: lpidProcess=0x298d300, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x298d300, lpcbNeeded=0x1be8f460) returned 1 [0301.393] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x129bd8f0, ResultLength=0x1be8f400*=0xebc8) returned 0x0 [0301.401] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0301.401] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0301.401] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0301.401] CoTaskMemFree (pv=0x1c0895b0) [0301.402] GetForegroundWindow () returned 0x10080 [0301.402] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0301.402] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0301.403] CoTaskMemFree (pv=0x1c08a630) [0301.532] GetForegroundWindow () returned 0x10080 [0301.532] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0301.532] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0301.532] CoTaskMemFree (pv=0x1c08aa50) [0301.533] GetForegroundWindow () returned 0x100d4 [0301.534] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0301.534] EnumProcesses (in: lpidProcess=0x27c13e0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27c13e0, lpcbNeeded=0x1be8f450) returned 1 [0301.536] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x129dd920, ResultLength=0x1be8f3f0*=0xebc8) returned 0x0 [0301.537] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0301.537] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0301.537] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a210, nMaxCount=256 | out: lpString="FolderView") returned 10 [0301.537] CoTaskMemFree (pv=0x1c08a210) [0301.656] GetForegroundWindow () returned 0x10080 [0301.656] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0301.656] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0301.656] CoTaskMemFree (pv=0x1c08a000) [0301.657] GetForegroundWindow () returned 0x10080 [0301.658] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0301.658] EnumProcesses (in: lpidProcess=0x27de928, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27de928, lpcbNeeded=0x1be8f450) returned 1 [0301.660] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x129fd950, ResultLength=0x1be8f3f0*=0xebc8) returned 0x0 [0301.661] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0301.661] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0301.661] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0301.661] CoTaskMemFree (pv=0x1c08a840) [0301.785] GetForegroundWindow () returned 0x10080 [0301.785] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0301.786] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0301.786] CoTaskMemFree (pv=0x1c08a420) [0301.788] GetForegroundWindow () returned 0x10080 [0301.791] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0301.791] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0301.792] CoTaskMemFree (pv=0x1c089be0) [0301.906] GetForegroundWindow () returned 0x100d4 [0301.906] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0301.906] EnumProcesses (in: lpidProcess=0x27fbea0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27fbea0, lpcbNeeded=0x1be8f460) returned 1 [0301.908] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12a1d980, ResultLength=0x1be8f400*=0xebc8) returned 0x0 [0301.909] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0301.909] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0301.909] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a630, nMaxCount=256 | out: lpString="FolderView") returned 10 [0301.909] CoTaskMemFree (pv=0x1c08a630) [0301.911] GetForegroundWindow () returned 0x10080 [0301.911] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0301.911] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0301.911] CoTaskMemFree (pv=0x1c0895b0) [0302.031] GetForegroundWindow () returned 0x10080 [0302.031] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0302.031] EnumProcesses (in: lpidProcess=0x2818c28, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2818c28, lpcbNeeded=0x1be8f460) returned 1 [0302.033] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1be8f400*=0xebc8) returned 0x0 [0302.034] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0302.034] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0302.034] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0302.035] CoTaskMemFree (pv=0x1c089df0) [0302.036] GetForegroundWindow () returned 0x10080 [0302.036] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0302.036] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0302.036] CoTaskMemFree (pv=0x1c0899d0) [0302.172] WSASend (in: s=0x410, lpBuffers=0x1be8f2e0*=((len=0xc, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1be8f2d8, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1be8f2d8*=0xc, lpOverlapped=0x27ce1c8) returned 0 [0302.175] GetForegroundWindow () returned 0x10080 [0302.175] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0302.175] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0302.175] CoTaskMemFree (pv=0x1c088f80) [0302.176] GetForegroundWindow () returned 0x100d4 [0302.176] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0302.176] EnumProcesses (in: lpidProcess=0x2835e50, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2835e50, lpcbNeeded=0x1be8f450) returned 1 [0302.178] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1be8f3f0*=0xebc8) returned 0x0 [0302.179] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0302.179] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0302.179] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0302.180] CoTaskMemFree (pv=0x1c0899d0) [0302.297] GetForegroundWindow () returned 0x10080 [0302.297] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0302.297] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0302.297] CoTaskMemFree (pv=0x1c08a630) [0302.298] GetForegroundWindow () returned 0x10080 [0302.298] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0302.298] EnumProcesses (in: lpidProcess=0x2852bd8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2852bd8, lpcbNeeded=0x1be8f450) returned 1 [0302.300] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7da10, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12a7da10, ResultLength=0x1be8f3f0*=0xebc8) returned 0x0 [0302.302] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0302.302] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0302.302] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0302.302] CoTaskMemFree (pv=0x1c089df0) [0302.421] GetForegroundWindow () returned 0x10080 [0302.422] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0302.422] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0302.422] CoTaskMemFree (pv=0x1c0897c0) [0302.423] GetForegroundWindow () returned 0x10080 [0302.423] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0302.423] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0302.423] CoTaskMemFree (pv=0x1c0895b0) [0302.547] GetForegroundWindow () returned 0x100d4 [0302.547] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0302.547] EnumProcesses (in: lpidProcess=0x2870168, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2870168, lpcbNeeded=0x1be8f460) returned 1 [0302.562] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x126b6e90, ResultLength=0x1be8f400*=0xebc8) returned 0x0 [0302.563] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0302.563] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0302.563] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0302.563] CoTaskMemFree (pv=0x1c0897c0) [0302.564] GetForegroundWindow () returned 0x10080 [0302.565] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0302.565] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0302.565] CoTaskMemFree (pv=0x1c08a210) [0302.687] GetForegroundWindow () returned 0x10080 [0302.687] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0302.687] EnumProcesses (in: lpidProcess=0x27c1768, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27c1768, lpcbNeeded=0x1be8f460) returned 1 [0302.688] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12700a18, ResultLength=0x1be8f400*=0xebc8) returned 0x0 [0302.688] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0302.689] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0302.689] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0302.689] CoTaskMemFree (pv=0x1c08aa50) [0302.690] GetForegroundWindow () returned 0x10080 [0302.690] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0302.690] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0302.690] CoTaskMemFree (pv=0x1c08aa50) [0302.812] GetForegroundWindow () returned 0x10080 [0302.813] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0302.813] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0302.813] CoTaskMemFree (pv=0x1c089be0) [0302.814] GetForegroundWindow () returned 0x100d4 [0302.814] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0302.814] EnumProcesses (in: lpidProcess=0x27def18, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27def18, lpcbNeeded=0x1be8f450) returned 1 [0302.815] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12720a48, ResultLength=0x1be8f3f0*=0xebc8) returned 0x0 [0302.816] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0302.816] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0302.816] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="FolderView") returned 10 [0302.816] CoTaskMemFree (pv=0x1c08ac60) [0302.937] GetForegroundWindow () returned 0x10080 [0302.938] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0302.938] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0302.938] CoTaskMemFree (pv=0x1c08aa50) [0302.939] GetForegroundWindow () returned 0x10080 [0302.939] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0302.939] EnumProcesses (in: lpidProcess=0x27fbca0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27fbca0, lpcbNeeded=0x1be8f450) returned 1 [0302.940] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12740a78, ResultLength=0x1be8f3f0*=0xebc8) returned 0x0 [0302.941] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0302.941] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0302.941] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0302.941] CoTaskMemFree (pv=0x1c089df0) [0303.062] GetForegroundWindow () returned 0x10080 [0303.063] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0303.063] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0303.063] CoTaskMemFree (pv=0x1c0895b0) [0303.064] GetForegroundWindow () returned 0x10080 [0303.064] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0303.064] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0303.064] CoTaskMemFree (pv=0x1c0897c0) [0303.188] GetForegroundWindow () returned 0x100d4 [0303.189] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0303.189] EnumProcesses (in: lpidProcess=0x2819290, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2819290, lpcbNeeded=0x1be8f460) returned 1 [0303.190] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12760aa8, ResultLength=0x1be8f400*=0xebc8) returned 0x0 [0303.191] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0303.191] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0303.191] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0303.191] CoTaskMemFree (pv=0x1c0893a0) [0303.192] GetForegroundWindow () returned 0x10080 [0303.192] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0303.192] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0303.192] CoTaskMemFree (pv=0x1c08a630) [0303.312] GetForegroundWindow () returned 0x10080 [0303.312] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0303.312] EnumProcesses (in: lpidProcess=0x2836018, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2836018, lpcbNeeded=0x1be8f460) returned 1 [0303.313] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12780ad8, ResultLength=0x1be8f400*=0xebc8) returned 0x0 [0303.314] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0303.314] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0303.314] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0303.314] CoTaskMemFree (pv=0x1c08a000) [0303.315] GetForegroundWindow () returned 0x10080 [0303.315] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0303.315] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0303.315] CoTaskMemFree (pv=0x1c0899d0) [0303.437] GetForegroundWindow () returned 0x10080 [0303.438] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0303.438] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0303.438] CoTaskMemFree (pv=0x1c0895b0) [0303.439] GetForegroundWindow () returned 0x100d4 [0303.439] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0303.439] EnumProcesses (in: lpidProcess=0x2853030, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2853030, lpcbNeeded=0x1be8f450) returned 1 [0303.440] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127a0b08, ResultLength=0x1be8f3f0*=0xebc8) returned 0x0 [0303.441] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0303.441] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0303.441] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a420, nMaxCount=256 | out: lpString="FolderView") returned 10 [0303.441] CoTaskMemFree (pv=0x1c08a420) [0303.562] GetForegroundWindow () returned 0x10080 [0303.563] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0303.563] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0303.563] CoTaskMemFree (pv=0x1c08ac60) [0303.564] GetForegroundWindow () returned 0x10080 [0303.564] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0303.564] EnumProcesses (in: lpidProcess=0x286fdb8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x286fdb8, lpcbNeeded=0x1be8f450) returned 1 [0303.565] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127c0b38, ResultLength=0x1be8f3f0*=0xebc8) returned 0x0 [0303.566] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0303.566] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0303.566] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0303.566] CoTaskMemFree (pv=0x1c0899d0) [0303.687] GetForegroundWindow () returned 0x10080 [0303.688] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0303.688] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0303.688] CoTaskMemFree (pv=0x1c088f80) [0303.689] GetForegroundWindow () returned 0x10080 [0303.689] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0303.689] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0303.689] CoTaskMemFree (pv=0x1c0895b0) [0303.816] GetForegroundWindow () returned 0x100d4 [0303.817] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0303.817] EnumProcesses (in: lpidProcess=0x288d330, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x288d330, lpcbNeeded=0x1be8f460) returned 1 [0303.818] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x127e0b68, ResultLength=0x1be8f400*=0xebc8) returned 0x0 [0303.818] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0303.819] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0303.819] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a000, nMaxCount=256 | out: lpString="FolderView") returned 10 [0303.819] CoTaskMemFree (pv=0x1c08a000) [0303.820] GetForegroundWindow () returned 0x10080 [0303.820] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0303.820] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0303.820] CoTaskMemFree (pv=0x1c0897c0) [0303.952] GetForegroundWindow () returned 0x10080 [0303.953] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0303.953] EnumProcesses (in: lpidProcess=0x28aa0b8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28aa0b8, lpcbNeeded=0x1be8f460) returned 1 [0303.953] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800fb8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12800fb8, ResultLength=0x1be8f400*=0xebc8) returned 0x0 [0303.954] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0303.954] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0303.954] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0303.954] CoTaskMemFree (pv=0x1c089190) [0303.955] GetForegroundWindow () returned 0x10080 [0303.955] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0303.955] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0303.955] CoTaskMemFree (pv=0x1c08ac60) [0304.078] GetForegroundWindow () returned 0x10080 [0304.078] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0304.078] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0304.078] CoTaskMemFree (pv=0x1c089190) [0304.079] GetForegroundWindow () returned 0x100d4 [0304.079] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0304.080] EnumProcesses (in: lpidProcess=0x28c70d0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x28c70d0, lpcbNeeded=0x1be8f450) returned 1 [0304.080] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820fe8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12820fe8, ResultLength=0x1be8f3f0*=0xebc8) returned 0x0 [0304.081] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0304.081] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0304.081] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089190, nMaxCount=256 | out: lpString="FolderView") returned 10 [0304.082] CoTaskMemFree (pv=0x1c089190) [0304.141] GetForegroundWindow () returned 0x10080 [0304.141] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0304.141] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0304.141] CoTaskMemFree (pv=0x1c08ac60) [0304.142] GetForegroundWindow () returned 0x10080 [0304.142] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0304.143] EnumProcesses (in: lpidProcess=0x28e3930, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x28e3930, lpcbNeeded=0x1be8f450) returned 1 [0304.143] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12841018, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12841018, ResultLength=0x1be8f3f0*=0xebc8) returned 0x0 [0304.144] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0304.144] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0304.144] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0304.145] CoTaskMemFree (pv=0x1c0897c0) [0304.281] GetForegroundWindow () returned 0x10080 [0304.281] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0304.281] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0304.281] CoTaskMemFree (pv=0x1c089be0) [0304.282] GetForegroundWindow () returned 0x10080 [0304.282] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0304.283] EnumProcesses (in: lpidProcess=0x291c9c8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x291c9c8, lpcbNeeded=0x1be8f450) returned 1 [0304.283] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12881078, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12881078, ResultLength=0x1be8f3f0*=0xebc8) returned 0x0 [0304.284] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0304.284] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0304.284] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0304.284] CoTaskMemFree (pv=0x1c08a840) [0304.406] GetForegroundWindow () returned 0x100d4 [0304.406] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0304.406] EnumProcesses (in: lpidProcess=0x2939480, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2939480, lpcbNeeded=0x1be8f460) returned 1 [0304.407] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a10a8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x128a10a8, ResultLength=0x1be8f400*=0xebc8) returned 0x0 [0304.408] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0304.408] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0304.408] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0304.408] CoTaskMemFree (pv=0x1c0899d0) [0304.410] GetForegroundWindow () returned 0x10080 [0304.410] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0304.410] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0304.410] CoTaskMemFree (pv=0x1c0899d0) [0304.531] GetForegroundWindow () returned 0x10080 [0304.531] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0304.531] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0304.532] CoTaskMemFree (pv=0x1c089190) [0304.533] GetForegroundWindow () returned 0x10080 [0304.533] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0304.533] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0304.533] CoTaskMemFree (pv=0x1c08a000) [0305.647] GetForegroundWindow () returned 0x10080 [0305.647] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0305.648] EnumProcesses (in: lpidProcess=0x298f598, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x298f598, lpcbNeeded=0x1be8f460) returned 1 [0305.651] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x129bd8f0, ResultLength=0x1be8f400*=0xeb28) returned 0x0 [0305.667] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0305.667] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0305.667] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0305.667] CoTaskMemFree (pv=0x1c08a000) [0305.668] GetForegroundWindow () returned 0x100d4 [0305.669] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0305.669] EnumProcesses (in: lpidProcess=0x27c1e00, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x27c1e00, lpcbNeeded=0x1be8f450) returned 1 [0305.671] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x129dd920, ResultLength=0x1be8f3f0*=0xeb28) returned 0x0 [0305.673] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0305.673] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0305.673] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0305.673] CoTaskMemFree (pv=0x1c08aa50) [0305.808] GetForegroundWindow () returned 0x10080 [0305.808] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0305.808] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0305.808] CoTaskMemFree (pv=0x1c0893a0) [0305.809] GetForegroundWindow () returned 0x10080 [0305.809] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0305.809] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0305.810] CoTaskMemFree (pv=0x1c089df0) [0306.080] GetForegroundWindow () returned 0x10080 [0306.080] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0306.080] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0306.080] CoTaskMemFree (pv=0x1c08aa50) [0306.081] GetForegroundWindow () returned 0x10080 [0306.081] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0306.082] EnumProcesses (in: lpidProcess=0x2818368, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2818368, lpcbNeeded=0x1be8f450) returned 1 [0306.083] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1be8f3f0*=0xee60) returned 0x0 [0306.085] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0306.085] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0306.085] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0306.085] CoTaskMemFree (pv=0x1c089df0) [0306.156] GetForegroundWindow () returned 0x100d4 [0306.156] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0306.156] EnumProcesses (in: lpidProcess=0x2834c98, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2834c98, lpcbNeeded=0x1be8f460) returned 1 [0306.158] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1be8f400*=0xee60) returned 0x0 [0306.160] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0306.160] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0306.160] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0306.160] CoTaskMemFree (pv=0x1c0897c0) [0306.162] GetForegroundWindow () returned 0x10080 [0306.163] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0306.163] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0306.163] CoTaskMemFree (pv=0x1c08a000) [0306.392] GetForegroundWindow () returned 0x10080 [0306.392] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0306.392] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0306.392] CoTaskMemFree (pv=0x1c08a210) [0306.394] GetForegroundWindow () returned 0x10080 [0306.394] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0306.394] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0306.394] CoTaskMemFree (pv=0x1c089be0) [0306.588] GetForegroundWindow () returned 0x10080 [0306.588] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0306.588] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0306.589] CoTaskMemFree (pv=0x1c08a000) [0306.590] GetForegroundWindow () returned 0x100d4 [0306.590] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0306.590] EnumProcesses (in: lpidProcess=0x286f940, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x286f940, lpcbNeeded=0x1be8f450) returned 1 [0306.603] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x126b6e90, ResultLength=0x1be8f3f0*=0xf090) returned 0x0 [0306.604] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0306.604] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0306.604] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089190, nMaxCount=256 | out: lpString="FolderView") returned 10 [0306.604] CoTaskMemFree (pv=0x1c089190) [0306.785] GetForegroundWindow () returned 0x10080 [0306.785] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0306.785] EnumProcesses (in: lpidProcess=0x27fc798, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27fc798, lpcbNeeded=0x1be8f460) returned 1 [0306.786] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12740a78, ResultLength=0x1be8f400*=0xf130) returned 0x0 [0306.786] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0306.787] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0306.787] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0306.787] CoTaskMemFree (pv=0x1c08a420) [0306.788] GetForegroundWindow () returned 0x10080 [0306.788] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0306.788] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0306.788] CoTaskMemFree (pv=0x1c088f80) [0307.034] GetForegroundWindow () returned 0x10080 [0307.034] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0307.034] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0307.035] CoTaskMemFree (pv=0x1c08a630) [0307.036] GetForegroundWindow () returned 0x10080 [0307.036] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0307.036] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0307.036] CoTaskMemFree (pv=0x1c089df0) [0307.195] GetForegroundWindow () returned 0x100d4 [0307.195] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0307.195] EnumProcesses (in: lpidProcess=0x2838270, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2838270, lpcbNeeded=0x1be8f460) returned 1 [0307.196] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12780ad8, ResultLength=0x1be8f400*=0xf130) returned 0x0 [0307.197] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0307.197] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0307.197] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089190, nMaxCount=256 | out: lpString="FolderView") returned 10 [0307.197] CoTaskMemFree (pv=0x1c089190) [0307.198] GetForegroundWindow () returned 0x10080 [0307.199] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0307.199] EnumProcesses (in: lpidProcess=0x2855498, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2855498, lpcbNeeded=0x1be8f450) returned 1 [0307.199] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127a0b08, ResultLength=0x1be8f3f0*=0xf130) returned 0x0 [0307.200] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0307.200] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0307.200] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0307.201] CoTaskMemFree (pv=0x1c0897c0) [0307.352] GetForegroundWindow () returned 0x10080 [0307.352] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0307.352] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0307.352] CoTaskMemFree (pv=0x1c08a840) [0307.353] GetForegroundWindow () returned 0x10080 [0307.353] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0307.353] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0307.354] CoTaskMemFree (pv=0x1c08ac60) [0307.496] GetForegroundWindow () returned 0x10080 [0307.496] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0307.496] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0307.496] CoTaskMemFree (pv=0x1c08a840) [0307.497] GetForegroundWindow () returned 0x100d4 [0307.497] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0307.498] EnumProcesses (in: lpidProcess=0x2890ab0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2890ab0, lpcbNeeded=0x1be8f450) returned 1 [0307.498] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127e0b68, ResultLength=0x1be8f3f0*=0xf418) returned 0x0 [0307.499] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0307.499] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0307.499] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a420, nMaxCount=256 | out: lpString="FolderView") returned 10 [0307.500] CoTaskMemFree (pv=0x1c08a420) [0307.651] GetForegroundWindow () returned 0x10080 [0307.651] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0307.651] EnumProcesses (in: lpidProcess=0x28e8d60, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28e8d60, lpcbNeeded=0x1be8f460) returned 1 [0307.652] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12841018, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12841018, ResultLength=0x1be8f400*=0xf418) returned 0x0 [0307.653] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0307.653] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0307.653] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0307.653] CoTaskMemFree (pv=0x1c0895b0) [0307.654] GetForegroundWindow () returned 0x10080 [0307.654] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0307.654] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0307.655] CoTaskMemFree (pv=0x1c08a210) [0307.788] GetForegroundWindow () returned 0x10080 [0307.788] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0307.788] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0307.789] CoTaskMemFree (pv=0x1c08aa50) [0307.790] GetForegroundWindow () returned 0x10080 [0307.790] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0307.790] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0307.790] CoTaskMemFree (pv=0x1c0893a0) [0307.914] GetForegroundWindow () returned 0x100d4 [0307.915] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0307.915] EnumProcesses (in: lpidProcess=0x2924c90, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2924c90, lpcbNeeded=0x1be8f460) returned 1 [0307.916] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12881078, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12881078, ResultLength=0x1be8f400*=0xf558) returned 0x0 [0307.916] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0307.917] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0307.917] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a000, nMaxCount=256 | out: lpString="FolderView") returned 10 [0307.917] CoTaskMemFree (pv=0x1c08a000) [0307.918] GetForegroundWindow () returned 0x10080 [0307.918] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0307.918] EnumProcesses (in: lpidProcess=0x2942570, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2942570, lpcbNeeded=0x1be8f450) returned 1 [0307.919] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a10a8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x128a10a8, ResultLength=0x1be8f3f0*=0xf558) returned 0x0 [0307.919] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0307.920] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0307.920] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0307.920] CoTaskMemFree (pv=0x1c0893a0) [0308.148] GetForegroundWindow () returned 0x10080 [0308.148] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0308.148] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0308.149] CoTaskMemFree (pv=0x1c08a420) [0308.150] GetLastInputInfo (in: plii=0x1be8f580 | out: plii=0x1be8f580*(cbSize=0x8, dwTime=0x25819)) returned 1 [0308.151] GetForegroundWindow () returned 0x10080 [0308.151] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0308.151] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0308.151] CoTaskMemFree (pv=0x1c089df0) [0308.290] GetForegroundWindow () returned 0x10080 [0308.290] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0308.290] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0308.291] CoTaskMemFree (pv=0x1c0895b0) [0308.291] GetForegroundWindow () returned 0x100d4 [0308.292] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0308.292] EnumProcesses (in: lpidProcess=0x297ea00, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x297ea00, lpcbNeeded=0x1be8f450) returned 1 [0308.293] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x1299d8c0, ResultLength=0x1be8f3f0*=0xf840) returned 0x0 [0308.293] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0308.293] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0308.293] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a000, nMaxCount=256 | out: lpString="FolderView") returned 10 [0308.294] CoTaskMemFree (pv=0x1c08a000) [0308.605] GetForegroundWindow () returned 0x10080 [0308.606] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0308.606] EnumProcesses (in: lpidProcess=0x27ea2d8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27ea2d8, lpcbNeeded=0x1be8f460) returned 1 [0308.608] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x129fd950, ResultLength=0x1be8f400*=0xf8e0) returned 0x0 [0308.609] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0308.609] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0308.609] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0308.609] CoTaskMemFree (pv=0x1c08aa50) [0308.611] GetForegroundWindow () returned 0x10080 [0308.611] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0308.611] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0308.611] CoTaskMemFree (pv=0x1c089df0) [0308.726] GetForegroundWindow () returned 0x10080 [0308.726] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0308.726] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0308.726] CoTaskMemFree (pv=0x1c089df0) [0308.727] GetForegroundWindow () returned 0x10080 [0308.727] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0308.727] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0308.728] CoTaskMemFree (pv=0x1c08a210) [0308.861] GetForegroundWindow () returned 0x100d4 [0308.861] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0308.861] EnumProcesses (in: lpidProcess=0x28271f8, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28271f8, lpcbNeeded=0x1be8f460) returned 1 [0308.863] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1be8f400*=0xfa70) returned 0x0 [0308.865] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0308.865] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0308.865] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089190, nMaxCount=256 | out: lpString="FolderView") returned 10 [0308.865] CoTaskMemFree (pv=0x1c089190) [0308.935] GetForegroundWindow () returned 0x10080 [0308.935] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0308.936] EnumProcesses (in: lpidProcess=0x28453a8, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x28453a8, lpcbNeeded=0x1be8f450) returned 1 [0308.937] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1be8f3f0*=0xfa70) returned 0x0 [0308.939] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0308.939] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0308.939] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0308.939] CoTaskMemFree (pv=0x1c08a630) [0309.150] GetForegroundWindow () returned 0x10080 [0309.150] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0309.150] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0309.150] CoTaskMemFree (pv=0x1c088f80) [0309.151] GetForegroundWindow () returned 0x10080 [0309.152] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0309.152] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0309.152] CoTaskMemFree (pv=0x1c0893a0) [0309.285] GetForegroundWindow () returned 0x10080 [0309.286] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0309.286] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0309.286] CoTaskMemFree (pv=0x1c08aa50) [0309.287] GetForegroundWindow () returned 0x100d4 [0309.287] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0309.287] EnumProcesses (in: lpidProcess=0x2882798, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2882798, lpcbNeeded=0x1be8f450) returned 1 [0309.303] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x126b6e90, ResultLength=0x1be8f3f0*=0xfb10) returned 0x0 [0309.304] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0309.304] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0309.304] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0309.304] CoTaskMemFree (pv=0x1c0899d0) [0309.414] GetForegroundWindow () returned 0x10080 [0309.414] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0309.414] EnumProcesses (in: lpidProcess=0x27ffa60, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x27ffa60, lpcbNeeded=0x1be8f460) returned 1 [0309.415] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12740a78, ResultLength=0x1be8f400*=0xfb60) returned 0x0 [0309.415] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0309.416] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0309.416] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0309.416] CoTaskMemFree (pv=0x1c089df0) [0309.417] GetForegroundWindow () returned 0x10080 [0309.417] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0309.417] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0309.417] CoTaskMemFree (pv=0x1c08ac60) [0309.540] GetForegroundWindow () returned 0x10080 [0309.540] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0309.540] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0309.540] CoTaskMemFree (pv=0x1c088f80) [0309.541] GetForegroundWindow () returned 0x10080 [0309.541] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0309.541] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0309.541] CoTaskMemFree (pv=0x1c08ac60) [0309.663] GetForegroundWindow () returned 0x100d4 [0309.663] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0309.664] EnumProcesses (in: lpidProcess=0x283d1c0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x283d1c0, lpcbNeeded=0x1be8f460) returned 1 [0309.665] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12780ad8, ResultLength=0x1be8f400*=0xfbb0) returned 0x0 [0309.666] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0309.666] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0309.666] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a420, nMaxCount=256 | out: lpString="FolderView") returned 10 [0309.666] CoTaskMemFree (pv=0x1c08a420) [0309.668] GetForegroundWindow () returned 0x10080 [0309.668] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0309.668] EnumProcesses (in: lpidProcess=0x285b5b0, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x285b5b0, lpcbNeeded=0x1be8f450) returned 1 [0309.669] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127a0b08, ResultLength=0x1be8f3f0*=0xfbb0) returned 0x0 [0309.670] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0309.670] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0309.670] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0309.670] CoTaskMemFree (pv=0x1c089be0) [0309.789] GetForegroundWindow () returned 0x10080 [0309.789] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0309.789] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0309.789] CoTaskMemFree (pv=0x1c0899d0) [0309.790] GetForegroundWindow () returned 0x10080 [0309.791] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0309.791] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0309.791] CoTaskMemFree (pv=0x1c08aa50) [0309.915] GetForegroundWindow () returned 0x10080 [0309.915] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0309.915] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0309.916] CoTaskMemFree (pv=0x1c08aa50) [0309.917] GetForegroundWindow () returned 0x100d4 [0309.917] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x650 [0309.917] EnumProcesses (in: lpidProcess=0x2898d90, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x2898d90, lpcbNeeded=0x1be8f450) returned 1 [0309.918] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x127e0b68, ResultLength=0x1be8f3f0*=0xfbb0) returned 0x0 [0309.919] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0309.919] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0309.919] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0309.919] CoTaskMemFree (pv=0x1c08aa50) [0310.039] GetForegroundWindow () returned 0x10080 [0310.039] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0310.039] EnumProcesses (in: lpidProcess=0x28f3950, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x28f3950, lpcbNeeded=0x1be8f460) returned 1 [0310.040] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12841018, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12841018, ResultLength=0x1be8f400*=0xfbb0) returned 0x0 [0310.041] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0310.041] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0310.041] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0310.041] CoTaskMemFree (pv=0x1c0899d0) [0310.042] GetForegroundWindow () returned 0x10080 [0310.042] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0310.042] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0310.042] CoTaskMemFree (pv=0x1c0893a0) [0310.164] GetForegroundWindow () returned 0x10080 [0310.164] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0310.164] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0310.164] CoTaskMemFree (pv=0x1c08aa50) [0310.165] GetLastInputInfo (in: plii=0x1be8f580 | out: plii=0x1be8f580*(cbSize=0x8, dwTime=0x25819)) returned 1 [0310.166] GetForegroundWindow () returned 0x10080 [0310.166] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0310.166] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0310.167] CoTaskMemFree (pv=0x1c088f80) [0310.304] GetForegroundWindow () returned 0x100d4 [0310.304] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x650 [0310.305] EnumProcesses (in: lpidProcess=0x2931188, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x2931188, lpcbNeeded=0x1be8f460) returned 1 [0310.305] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12881078, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x12881078, ResultLength=0x1be8f400*=0xfbb0) returned 0x0 [0310.306] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0310.306] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0310.306] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0310.307] CoTaskMemFree (pv=0x1c0893a0) [0310.308] GetForegroundWindow () returned 0x10080 [0310.308] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f530 | out: lpdwProcessId=0x1be8f530) returned 0x67c [0310.308] EnumProcesses (in: lpidProcess=0x294f578, cb=0x400, lpcbNeeded=0x1be8f450 | out: lpidProcess=0x294f578, lpcbNeeded=0x1be8f450) returned 1 [0310.309] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a10a8, Length=0x20000, ResultLength=0x1be8f3f0 | out: SystemInformation=0x128a10a8, ResultLength=0x1be8f3f0*=0xfbb0) returned 0x0 [0310.309] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0310.310] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0310.310] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0310.310] CoTaskMemFree (pv=0x1c0895b0) [0310.398] GetForegroundWindow () returned 0x10080 [0310.398] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1be8f540 | out: lpdwProcessId=0x1be8f540) returned 0x67c [0310.398] EnumProcesses (in: lpidProcess=0x296d9d0, cb=0x400, lpcbNeeded=0x1be8f460 | out: lpidProcess=0x296d9d0, lpcbNeeded=0x1be8f460) returned 1 [0310.399] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c10d8, Length=0x20000, ResultLength=0x1be8f400 | out: SystemInformation=0x128c10d8, ResultLength=0x1be8f400*=0xfbb0) returned 0x0 [0310.400] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0310.400] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0310.400] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0310.400] CoTaskMemFree (pv=0x1c0895b0) [0310.402] GetForegroundWindow () returned 0x10080 [0310.402] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0310.402] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0310.402] CoTaskMemFree (pv=0x1c089df0) Thread: id = 19 os_tid = 0x5cc [0227.555] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0227.561] GetForegroundWindow () returned 0x10080 [0227.561] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0227.561] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0227.561] CoTaskMemFree (pv=0x5d3a00) [0227.561] GetForegroundWindow () returned 0x10080 [0227.561] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0227.561] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0227.562] CoTaskMemFree (pv=0x5d3a00) [0227.562] GetForegroundWindow () returned 0x10080 [0227.562] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0227.562] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0227.562] CoTaskMemFree (pv=0x5d3a00) [0227.562] GetForegroundWindow () returned 0x10080 [0227.562] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0227.562] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0227.562] CoTaskMemFree (pv=0x5d3a00) [0227.563] GetForegroundWindow () returned 0x100d4 [0227.563] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0227.563] EnumProcesses (in: lpidProcess=0x28062a8, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28062a8, lpcbNeeded=0x1c36f3e0) returned 1 [0227.566] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a60, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12720a60, ResultLength=0x1c36f380*=0xfb98) returned 0x0 [0227.578] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0227.578] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0227.578] GetWindowTextW (in: hWnd=0x100d4, lpString=0x5d3a00, nMaxCount=256 | out: lpString="FolderView") returned 10 [0227.579] CoTaskMemFree (pv=0x5d3a00) [0227.579] GetForegroundWindow () returned 0x10080 [0227.579] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0227.579] EnumProcesses (in: lpidProcess=0x2824618, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2824618, lpcbNeeded=0x1c36f3e0) returned 1 [0227.580] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a90, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12740a90, ResultLength=0x1c36f380*=0xfb98) returned 0x0 [0227.594] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0227.594] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0227.594] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0227.594] CoTaskMemFree (pv=0x5d3a00) [0227.595] GetForegroundWindow () returned 0x10080 [0227.595] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0227.595] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0227.595] CoTaskMemFree (pv=0x5d3a00) [0227.655] GetForegroundWindow () returned 0x10080 [0227.656] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0227.656] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0227.656] CoTaskMemFree (pv=0x5d3a00) [0227.862] GetLastInputInfo (in: plii=0x1c36f500 | out: plii=0x1c36f500*(cbSize=0x8, dwTime=0x11c9b)) returned 1 [0228.150] GetForegroundWindow () returned 0x10080 [0228.152] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0228.152] EnumProcesses (in: lpidProcess=0x2849f88, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2849f88, lpcbNeeded=0x1c36f3d0) returned 1 [0228.154] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760ac0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12760ac0, ResultLength=0x1c36f370*=0xfb98) returned 0x0 [0228.227] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0228.229] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.229] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.229] CoTaskMemFree (pv=0x5d3a00) [0228.230] GetForegroundWindow () returned 0x100d4 [0228.230] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0228.230] EnumProcesses (in: lpidProcess=0x28682e8, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28682e8, lpcbNeeded=0x1c36f3e0) returned 1 [0228.233] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780af0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12780af0, ResultLength=0x1c36f380*=0xfb48) returned 0x0 [0228.242] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0228.242] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.242] GetWindowTextW (in: hWnd=0x100d4, lpString=0x5d3a00, nMaxCount=256 | out: lpString="FolderView") returned 10 [0228.242] CoTaskMemFree (pv=0x5d3a00) [0228.242] GetForegroundWindow () returned 0x10080 [0228.242] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0228.243] EnumProcesses (in: lpidProcess=0x28865c8, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28865c8, lpcbNeeded=0x1c36f3e0) returned 1 [0228.244] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b20, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x127a0b20, ResultLength=0x1c36f380*=0xfb48) returned 0x0 [0228.255] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0228.255] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.255] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.256] CoTaskMemFree (pv=0x5d3a00) [0228.256] GetForegroundWindow () returned 0x10080 [0228.256] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.256] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.256] CoTaskMemFree (pv=0x5d3a00) [0228.256] GetForegroundWindow () returned 0x10080 [0228.257] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.257] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.257] CoTaskMemFree (pv=0x5d3a00) [0228.257] GetForegroundWindow () returned 0x10080 [0228.258] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.258] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.258] CoTaskMemFree (pv=0x5d3a00) [0228.258] GetForegroundWindow () returned 0x100d4 [0228.258] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0228.258] EnumProcesses (in: lpidProcess=0x28a50a8, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28a50a8, lpcbNeeded=0x1c36f3e0) returned 1 [0228.259] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b50, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x127c0b50, ResultLength=0x1c36f380*=0xfb48) returned 0x0 [0228.271] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0228.271] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.271] GetWindowTextW (in: hWnd=0x100d4, lpString=0x5d3a00, nMaxCount=256 | out: lpString="FolderView") returned 10 [0228.271] CoTaskMemFree (pv=0x5d3a00) [0228.271] GetForegroundWindow () returned 0x10080 [0228.271] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.271] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.272] CoTaskMemFree (pv=0x5d3a00) [0228.272] GetForegroundWindow () returned 0x10080 [0228.272] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0228.272] EnumProcesses (in: lpidProcess=0x28c3638, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28c3638, lpcbNeeded=0x1c36f3e0) returned 1 [0228.320] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b80, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x127e0b80, ResultLength=0x1c36f380*=0xfb48) returned 0x0 [0228.329] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0228.329] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.329] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.329] CoTaskMemFree (pv=0x5d3a00) [0228.330] GetForegroundWindow () returned 0x10080 [0228.330] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.330] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.330] CoTaskMemFree (pv=0x5d3a00) [0228.330] GetForegroundWindow () returned 0x10080 [0228.330] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.330] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.330] CoTaskMemFree (pv=0x5d3a00) [0228.330] GetForegroundWindow () returned 0x100d4 [0228.330] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0228.330] EnumProcesses (in: lpidProcess=0x28e1e88, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28e1e88, lpcbNeeded=0x1c36f3d0) returned 1 [0228.332] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800bb0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12800bb0, ResultLength=0x1c36f370*=0xfb48) returned 0x0 [0228.340] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0228.341] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.341] GetWindowTextW (in: hWnd=0x100d4, lpString=0x5d3a00, nMaxCount=256 | out: lpString="FolderView") returned 10 [0228.341] CoTaskMemFree (pv=0x5d3a00) [0228.341] GetForegroundWindow () returned 0x10080 [0228.341] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.341] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.341] CoTaskMemFree (pv=0x5d3a00) [0228.341] GetForegroundWindow () returned 0x10080 [0228.341] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0228.342] EnumProcesses (in: lpidProcess=0x2900418, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2900418, lpcbNeeded=0x1c36f3d0) returned 1 [0228.342] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820be0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12820be0, ResultLength=0x1c36f370*=0xfb48) returned 0x0 [0228.351] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0228.351] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.351] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.351] CoTaskMemFree (pv=0x5d3a00) [0228.352] GetForegroundWindow () returned 0x10080 [0228.352] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.352] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.352] CoTaskMemFree (pv=0x5d3a00) [0228.352] GetForegroundWindow () returned 0x10080 [0228.352] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.352] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.352] CoTaskMemFree (pv=0x5d3a00) [0228.353] GetForegroundWindow () returned 0x100d4 [0228.353] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0228.353] EnumProcesses (in: lpidProcess=0x291eca8, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x291eca8, lpcbNeeded=0x1c36f3e0) returned 1 [0228.354] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12840c10, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12840c10, ResultLength=0x1c36f380*=0xfb48) returned 0x0 [0228.403] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0228.403] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.404] GetWindowTextW (in: hWnd=0x100d4, lpString=0x5d3a00, nMaxCount=256 | out: lpString="FolderView") returned 10 [0228.404] CoTaskMemFree (pv=0x5d3a00) [0228.404] GetForegroundWindow () returned 0x10080 [0228.404] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.404] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.404] CoTaskMemFree (pv=0x5d3a00) [0228.405] GetForegroundWindow () returned 0x10080 [0228.405] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0228.405] EnumProcesses (in: lpidProcess=0x27ad9f0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27ad9f0, lpcbNeeded=0x1c36f3e0) returned 1 [0228.408] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12860c40, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12860c40, ResultLength=0x1c36f380*=0xfb48) returned 0x0 [0228.416] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0228.416] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.416] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.416] CoTaskMemFree (pv=0x5d3a00) [0228.416] GetForegroundWindow () returned 0x10080 [0228.417] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.417] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.417] CoTaskMemFree (pv=0x5d3a00) [0228.417] GetForegroundWindow () returned 0x10080 [0228.417] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.417] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.417] CoTaskMemFree (pv=0x5d3a00) [0228.417] GetForegroundWindow () returned 0x100d4 [0228.418] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0228.418] EnumProcesses (in: lpidProcess=0x27cc220, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27cc220, lpcbNeeded=0x1c36f3d0) returned 1 [0228.419] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12880c70, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12880c70, ResultLength=0x1c36f370*=0xfb48) returned 0x0 [0228.426] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0228.426] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.426] GetWindowTextW (in: hWnd=0x100d4, lpString=0x5d3a00, nMaxCount=256 | out: lpString="FolderView") returned 10 [0228.426] CoTaskMemFree (pv=0x5d3a00) [0228.427] GetForegroundWindow () returned 0x10080 [0228.427] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.427] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.427] CoTaskMemFree (pv=0x5d3a00) [0228.427] GetForegroundWindow () returned 0x10080 [0228.427] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0228.427] EnumProcesses (in: lpidProcess=0x27eb030, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27eb030, lpcbNeeded=0x1c36f3d0) returned 1 [0228.428] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a0ca0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x128a0ca0, ResultLength=0x1c36f370*=0xfb48) returned 0x0 [0228.439] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0228.439] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.439] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.439] CoTaskMemFree (pv=0x5d3a00) [0228.439] GetForegroundWindow () returned 0x10080 [0228.439] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.439] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.440] CoTaskMemFree (pv=0x5d3a00) [0228.440] GetForegroundWindow () returned 0x10080 [0228.440] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.440] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.440] CoTaskMemFree (pv=0x5d3a00) [0228.440] GetForegroundWindow () returned 0x100d4 [0228.440] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0228.440] EnumProcesses (in: lpidProcess=0x2809860, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2809860, lpcbNeeded=0x1c36f3e0) returned 1 [0228.441] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c0cd0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x128c0cd0, ResultLength=0x1c36f380*=0xfb48) returned 0x0 [0228.447] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0228.447] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.447] GetWindowTextW (in: hWnd=0x100d4, lpString=0x5d3a00, nMaxCount=256 | out: lpString="FolderView") returned 10 [0228.447] CoTaskMemFree (pv=0x5d3a00) [0228.447] GetForegroundWindow () returned 0x10080 [0228.447] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.447] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.447] CoTaskMemFree (pv=0x5d3a00) [0228.448] GetForegroundWindow () returned 0x10080 [0228.448] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0228.448] EnumProcesses (in: lpidProcess=0x2827df0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2827df0, lpcbNeeded=0x1c36f3e0) returned 1 [0228.449] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x1299d8c0, ResultLength=0x1c36f380*=0xfb48) returned 0x0 [0228.455] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0228.455] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.455] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.455] CoTaskMemFree (pv=0x5d3a00) [0228.455] GetForegroundWindow () returned 0x10080 [0228.455] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.455] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.455] CoTaskMemFree (pv=0x5d3a00) [0228.455] GetForegroundWindow () returned 0x10080 [0228.455] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.456] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.456] CoTaskMemFree (pv=0x5d3a00) [0228.456] GetForegroundWindow () returned 0x100d4 [0228.456] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0228.456] EnumProcesses (in: lpidProcess=0x2846620, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2846620, lpcbNeeded=0x1c36f3d0) returned 1 [0228.457] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x129bd8f0, ResultLength=0x1c36f370*=0xfb48) returned 0x0 [0228.466] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0228.466] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.466] GetWindowTextW (in: hWnd=0x100d4, lpString=0x5d3a00, nMaxCount=256 | out: lpString="FolderView") returned 10 [0228.466] CoTaskMemFree (pv=0x5d3a00) [0228.466] GetForegroundWindow () returned 0x10080 [0228.466] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.466] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.466] CoTaskMemFree (pv=0x5d3a00) [0228.466] GetForegroundWindow () returned 0x10080 [0228.467] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0228.467] EnumProcesses (in: lpidProcess=0x2864bb0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2864bb0, lpcbNeeded=0x1c36f3d0) returned 1 [0228.468] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x129dd920, ResultLength=0x1c36f370*=0xfb48) returned 0x0 [0228.518] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0228.518] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.518] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.518] CoTaskMemFree (pv=0x5d3a00) [0228.518] GetForegroundWindow () returned 0x10080 [0228.519] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.519] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.519] CoTaskMemFree (pv=0x5d3a00) [0228.519] GetForegroundWindow () returned 0x10080 [0228.519] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.519] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.519] CoTaskMemFree (pv=0x5d3a00) [0228.519] GetForegroundWindow () returned 0x100d4 [0228.519] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0228.519] EnumProcesses (in: lpidProcess=0x2883800, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2883800, lpcbNeeded=0x1c36f3e0) returned 1 [0228.521] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129fd950, ResultLength=0x1c36f380*=0xfb48) returned 0x0 [0228.528] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0228.529] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.529] GetWindowTextW (in: hWnd=0x100d4, lpString=0x5d3a00, nMaxCount=256 | out: lpString="FolderView") returned 10 [0228.529] CoTaskMemFree (pv=0x5d3a00) [0228.529] GetForegroundWindow () returned 0x10080 [0228.529] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.529] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.529] CoTaskMemFree (pv=0x5d3a00) [0228.529] GetForegroundWindow () returned 0x10080 [0228.530] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0228.530] EnumProcesses (in: lpidProcess=0x28a1d90, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28a1d90, lpcbNeeded=0x1c36f3e0) returned 1 [0228.531] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12a1d980, ResultLength=0x1c36f380*=0xfb48) returned 0x0 [0228.539] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0228.539] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.539] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.540] CoTaskMemFree (pv=0x5d3a00) [0228.540] GetForegroundWindow () returned 0x10080 [0228.540] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.540] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.540] CoTaskMemFree (pv=0x5d3a00) [0228.540] GetForegroundWindow () returned 0x10080 [0228.540] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.540] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.541] CoTaskMemFree (pv=0x5d3a00) [0228.541] GetLastInputInfo (in: plii=0x1c36f500 | out: plii=0x1c36f500*(cbSize=0x8, dwTime=0x11c9b)) returned 1 [0228.541] GetForegroundWindow () returned 0x100d4 [0228.541] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0228.541] EnumProcesses (in: lpidProcess=0x28c0668, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28c0668, lpcbNeeded=0x1c36f3d0) returned 1 [0228.543] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1c36f370*=0xfb48) returned 0x0 [0228.550] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0228.550] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.550] GetWindowTextW (in: hWnd=0x100d4, lpString=0x5d3a00, nMaxCount=256 | out: lpString="FolderView") returned 10 [0228.550] CoTaskMemFree (pv=0x5d3a00) [0228.550] GetForegroundWindow () returned 0x10080 [0228.550] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.550] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.550] CoTaskMemFree (pv=0x5d3a00) [0228.551] GetForegroundWindow () returned 0x10080 [0228.551] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0228.551] EnumProcesses (in: lpidProcess=0x28debf8, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28debf8, lpcbNeeded=0x1c36f3d0) returned 1 [0228.552] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1c36f370*=0xfb48) returned 0x0 [0228.607] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0228.607] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.607] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.608] CoTaskMemFree (pv=0x5d3a00) [0228.608] GetForegroundWindow () returned 0x10080 [0228.608] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.608] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.608] CoTaskMemFree (pv=0x5d3a00) [0228.608] GetForegroundWindow () returned 0x10080 [0228.608] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.608] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.608] CoTaskMemFree (pv=0x5d3a00) [0228.609] GetForegroundWindow () returned 0x100d4 [0228.609] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0228.609] EnumProcesses (in: lpidProcess=0x28fd9e0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28fd9e0, lpcbNeeded=0x1c36f3e0) returned 1 [0228.650] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x126b6e90, ResultLength=0x1c36f380*=0xfb48) returned 0x0 [0228.653] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0228.653] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.653] GetWindowTextW (in: hWnd=0x100d4, lpString=0x5d3a00, nMaxCount=256 | out: lpString="FolderView") returned 10 [0228.653] CoTaskMemFree (pv=0x5d3a00) [0228.654] GetForegroundWindow () returned 0x10080 [0228.654] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.654] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.654] CoTaskMemFree (pv=0x5d3a00) [0228.654] GetForegroundWindow () returned 0x10080 [0228.654] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0228.654] EnumProcesses (in: lpidProcess=0x27b5548, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27b5548, lpcbNeeded=0x1c36f3e0) returned 1 [0228.655] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12700a18, ResultLength=0x1c36f380*=0xfb48) returned 0x0 [0228.660] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0228.660] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.661] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.661] CoTaskMemFree (pv=0x5d3a00) [0228.661] GetForegroundWindow () returned 0x10080 [0228.661] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.661] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.661] CoTaskMemFree (pv=0x5d3a00) [0228.661] GetForegroundWindow () returned 0x10080 [0228.661] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.661] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.661] CoTaskMemFree (pv=0x5d3a00) [0228.662] GetForegroundWindow () returned 0x100d4 [0228.662] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0228.662] EnumProcesses (in: lpidProcess=0x27d4518, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27d4518, lpcbNeeded=0x1c36f3d0) returned 1 [0228.662] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12720a48, ResultLength=0x1c36f370*=0xfb48) returned 0x0 [0228.712] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0228.712] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.713] GetWindowTextW (in: hWnd=0x100d4, lpString=0x5d3a00, nMaxCount=256 | out: lpString="FolderView") returned 10 [0228.713] CoTaskMemFree (pv=0x5d3a00) [0228.713] GetForegroundWindow () returned 0x10080 [0228.713] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.713] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.713] CoTaskMemFree (pv=0x5d3a00) [0228.713] GetForegroundWindow () returned 0x10080 [0228.713] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0228.713] EnumProcesses (in: lpidProcess=0x27f2ba8, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27f2ba8, lpcbNeeded=0x1c36f3d0) returned 1 [0228.715] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12740a78, ResultLength=0x1c36f370*=0xfb48) returned 0x0 [0228.720] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0228.720] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.720] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.721] CoTaskMemFree (pv=0x5d3a00) [0228.721] GetForegroundWindow () returned 0x10080 [0228.721] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.721] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.721] CoTaskMemFree (pv=0x5d3a00) [0228.721] GetForegroundWindow () returned 0x10080 [0228.721] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.721] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.721] CoTaskMemFree (pv=0x5d3a00) [0228.722] GetForegroundWindow () returned 0x100d4 [0228.722] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0228.722] EnumProcesses (in: lpidProcess=0x28113d8, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28113d8, lpcbNeeded=0x1c36f3e0) returned 1 [0228.722] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12760aa8, ResultLength=0x1c36f380*=0xfb48) returned 0x0 [0228.728] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0228.728] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.728] GetWindowTextW (in: hWnd=0x100d4, lpString=0x5d3a00, nMaxCount=256 | out: lpString="FolderView") returned 10 [0228.728] CoTaskMemFree (pv=0x5d3a00) [0228.729] GetForegroundWindow () returned 0x10080 [0228.729] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.729] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.729] CoTaskMemFree (pv=0x5d3a00) [0228.729] GetForegroundWindow () returned 0x10080 [0228.729] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0228.729] EnumProcesses (in: lpidProcess=0x282f968, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x282f968, lpcbNeeded=0x1c36f3e0) returned 1 [0228.730] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12780ad8, ResultLength=0x1c36f380*=0xfb48) returned 0x0 [0228.735] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0228.735] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.735] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.735] CoTaskMemFree (pv=0x5d3a00) [0228.735] GetForegroundWindow () returned 0x10080 [0228.735] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.736] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.736] CoTaskMemFree (pv=0x5d3a00) [0228.736] GetForegroundWindow () returned 0x10080 [0228.736] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.736] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.736] CoTaskMemFree (pv=0x5d3a00) [0228.736] GetForegroundWindow () returned 0x100d4 [0228.736] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0228.736] EnumProcesses (in: lpidProcess=0x284e198, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x284e198, lpcbNeeded=0x1c36f3d0) returned 1 [0228.737] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x127a0b08, ResultLength=0x1c36f370*=0xfb48) returned 0x0 [0228.779] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0228.779] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.779] GetWindowTextW (in: hWnd=0x100d4, lpString=0x5d3a00, nMaxCount=256 | out: lpString="FolderView") returned 10 [0228.779] CoTaskMemFree (pv=0x5d3a00) [0228.779] GetForegroundWindow () returned 0x10080 [0228.780] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.780] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.780] CoTaskMemFree (pv=0x5d3a00) [0228.780] GetForegroundWindow () returned 0x10080 [0228.780] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0228.780] EnumProcesses (in: lpidProcess=0x286d958, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x286d958, lpcbNeeded=0x1c36f3d0) returned 1 [0228.781] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x127c0b38, ResultLength=0x1c36f370*=0xfb48) returned 0x0 [0228.787] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0228.787] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.787] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.787] CoTaskMemFree (pv=0x5d3a00) [0228.787] GetForegroundWindow () returned 0x10080 [0228.787] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.787] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.787] CoTaskMemFree (pv=0x5d3a00) [0228.788] GetForegroundWindow () returned 0x10080 [0228.788] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.788] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.788] CoTaskMemFree (pv=0x5d3a00) [0228.789] GetForegroundWindow () returned 0x100d4 [0228.789] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0228.789] EnumProcesses (in: lpidProcess=0x288c188, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x288c188, lpcbNeeded=0x1c36f3e0) returned 1 [0228.790] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x127e0b68, ResultLength=0x1c36f380*=0xfb48) returned 0x0 [0228.796] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0228.796] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.796] GetWindowTextW (in: hWnd=0x100d4, lpString=0x5d3a00, nMaxCount=256 | out: lpString="FolderView") returned 10 [0228.796] CoTaskMemFree (pv=0x5d3a00) [0228.796] GetForegroundWindow () returned 0x10080 [0228.796] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.796] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.796] CoTaskMemFree (pv=0x5d3a00) [0228.797] GetForegroundWindow () returned 0x10080 [0228.797] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0228.797] EnumProcesses (in: lpidProcess=0x28aa718, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28aa718, lpcbNeeded=0x1c36f3e0) returned 1 [0228.797] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800b98, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12800b98, ResultLength=0x1c36f380*=0xfb48) returned 0x0 [0228.803] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0228.803] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.803] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.803] CoTaskMemFree (pv=0x5d3a00) [0228.803] GetForegroundWindow () returned 0x10080 [0228.803] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.803] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.804] CoTaskMemFree (pv=0x5d3a00) [0228.804] GetForegroundWindow () returned 0x10080 [0228.804] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.804] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.804] CoTaskMemFree (pv=0x5d3a00) [0228.804] GetForegroundWindow () returned 0x100d4 [0228.804] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0228.805] EnumProcesses (in: lpidProcess=0x28c8f48, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28c8f48, lpcbNeeded=0x1c36f3d0) returned 1 [0228.805] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820bc8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12820bc8, ResultLength=0x1c36f370*=0xfb48) returned 0x0 [0228.811] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0228.811] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.811] GetWindowTextW (in: hWnd=0x100d4, lpString=0x5d3a00, nMaxCount=256 | out: lpString="FolderView") returned 10 [0228.811] CoTaskMemFree (pv=0x5d3a00) [0228.811] GetForegroundWindow () returned 0x10080 [0228.811] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.812] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.812] CoTaskMemFree (pv=0x5d3a00) [0228.812] GetForegroundWindow () returned 0x10080 [0228.812] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0228.812] EnumProcesses (in: lpidProcess=0x28e74d8, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28e74d8, lpcbNeeded=0x1c36f3d0) returned 1 [0228.813] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12840bf8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12840bf8, ResultLength=0x1c36f370*=0xfb48) returned 0x0 [0228.818] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0228.818] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.818] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.819] CoTaskMemFree (pv=0x5d3a00) [0228.819] GetForegroundWindow () returned 0x10080 [0228.819] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.819] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.819] CoTaskMemFree (pv=0x5d3a00) [0228.867] GetForegroundWindow () returned 0x10080 [0228.868] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.868] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.868] CoTaskMemFree (pv=0x5d3a00) [0228.868] GetForegroundWindow () returned 0x100d4 [0228.868] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0228.868] EnumProcesses (in: lpidProcess=0x2907010, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2907010, lpcbNeeded=0x1c36f3e0) returned 1 [0228.870] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12860c28, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12860c28, ResultLength=0x1c36f380*=0xfb48) returned 0x0 [0228.875] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0228.875] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.875] GetWindowTextW (in: hWnd=0x100d4, lpString=0x5d3a00, nMaxCount=256 | out: lpString="FolderView") returned 10 [0228.875] CoTaskMemFree (pv=0x5d3a00) [0228.875] GetForegroundWindow () returned 0x10080 [0228.875] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.875] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.876] CoTaskMemFree (pv=0x5d3a00) [0228.876] GetForegroundWindow () returned 0x10080 [0228.876] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0228.876] EnumProcesses (in: lpidProcess=0x2925600, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2925600, lpcbNeeded=0x1c36f3e0) returned 1 [0228.877] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12880c58, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12880c58, ResultLength=0x1c36f380*=0xfb48) returned 0x0 [0228.885] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0228.885] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.885] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.885] CoTaskMemFree (pv=0x5d3a00) [0228.886] GetLastInputInfo (in: plii=0x1c36f500 | out: plii=0x1c36f500*(cbSize=0x8, dwTime=0x11c9b)) returned 1 [0228.886] GetForegroundWindow () returned 0x10080 [0228.886] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.886] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.886] CoTaskMemFree (pv=0x5d3a00) [0228.886] GetForegroundWindow () returned 0x10080 [0228.886] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.886] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.887] CoTaskMemFree (pv=0x5d3a00) [0228.887] GetForegroundWindow () returned 0x100d4 [0228.887] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0228.887] EnumProcesses (in: lpidProcess=0x2943e78, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2943e78, lpcbNeeded=0x1c36f3d0) returned 1 [0228.888] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a0c88, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x128a0c88, ResultLength=0x1c36f370*=0xfb48) returned 0x0 [0228.902] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0228.902] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.903] GetWindowTextW (in: hWnd=0x100d4, lpString=0x5d3a00, nMaxCount=256 | out: lpString="FolderView") returned 10 [0228.903] CoTaskMemFree (pv=0x5d3a00) [0228.903] GetForegroundWindow () returned 0x10080 [0228.903] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.903] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.903] CoTaskMemFree (pv=0x5d3a00) [0228.904] GetForegroundWindow () returned 0x10080 [0228.904] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0228.904] EnumProcesses (in: lpidProcess=0x2962408, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2962408, lpcbNeeded=0x1c36f3d0) returned 1 [0228.905] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c0cb8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x128c0cb8, ResultLength=0x1c36f370*=0xfb48) returned 0x0 [0228.913] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0228.961] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.961] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.961] CoTaskMemFree (pv=0x5d3a00) [0228.961] GetForegroundWindow () returned 0x10080 [0228.962] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.962] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.962] CoTaskMemFree (pv=0x5d3a00) [0228.962] GetForegroundWindow () returned 0x10080 [0228.962] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.962] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.962] CoTaskMemFree (pv=0x5d3a00) [0228.962] GetForegroundWindow () returned 0x100d4 [0228.962] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0228.963] EnumProcesses (in: lpidProcess=0x2980dd8, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2980dd8, lpcbNeeded=0x1c36f3e0) returned 1 [0228.964] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x1299d8c0, ResultLength=0x1c36f380*=0xfb48) returned 0x0 [0228.985] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0228.985] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.985] GetWindowTextW (in: hWnd=0x100d4, lpString=0x5d3a00, nMaxCount=256 | out: lpString="FolderView") returned 10 [0228.985] CoTaskMemFree (pv=0x5d3a00) [0228.985] GetForegroundWindow () returned 0x10080 [0228.985] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.986] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.986] CoTaskMemFree (pv=0x5d3a00) [0228.986] GetForegroundWindow () returned 0x10080 [0228.986] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0228.986] EnumProcesses (in: lpidProcess=0x27b9380, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27b9380, lpcbNeeded=0x1c36f3e0) returned 1 [0228.988] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129bd8f0, ResultLength=0x1c36f380*=0xfb48) returned 0x0 [0228.995] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0228.995] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.995] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.995] CoTaskMemFree (pv=0x5d3a00) [0228.996] GetForegroundWindow () returned 0x10080 [0228.996] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0228.996] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0228.996] CoTaskMemFree (pv=0x5d3a00) [0229.040] GetForegroundWindow () returned 0x10080 [0229.040] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0229.040] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0229.040] CoTaskMemFree (pv=0x5d3a00) [0229.040] GetForegroundWindow () returned 0x100d4 [0229.040] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0229.041] EnumProcesses (in: lpidProcess=0x27d8390, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27d8390, lpcbNeeded=0x1c36f3d0) returned 1 [0229.042] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x129dd920, ResultLength=0x1c36f370*=0xfb48) returned 0x0 [0229.049] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0229.050] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0229.050] GetWindowTextW (in: hWnd=0x100d4, lpString=0x5d3a00, nMaxCount=256 | out: lpString="FolderView") returned 10 [0229.050] CoTaskMemFree (pv=0x5d3a00) [0229.133] GetForegroundWindow () returned 0x10080 [0229.133] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0229.133] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0229.133] CoTaskMemFree (pv=0x5d3a00) [0229.134] GetForegroundWindow () returned 0x10080 [0229.134] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0229.134] EnumProcesses (in: lpidProcess=0x27fc088, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27fc088, lpcbNeeded=0x1c36f3d0) returned 1 [0229.137] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x129fd950, ResultLength=0x1c36f370*=0xfb48) returned 0x0 [0229.146] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0229.147] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0229.147] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0229.147] CoTaskMemFree (pv=0x5d3a00) [0229.258] GetForegroundWindow () returned 0x10080 [0229.258] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0229.258] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0229.258] CoTaskMemFree (pv=0x5d3a00) [0229.259] GetForegroundWindow () returned 0x10080 [0229.259] CoTaskMemAlloc (cb=0x204) returned 0x5d3a00 [0229.259] GetWindowTextW (in: hWnd=0x10080, lpString=0x5d3a00, nMaxCount=256 | out: lpString="") returned 0 [0229.259] CoTaskMemFree (pv=0x5d3a00) [0229.340] GetForegroundWindow () returned 0x100d4 [0229.349] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0229.350] EnumProcesses (in: lpidProcess=0x281dba0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x281dba0, lpcbNeeded=0x1c36f3e0) returned 1 [0229.351] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12a1d980, ResultLength=0x1c36f380*=0xfaf8) returned 0x0 [0229.361] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0229.361] CoTaskMemAlloc (cb=0x204) returned 0x1aec7280 [0229.361] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1aec7280, nMaxCount=256 | out: lpString="FolderView") returned 10 [0229.361] CoTaskMemFree (pv=0x1aec7280) [0229.363] GetForegroundWindow () returned 0x10080 [0229.363] CoTaskMemAlloc (cb=0x204) returned 0x1aec7280 [0229.363] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aec7280, nMaxCount=256 | out: lpString="") returned 0 [0229.363] CoTaskMemFree (pv=0x1aec7280) [0229.399] GetForegroundWindow () returned 0x10080 [0229.399] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0229.399] EnumProcesses (in: lpidProcess=0x283df68, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x283df68, lpcbNeeded=0x1c36f3e0) returned 1 [0229.404] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1c36f380*=0xfaf8) returned 0x0 [0229.413] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0229.413] CoTaskMemAlloc (cb=0x204) returned 0x1aec7280 [0229.413] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aec7280, nMaxCount=256 | out: lpString="") returned 0 [0229.414] CoTaskMemFree (pv=0x1aec7280) [0229.414] GetForegroundWindow () returned 0x10080 [0229.414] CoTaskMemAlloc (cb=0x204) returned 0x1aec7280 [0229.414] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aec7280, nMaxCount=256 | out: lpString="") returned 0 [0229.415] CoTaskMemFree (pv=0x1aec7280) [0229.508] GetForegroundWindow () returned 0x10080 [0229.508] CoTaskMemAlloc (cb=0x204) returned 0x1aec7280 [0229.508] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aec7280, nMaxCount=256 | out: lpString="") returned 0 [0229.508] CoTaskMemFree (pv=0x1aec7280) [0229.509] GetForegroundWindow () returned 0x100d4 [0229.509] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0229.509] EnumProcesses (in: lpidProcess=0x2860588, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2860588, lpcbNeeded=0x1c36f3d0) returned 1 [0229.511] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1c36f370*=0xfaf8) returned 0x0 [0229.520] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0229.520] CoTaskMemAlloc (cb=0x204) returned 0x1aec7280 [0229.520] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1aec7280, nMaxCount=256 | out: lpString="FolderView") returned 10 [0229.521] CoTaskMemFree (pv=0x1aec7280) [0229.590] GetForegroundWindow () returned 0x10080 [0229.590] CoTaskMemAlloc (cb=0x204) returned 0x1aec7280 [0229.590] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aec7280, nMaxCount=256 | out: lpString="") returned 0 [0229.591] CoTaskMemFree (pv=0x1aec7280) [0229.591] GetForegroundWindow () returned 0x10080 [0229.591] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0229.592] EnumProcesses (in: lpidProcess=0x288b290, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x288b290, lpcbNeeded=0x1c36f3d0) returned 1 [0229.593] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7da10, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a7da10, ResultLength=0x1c36f370*=0xfaf8) returned 0x0 [0229.602] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0229.602] CoTaskMemAlloc (cb=0x204) returned 0x1aec7280 [0229.602] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aec7280, nMaxCount=256 | out: lpString="") returned 0 [0229.602] CoTaskMemFree (pv=0x1aec7280) [0229.664] GetForegroundWindow () returned 0x10080 [0229.664] CoTaskMemAlloc (cb=0x204) returned 0x1aec7280 [0229.664] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aec7280, nMaxCount=256 | out: lpString="") returned 0 [0229.664] CoTaskMemFree (pv=0x1aec7280) [0229.665] GetForegroundWindow () returned 0x10080 [0229.665] CoTaskMemAlloc (cb=0x204) returned 0x1aec7280 [0229.665] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aec7280, nMaxCount=256 | out: lpString="") returned 0 [0229.665] CoTaskMemFree (pv=0x1aec7280) [0229.738] GetForegroundWindow () returned 0x100d4 [0229.738] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0229.738] EnumProcesses (in: lpidProcess=0x28aa0c8, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28aa0c8, lpcbNeeded=0x1c36f3e0) returned 1 [0229.766] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x126b6e90, ResultLength=0x1c36f380*=0xfaf8) returned 0x0 [0229.770] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0229.771] CoTaskMemAlloc (cb=0x204) returned 0x1aec7280 [0229.771] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1aec7280, nMaxCount=256 | out: lpString="FolderView") returned 10 [0229.771] CoTaskMemFree (pv=0x1aec7280) [0229.771] GetForegroundWindow () returned 0x10080 [0229.771] CoTaskMemAlloc (cb=0x204) returned 0x1aec7280 [0229.771] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aec7280, nMaxCount=256 | out: lpString="") returned 0 [0229.772] CoTaskMemFree (pv=0x1aec7280) [0229.817] GetForegroundWindow () returned 0x10080 [0229.817] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0229.817] EnumProcesses (in: lpidProcess=0x27c1960, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27c1960, lpcbNeeded=0x1c36f3e0) returned 1 [0229.818] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12700a18, ResultLength=0x1c36f380*=0xfaa8) returned 0x0 [0229.825] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0229.825] CoTaskMemAlloc (cb=0x204) returned 0x1aec7280 [0229.825] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aec7280, nMaxCount=256 | out: lpString="") returned 0 [0229.826] CoTaskMemFree (pv=0x1aec7280) [0229.827] GetForegroundWindow () returned 0x10080 [0229.827] CoTaskMemAlloc (cb=0x204) returned 0x1aec7280 [0229.827] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aec7280, nMaxCount=256 | out: lpString="") returned 0 [0229.827] CoTaskMemFree (pv=0x1aec7280) [0230.775] GetForegroundWindow () returned 0x10080 [0230.775] CoTaskMemAlloc (cb=0x204) returned 0x1aeb8530 [0230.775] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aeb8530, nMaxCount=256 | out: lpString="") returned 0 [0230.775] CoTaskMemFree (pv=0x1aeb8530) [0230.778] GetForegroundWindow () returned 0x100d4 [0230.778] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0230.779] EnumProcesses (in: lpidProcess=0x28984f0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28984f0, lpcbNeeded=0x1c36f3d0) returned 1 [0230.783] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x127e0b68, ResultLength=0x1c36f370*=0xfa58) returned 0x0 [0230.789] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0230.792] CoTaskMemAlloc (cb=0x204) returned 0x1aeb8530 [0230.792] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1aeb8530, nMaxCount=256 | out: lpString="FolderView") returned 10 [0230.792] CoTaskMemFree (pv=0x1aeb8530) [0230.963] GetForegroundWindow () returned 0x10080 [0230.963] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0230.963] EnumProcesses (in: lpidProcess=0x28f3878, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28f3878, lpcbNeeded=0x1c36f3e0) returned 1 [0230.967] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12840bf8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12840bf8, ResultLength=0x1c36f380*=0xfa58) returned 0x0 [0230.974] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0230.974] CoTaskMemAlloc (cb=0x204) returned 0x1aeb8530 [0230.974] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aeb8530, nMaxCount=256 | out: lpString="") returned 0 [0230.974] CoTaskMemFree (pv=0x1aeb8530) [0230.975] GetForegroundWindow () returned 0x10080 [0230.976] CoTaskMemAlloc (cb=0x204) returned 0x1aeb8530 [0230.976] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aeb8530, nMaxCount=256 | out: lpString="") returned 0 [0230.976] CoTaskMemFree (pv=0x1aeb8530) [0231.151] GetForegroundWindow () returned 0x10080 [0231.152] CoTaskMemAlloc (cb=0x204) returned 0x1aeb8530 [0231.153] GetWindowTextW (in: hWnd=0x10080, lpString=0x1aeb8530, nMaxCount=256 | out: lpString="") returned 0 [0231.153] CoTaskMemFree (pv=0x1aeb8530) [0231.154] GetForegroundWindow () returned 0x10080 [0231.154] CoTaskMemAlloc (cb=0x204) returned 0x1af1c770 [0231.155] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1c770, nMaxCount=256 | out: lpString="") returned 0 [0231.155] CoTaskMemFree (pv=0x1af1c770) [0231.353] GetForegroundWindow () returned 0x100d4 [0231.354] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0231.354] EnumProcesses (in: lpidProcess=0x2931230, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2931230, lpcbNeeded=0x1c36f3e0) returned 1 [0231.357] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12880c58, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12880c58, ResultLength=0x1c36f380*=0xfa08) returned 0x0 [0231.365] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0231.365] CoTaskMemAlloc (cb=0x204) returned 0x1af1cda0 [0231.365] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1af1cda0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0231.365] CoTaskMemFree (pv=0x1af1cda0) [0231.367] GetForegroundWindow () returned 0x10080 [0231.367] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0231.367] EnumProcesses (in: lpidProcess=0x294f3f0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x294f3f0, lpcbNeeded=0x1c36f3d0) returned 1 [0231.368] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a0c88, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x128a0c88, ResultLength=0x1c36f370*=0xfa08) returned 0x0 [0231.376] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0231.376] CoTaskMemAlloc (cb=0x204) returned 0x1af1c140 [0231.376] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1c140, nMaxCount=256 | out: lpString="") returned 0 [0231.377] CoTaskMemFree (pv=0x1af1c140) [0231.636] GetForegroundWindow () returned 0x10080 [0231.636] CoTaskMemAlloc (cb=0x204) returned 0x1af1c770 [0231.636] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1c770, nMaxCount=256 | out: lpString="") returned 0 [0231.636] CoTaskMemFree (pv=0x1af1c770) [0231.637] GetForegroundWindow () returned 0x10080 [0231.637] CoTaskMemAlloc (cb=0x204) returned 0x1af1b900 [0231.637] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1b900, nMaxCount=256 | out: lpString="") returned 0 [0231.637] CoTaskMemFree (pv=0x1af1b900) [0231.805] GetForegroundWindow () returned 0x10080 [0231.805] CoTaskMemAlloc (cb=0x204) returned 0x1af1b2d0 [0231.805] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1b2d0, nMaxCount=256 | out: lpString="") returned 0 [0231.805] CoTaskMemFree (pv=0x1af1b2d0) [0231.807] GetForegroundWindow () returned 0x100d4 [0231.807] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0231.807] EnumProcesses (in: lpidProcess=0x298cf40, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x298cf40, lpcbNeeded=0x1c36f3d0) returned 1 [0231.810] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x1299d8c0, ResultLength=0x1c36f370*=0xfa08) returned 0x0 [0231.832] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0231.832] CoTaskMemAlloc (cb=0x204) returned 0x1af1b4e0 [0231.832] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1af1b4e0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0231.832] CoTaskMemFree (pv=0x1af1b4e0) [0232.013] GetForegroundWindow () returned 0x10080 [0232.013] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0232.013] EnumProcesses (in: lpidProcess=0x28008e8, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28008e8, lpcbNeeded=0x1c36f3e0) returned 1 [0232.015] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129fd950, ResultLength=0x1c36f380*=0xfa08) returned 0x0 [0232.024] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0232.024] CoTaskMemAlloc (cb=0x204) returned 0x1af1c350 [0232.024] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1c350, nMaxCount=256 | out: lpString="") returned 0 [0232.025] CoTaskMemFree (pv=0x1af1c350) [0232.026] GetForegroundWindow () returned 0x10080 [0232.026] CoTaskMemAlloc (cb=0x204) returned 0x1af1b6f0 [0232.026] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1b6f0, nMaxCount=256 | out: lpString="") returned 0 [0232.026] CoTaskMemFree (pv=0x1af1b6f0) [0232.243] GetForegroundWindow () returned 0x10080 [0232.243] CoTaskMemAlloc (cb=0x204) returned 0x1af1c140 [0232.243] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1c140, nMaxCount=256 | out: lpString="") returned 0 [0232.243] CoTaskMemFree (pv=0x1af1c140) [0232.244] GetForegroundWindow () returned 0x10080 [0232.245] CoTaskMemAlloc (cb=0x204) returned 0x1af1bb10 [0232.245] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1bb10, nMaxCount=256 | out: lpString="") returned 0 [0232.245] CoTaskMemFree (pv=0x1af1bb10) [0232.385] GetForegroundWindow () returned 0x100d4 [0232.385] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0232.385] EnumProcesses (in: lpidProcess=0x283fbc0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x283fbc0, lpcbNeeded=0x1c36f3e0) returned 1 [0232.387] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1c36f380*=0xf9b8) returned 0x0 [0232.398] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0232.398] CoTaskMemAlloc (cb=0x204) returned 0x1af1c140 [0232.398] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1af1c140, nMaxCount=256 | out: lpString="FolderView") returned 10 [0232.398] CoTaskMemFree (pv=0x1af1c140) [0232.400] GetForegroundWindow () returned 0x10080 [0232.400] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0232.400] EnumProcesses (in: lpidProcess=0x285dcf0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x285dcf0, lpcbNeeded=0x1c36f3d0) returned 1 [0232.402] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1c36f370*=0xf9b8) returned 0x0 [0232.413] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0232.416] CoTaskMemAlloc (cb=0x204) returned 0x1af1c560 [0232.416] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1c560, nMaxCount=256 | out: lpString="") returned 0 [0232.416] CoTaskMemFree (pv=0x1af1c560) [0232.572] GetForegroundWindow () returned 0x10080 [0232.572] CoTaskMemAlloc (cb=0x204) returned 0x1af1c560 [0232.572] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1c560, nMaxCount=256 | out: lpString="") returned 0 [0232.572] CoTaskMemFree (pv=0x1af1c560) [0232.573] GetForegroundWindow () returned 0x10080 [0232.573] CoTaskMemAlloc (cb=0x204) returned 0x1af1c980 [0232.573] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1c980, nMaxCount=256 | out: lpString="") returned 0 [0232.573] CoTaskMemFree (pv=0x1af1c980) [0232.752] GetForegroundWindow () returned 0x10080 [0232.753] CoTaskMemAlloc (cb=0x204) returned 0x1af1b900 [0232.753] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1b900, nMaxCount=256 | out: lpString="") returned 0 [0232.753] CoTaskMemFree (pv=0x1af1b900) [0232.754] GetForegroundWindow () returned 0x100d4 [0232.754] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0232.754] EnumProcesses (in: lpidProcess=0x289b6c8, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x289b6c8, lpcbNeeded=0x1c36f3d0) returned 1 [0232.793] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x126b6e90, ResultLength=0x1c36f370*=0xf968) returned 0x0 [0232.796] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0232.796] CoTaskMemAlloc (cb=0x204) returned 0x1af1c770 [0232.796] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1af1c770, nMaxCount=256 | out: lpString="FolderView") returned 10 [0232.796] CoTaskMemFree (pv=0x1af1c770) [0232.931] GetForegroundWindow () returned 0x10080 [0232.931] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0232.931] EnumProcesses (in: lpidProcess=0x28010c8, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28010c8, lpcbNeeded=0x1c36f3e0) returned 1 [0232.934] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12740a78, ResultLength=0x1c36f380*=0xf968) returned 0x0 [0232.941] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0232.942] CoTaskMemAlloc (cb=0x204) returned 0x1af1bb10 [0232.942] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1bb10, nMaxCount=256 | out: lpString="") returned 0 [0232.942] CoTaskMemFree (pv=0x1af1bb10) [0232.942] GetForegroundWindow () returned 0x10080 [0232.942] CoTaskMemAlloc (cb=0x204) returned 0x1af1b6f0 [0232.942] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1b6f0, nMaxCount=256 | out: lpString="") returned 0 [0232.942] CoTaskMemFree (pv=0x1af1b6f0) [0233.129] GetForegroundWindow () returned 0x10080 [0233.130] CoTaskMemAlloc (cb=0x204) returned 0x1af1bf30 [0233.130] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1bf30, nMaxCount=256 | out: lpString="") returned 0 [0233.130] CoTaskMemFree (pv=0x1af1bf30) [0233.131] GetForegroundWindow () returned 0x10080 [0233.131] CoTaskMemAlloc (cb=0x204) returned 0x1af1c770 [0233.131] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1c770, nMaxCount=256 | out: lpString="") returned 0 [0233.131] CoTaskMemFree (pv=0x1af1c770) [0233.307] GetForegroundWindow () returned 0x100d4 [0233.307] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0233.307] EnumProcesses (in: lpidProcess=0x284bc08, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x284bc08, lpcbNeeded=0x1c36f3e0) returned 1 [0233.308] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12780ad8, ResultLength=0x1c36f380*=0xf968) returned 0x0 [0233.315] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0233.315] CoTaskMemAlloc (cb=0x204) returned 0x1af1bb10 [0233.315] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1af1bb10, nMaxCount=256 | out: lpString="FolderView") returned 10 [0233.316] CoTaskMemFree (pv=0x1af1bb10) [0233.317] GetForegroundWindow () returned 0x10080 [0233.317] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0233.317] EnumProcesses (in: lpidProcess=0x2869ca8, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2869ca8, lpcbNeeded=0x1c36f3d0) returned 1 [0233.318] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x127a0b08, ResultLength=0x1c36f370*=0xf968) returned 0x0 [0233.325] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0233.325] CoTaskMemAlloc (cb=0x204) returned 0x1af1bb10 [0233.325] GetWindowTextW (in: hWnd=0x10080, lpString=0x1af1bb10, nMaxCount=256 | out: lpString="") returned 0 [0233.325] CoTaskMemFree (pv=0x1af1bb10) [0234.193] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe", nBufferLength=0x105, lpBuffer=0x1c36ee30, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service\\agpsvc.exe", lpFilePart=0x0) returned 0x27 [0234.597] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe", nBufferLength=0x105, lpBuffer=0x1c36edb0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service\\agpsvc.exe", lpFilePart=0x0) returned 0x27 [0235.344] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x470 [0236.944] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x4bc [0238.521] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x51c [0240.147] WSASend (in: s=0x410, lpBuffers=0x1c36f350*=((len=0x4c, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c36f348, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c36f348*=0x4c, lpOverlapped=0x27ce1c8) returned 0 [0240.152] GetForegroundWindow () returned 0x10080 [0240.152] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0240.152] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="") returned 0 [0240.152] CoTaskMemFree (pv=0x1c07cbf0) [0240.153] GetForegroundWindow () returned 0x10080 [0240.153] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0240.153] EnumProcesses (in: lpidProcess=0x285fb50, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x285fb50, lpcbNeeded=0x1c36f3e0) returned 1 [0240.155] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1c36f380*=0xfa08) returned 0x0 [0240.165] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0240.168] CoTaskMemAlloc (cb=0x204) returned 0x1c07c9e0 [0240.168] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c9e0, nMaxCount=256 | out: lpString="") returned 0 [0240.168] CoTaskMemFree (pv=0x1c07c9e0) [0240.168] CoGetObjectContext (in: riid=0x1c36e9a8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c36e9a0 | out: ppv=0x1c36e9a0*=0x5e6f98) returned 0x0 [0240.169] IComThreadingInfo:GetCurrentApartmentType (in: This=0x5e6f98, pAptType=0x1c36e9c0 | out: pAptType=0x1c36e9c0*=1) returned 0x0 [0240.169] IUnknown:QueryInterface (in: This=0x5e6f98, riid=0x28353a0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c36eac8 | out: ppvObject=0x1c36eac8*=0x0) returned 0x80004002 [0240.169] IUnknown:Release (This=0x5e6f98) returned 0x1 [0240.170] CoGetClassObject (in: rclsid=0x1ae8d278*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7ffb7330d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c36e020 | out: ppv=0x1c36e020*=0x1aeb8270) returned 0x0 [0240.171] WbemDefPath:IUnknown:QueryInterface (in: This=0x1aeb8270, riid=0x7ffb7330d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c36dd30 | out: ppvObject=0x1c36dd30*=0x0) returned 0x80004002 [0240.171] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1aeb8270, pUnkOuter=0x0, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c36dd18 | out: ppvObject=0x1c36dd18*=0x1ae72ab0) returned 0x0 [0240.171] WbemDefPath:IUnknown:QueryInterface (in: This=0x1ae72ab0, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c36dc20 | out: ppvObject=0x1c36dc20*=0x1ae72ab0) returned 0x0 [0240.172] WbemDefPath:IUnknown:QueryInterface (in: This=0x1ae72ab0, riid=0x7ffb7330d840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c36dca0 | out: ppvObject=0x1c36dca0*=0x0) returned 0x80004002 [0240.172] WbemDefPath:IUnknown:AddRef (This=0x1ae72ab0) returned 0x3 [0240.172] CoGetContextToken (in: pToken=0x1c36d8f0 | out: pToken=0x1c36d8f0) returned 0x0 [0240.172] WbemDefPath:IUnknown:QueryInterface (in: This=0x1ae72ab0, riid=0x7ffb7330d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c36d8b0 | out: ppvObject=0x1c36d8b0*=0x1aeb7b70) returned 0x0 [0240.172] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1aeb7b70, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c36d8e0 | out: pCid=0x1c36d8e0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0240.172] WbemDefPath:IUnknown:Release (This=0x1aeb7b70) returned 0x3 [0240.173] CoGetContextToken (in: pToken=0x1c36d8c0 | out: pToken=0x1c36d8c0) returned 0x0 [0240.173] WbemDefPath:IUnknown:AddRef (This=0x1ae72ab0) returned 0x4 [0240.173] WbemDefPath:IUnknown:QueryInterface (in: This=0x1ae72ab0, riid=0x7ffb7330d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c36d9d8 | out: ppvObject=0x1c36d9d8*=0x0) returned 0x80004002 [0240.173] WbemDefPath:IUnknown:Release (This=0x1ae72ab0) returned 0x3 [0240.173] WbemDefPath:IUnknown:Release (This=0x1ae72ab0) returned 0x2 [0240.173] WbemDefPath:IUnknown:Release (This=0x1aeb8270) returned 0x0 [0240.174] WbemDefPath:IUnknown:Release (This=0x1ae72ab0) returned 0x1 [0240.174] CoGetContextToken (in: pToken=0x1c36e5f0 | out: pToken=0x1c36e5f0) returned 0x0 [0240.174] CoGetContextToken (in: pToken=0x1c36e530 | out: pToken=0x1c36e530) returned 0x0 [0240.174] WbemDefPath:IUnknown:AddRef (This=0x1ae72ab0) returned 0x2 [0240.174] WbemDefPath:IUnknown:QueryInterface (in: This=0x1ae72ab0, riid=0x1c36e670*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c36e650 | out: ppvObject=0x1c36e650*=0x1ae72ab0) returned 0x0 [0240.174] WbemDefPath:IUnknown:Release (This=0x1ae72ab0) returned 0x2 [0240.174] WbemDefPath:IUnknown:Release (This=0x1ae72ab0) returned 0x1 [0240.174] CoGetContextToken (in: pToken=0x1c36e770 | out: pToken=0x1c36e770) returned 0x0 [0240.174] CoGetContextToken (in: pToken=0x1c36e6b0 | out: pToken=0x1c36e6b0) returned 0x0 [0240.174] WbemDefPath:IUnknown:AddRef (This=0x1ae72ab0) returned 0x2 [0240.175] WbemDefPath:IUnknown:QueryInterface (in: This=0x1ae72ab0, riid=0x1c36e7f0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c36e7d0 | out: ppvObject=0x1c36e7d0*=0x1ae72ab0) returned 0x0 [0240.175] WbemDefPath:IUnknown:Release (This=0x1ae72ab0) returned 0x2 [0240.175] WbemDefPath:IUnknown:AddRef (This=0x1ae72ab0) returned 0x3 [0240.175] WbemDefPath:IWbemPath:SetText (This=0x1ae72ab0, uMode=0x4, pszPath="ROOT\\SecurityCenter2") returned 0x0 [0240.175] WbemDefPath:IUnknown:Release (This=0x1ae72ab0) returned 0x2 [0240.175] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1ae72ab0, puCount=0x1c36ea70 | out: puCount=0x1c36ea70*=0x2) returned 0x0 [0240.175] WbemDefPath:IWbemPath:GetText (in: This=0x1ae72ab0, lFlags=4, puBuffLength=0x1c36ea70*=0x0, pszText=0x0 | out: puBuffLength=0x1c36ea70*=0x19, pszText=0x0) returned 0x0 [0240.175] WbemDefPath:IWbemPath:GetText (in: This=0x1ae72ab0, lFlags=4, puBuffLength=0x1c36ea70*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x1c36ea70*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0240.175] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1ae72ab0, puCount=0x1c36ea70 | out: puCount=0x1c36ea70*=0x2) returned 0x0 [0240.175] WbemDefPath:IWbemPath:GetText (in: This=0x1ae72ab0, lFlags=4, puBuffLength=0x1c36ea70*=0x0, pszText=0x0 | out: puBuffLength=0x1c36ea70*=0x19, pszText=0x0) returned 0x0 [0240.176] WbemDefPath:IWbemPath:GetText (in: This=0x1ae72ab0, lFlags=4, puBuffLength=0x1c36ea70*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x1c36ea70*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0240.176] CoGetObjectContext (in: riid=0x1c36e9b8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c36e9b0 | out: ppv=0x1c36e9b0*=0x5e6f98) returned 0x0 [0240.176] IComThreadingInfo:GetCurrentApartmentType (in: This=0x5e6f98, pAptType=0x1c36e9d0 | out: pAptType=0x1c36e9d0*=1) returned 0x0 [0240.176] IUnknown:QueryInterface (in: This=0x5e6f98, riid=0x28353a0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c36ead8 | out: ppvObject=0x1c36ead8*=0x0) returned 0x80004002 [0240.176] IUnknown:Release (This=0x5e6f98) returned 0x1 [0240.176] CoGetClassObject (in: rclsid=0x1af42af8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7ffb7330d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c36e650 | out: ppv=0x1c36e650*=0x1af5b260) returned 0x0 [0240.176] WbemLocator:IUnknown:QueryInterface (in: This=0x1af5b260, riid=0x7ffb7330d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c36e360 | out: ppvObject=0x1c36e360*=0x0) returned 0x80004002 [0240.177] WbemLocator:IClassFactory:CreateInstance (in: This=0x1af5b260, pUnkOuter=0x0, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c36e348 | out: ppvObject=0x1c36e348*=0x1af5b600) returned 0x0 [0240.177] WbemLocator:IUnknown:QueryInterface (in: This=0x1af5b600, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c36e250 | out: ppvObject=0x1c36e250*=0x1af5b600) returned 0x0 [0240.177] WbemLocator:IUnknown:QueryInterface (in: This=0x1af5b600, riid=0x7ffb7330d840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c36e2d0 | out: ppvObject=0x1c36e2d0*=0x0) returned 0x80004002 [0240.177] WbemLocator:IUnknown:AddRef (This=0x1af5b600) returned 0x3 [0240.178] CoGetContextToken (in: pToken=0x1c36df20 | out: pToken=0x1c36df20) returned 0x0 [0240.178] WbemLocator:IUnknown:QueryInterface (in: This=0x1af5b600, riid=0x7ffb7330d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c36dee0 | out: ppvObject=0x1c36dee0*=0x0) returned 0x80004002 [0240.178] CoGetContextToken (in: pToken=0x1c36def0 | out: pToken=0x1c36def0) returned 0x0 [0240.178] WbemLocator:IUnknown:AddRef (This=0x1af5b600) returned 0x4 [0240.178] WbemLocator:IUnknown:QueryInterface (in: This=0x1af5b600, riid=0x7ffb7330d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c36e008 | out: ppvObject=0x1c36e008*=0x0) returned 0x80004002 [0240.178] WbemLocator:IUnknown:Release (This=0x1af5b600) returned 0x3 [0240.178] WbemLocator:IUnknown:Release (This=0x1af5b600) returned 0x2 [0240.179] WbemLocator:IUnknown:Release (This=0x1af5b260) returned 0x0 [0240.179] WbemLocator:IUnknown:Release (This=0x1af5b600) returned 0x1 [0240.179] CoGetContextToken (in: pToken=0x1c36e510 | out: pToken=0x1c36e510) returned 0x0 [0240.179] CoGetContextToken (in: pToken=0x1c36e450 | out: pToken=0x1c36e450) returned 0x0 [0240.179] WbemLocator:IUnknown:AddRef (This=0x1af5b600) returned 0x2 [0240.179] WbemLocator:IUnknown:QueryInterface (in: This=0x1af5b600, riid=0x1c36e590*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c36e570 | out: ppvObject=0x1c36e570*=0x1af5b600) returned 0x0 [0240.179] WbemLocator:IUnknown:Release (This=0x1af5b600) returned 0x2 [0240.179] WbemLocator:IUnknown:Release (This=0x1af5b600) returned 0x1 [0240.180] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1ae72ab0, puCount=0x1c36e970 | out: puCount=0x1c36e970*=0x2) returned 0x0 [0240.180] WbemDefPath:IWbemPath:GetText (in: This=0x1ae72ab0, lFlags=8, puBuffLength=0x1c36e970*=0x0, pszText=0x0 | out: puBuffLength=0x1c36e970*=0x19, pszText=0x0) returned 0x0 [0240.180] WbemDefPath:IWbemPath:GetText (in: This=0x1ae72ab0, lFlags=8, puBuffLength=0x1c36e970*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x1c36e970*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0240.180] CoCreateInstance (in: rclsid=0x7ffb853a15a8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ffb853a14d8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x1c36e5e0 | out: ppv=0x1c36e5e0*=0x1af5b620) returned 0x0 [0240.180] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1af5b620, strNetworkResource="\\\\.\\ROOT\\SecurityCenter2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x1c36e870 | out: ppNamespace=0x1c36e870*=0x1c084fd0) returned 0x0 [0240.516] WbemLocator:IUnknown:QueryInterface (in: This=0x1c084fd0, riid=0x7ffb853a1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c36e458 | out: ppvObject=0x1c36e458*=0x1c089bc0) returned 0x0 [0240.517] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x1c089bc0, pProxy=0x1c084fd0, pAuthnSvc=0x1c36e450, pAuthzSvc=0x1c36e44c, pServerPrincName=0x1c36e478, pAuthnLevel=0x1c36e448, pImpLevel=0x1c36e464, pAuthInfo=0x1c36e488, pCapabilites=0x1c36e460 | out: pAuthnSvc=0x1c36e450*=0xa, pAuthzSvc=0x1c36e44c*=0x0, pServerPrincName=0x1c36e478, pAuthnLevel=0x1c36e448*=0x6, pImpLevel=0x1c36e464*=0x2, pAuthInfo=0x1c36e488, pCapabilites=0x1c36e460*=0x1) returned 0x0 [0240.517] WbemLocator:IUnknown:Release (This=0x1c089bc0) returned 0x1 [0240.517] WbemLocator:IUnknown:QueryInterface (in: This=0x1c084fd0, riid=0x7ffb853a1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c36e3f8 | out: ppvObject=0x1c36e3f8*=0x1c089c08) returned 0x0 [0240.517] WbemLocator:IUnknown:QueryInterface (in: This=0x1c084fd0, riid=0x7ffb853a1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c36e388 | out: ppvObject=0x1c36e388*=0x1c089bc0) returned 0x0 [0240.517] WbemLocator:IClientSecurity:SetBlanket (This=0x1c089bc0, pProxy=0x1c084fd0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0240.518] WbemLocator:IUnknown:Release (This=0x1c089bc0) returned 0x2 [0240.518] WbemLocator:IUnknown:Release (This=0x1c089c08) returned 0x1 [0240.518] CoTaskMemFree (pv=0x1af51e70) [0240.518] WbemLocator:IUnknown:Release (This=0x1af5b620) returned 0x0 [0240.518] WbemLocator:IUnknown:QueryInterface (in: This=0x1c084fd0, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c36e070 | out: ppvObject=0x1c36e070*=0x1c089c08) returned 0x0 [0240.518] WbemLocator:IUnknown:QueryInterface (in: This=0x1c089c08, riid=0x7ffb7330d840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c36e0f0 | out: ppvObject=0x1c36e0f0*=0x0) returned 0x80004002 [0240.708] WbemLocator:IUnknown:QueryInterface (in: This=0x1c089c08, riid=0x7ffb7330d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c36de88 | out: ppvObject=0x1c36de88*=0x0) returned 0x80004002 [0240.709] WbemLocator:IUnknown:AddRef (This=0x1c089c08) returned 0x3 [0240.709] CoGetContextToken (in: pToken=0x1c36dd40 | out: pToken=0x1c36dd40) returned 0x0 [0240.709] WbemLocator:IUnknown:QueryInterface (in: This=0x1c089c08, riid=0x7ffb7330d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c36dd00 | out: ppvObject=0x1c36dd00*=0x1c089ae8) returned 0x0 [0240.710] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1c089ae8, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c36dd30 | out: pCid=0x1c36dd30*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0240.710] WbemLocator:IUnknown:Release (This=0x1c089ae8) returned 0x3 [0240.710] CoGetContextToken (in: pToken=0x1c36dd10 | out: pToken=0x1c36dd10) returned 0x0 [0240.710] WbemLocator:IUnknown:AddRef (This=0x1c089c08) returned 0x4 [0240.710] WbemLocator:IUnknown:QueryInterface (in: This=0x1c089c08, riid=0x7ffb7330d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c36de28 | out: ppvObject=0x1c36de28*=0x1c089bd0) returned 0x0 [0240.711] WbemLocator:IUnknown:Release (This=0x1c089c08) returned 0x4 [0240.711] WbemLocator:IRpcOptions:Query (in: This=0x1c089bd0, pPrx=0x1c089c08, dwProperty=2, pdwValue=0x1c36de98 | out: pdwValue=0x1c36de98) returned 0x80004002 [0240.711] WbemLocator:IUnknown:Release (This=0x1c089bd0) returned 0x3 [0240.711] WbemLocator:IUnknown:Release (This=0x1c089c08) returned 0x2 [0240.711] CoGetContextToken (in: pToken=0x1c36e210 | out: pToken=0x1c36e210) returned 0x0 [0240.711] CoGetContextToken (in: pToken=0x1c36e150 | out: pToken=0x1c36e150) returned 0x0 [0240.711] WbemLocator:IUnknown:AddRef (This=0x1c089c08) returned 0x3 [0240.711] WbemLocator:IUnknown:QueryInterface (in: This=0x1c089c08, riid=0x1c36e290*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c36e270 | out: ppvObject=0x1c36e270*=0x1c084fd0) returned 0x0 [0240.712] WbemLocator:IUnknown:Release (This=0x1c089c08) returned 0x3 [0240.712] WbemLocator:IUnknown:Release (This=0x1c084fd0) returned 0x2 [0240.712] WbemLocator:IUnknown:Release (This=0x1c084fd0) returned 0x1 [0240.712] SysStringLen (param_1=0x0) returned 0x0 [0240.712] CoGetContextToken (in: pToken=0x1c36e890 | out: pToken=0x1c36e890) returned 0x0 [0240.712] WbemLocator:IUnknown:AddRef (This=0x1c089c08) returned 0x2 [0240.712] WbemLocator:IUnknown:QueryInterface (in: This=0x1c089c08, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c36e460 | out: ppvObject=0x1c36e460*=0x1c089c08) returned 0x0 [0240.713] WbemLocator:IUnknown:Release (This=0x1c089c08) returned 0x2 [0240.713] WbemLocator:IUnknown:Release (This=0x1c089c08) returned 0x1 [0240.713] CoGetContextToken (in: pToken=0x1c36e4b0 | out: pToken=0x1c36e4b0) returned 0x0 [0240.713] CoGetContextToken (in: pToken=0x1c36e3f0 | out: pToken=0x1c36e3f0) returned 0x0 [0240.713] WbemLocator:IUnknown:AddRef (This=0x1c089c08) returned 0x2 [0240.713] WbemLocator:IUnknown:QueryInterface (in: This=0x1c089c08, riid=0x1c36e530*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c36e510 | out: ppvObject=0x1c36e510*=0x1c084fd0) returned 0x0 [0240.713] WbemLocator:IUnknown:Release (This=0x1c089c08) returned 0x2 [0240.713] WbemLocator:IUnknown:AddRef (This=0x1c084fd0) returned 0x3 [0240.714] IWbemServices:ExecQuery (in: This=0x1c084fd0, strQueryLanguage="WQL", strQuery="SELECT DisplayName FROM FirewallProduct", lFlags=16, pCtx=0x0, ppEnum=0x1c36e9a8 | out: ppEnum=0x1c36e9a8*=0x1af27750) returned 0x0 [0240.726] IUnknown:QueryInterface (in: This=0x1af27750, riid=0x7ffb853a1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c36e5b8 | out: ppvObject=0x1c36e5b8*=0x1af27758) returned 0x0 [0240.726] IClientSecurity:QueryBlanket (in: This=0x1af27758, pProxy=0x1af27750, pAuthnSvc=0x1c36e5b0, pAuthzSvc=0x1c36e5ac, pServerPrincName=0x1c36e5d8, pAuthnLevel=0x1c36e5a8, pImpLevel=0x1c36e5c4, pAuthInfo=0x1c36e5e8, pCapabilites=0x1c36e5c0 | out: pAuthnSvc=0x1c36e5b0*=0xa, pAuthzSvc=0x1c36e5ac*=0x0, pServerPrincName=0x1c36e5d8, pAuthnLevel=0x1c36e5a8*=0x6, pImpLevel=0x1c36e5c4*=0x2, pAuthInfo=0x1c36e5e8, pCapabilites=0x1c36e5c0*=0x1) returned 0x0 [0240.727] IUnknown:Release (This=0x1af27758) returned 0x1 [0240.727] IUnknown:QueryInterface (in: This=0x1af27750, riid=0x7ffb853a1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c36e558 | out: ppvObject=0x1c36e558*=0x1c089da8) returned 0x0 [0240.727] IUnknown:QueryInterface (in: This=0x1af27750, riid=0x7ffb853a1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c36e4e8 | out: ppvObject=0x1c36e4e8*=0x1af27758) returned 0x0 [0240.727] IClientSecurity:SetBlanket (This=0x1af27758, pProxy=0x1af27750, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0240.729] IUnknown:Release (This=0x1af27758) returned 0x2 [0240.729] WbemLocator:IUnknown:Release (This=0x1c089da8) returned 0x1 [0240.729] CoTaskMemFree (pv=0x1af51bd0) [0240.729] IUnknown:QueryInterface (in: This=0x1af27750, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c36e190 | out: ppvObject=0x1c36e190*=0x1c089da8) returned 0x0 [0240.729] WbemLocator:IUnknown:QueryInterface (in: This=0x1c089da8, riid=0x7ffb7330d840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c36e210 | out: ppvObject=0x1c36e210*=0x0) returned 0x80004002 [0240.730] WbemLocator:IUnknown:QueryInterface (in: This=0x1c089da8, riid=0x7ffb7330d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c36dfa8 | out: ppvObject=0x1c36dfa8*=0x0) returned 0x80004002 [0240.731] WbemLocator:IUnknown:AddRef (This=0x1c089da8) returned 0x3 [0240.731] CoGetContextToken (in: pToken=0x1c36de60 | out: pToken=0x1c36de60) returned 0x0 [0240.731] WbemLocator:IUnknown:QueryInterface (in: This=0x1c089da8, riid=0x7ffb7330d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c36de20 | out: ppvObject=0x1c36de20*=0x1c089c88) returned 0x0 [0240.731] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1c089c88, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c36de50 | out: pCid=0x1c36de50*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0240.731] WbemLocator:IUnknown:Release (This=0x1c089c88) returned 0x3 [0240.731] CoGetContextToken (in: pToken=0x1c36de30 | out: pToken=0x1c36de30) returned 0x0 [0240.731] WbemLocator:IUnknown:AddRef (This=0x1c089da8) returned 0x4 [0240.732] WbemLocator:IUnknown:QueryInterface (in: This=0x1c089da8, riid=0x7ffb7330d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c36df48 | out: ppvObject=0x1c36df48*=0x1c089d70) returned 0x0 [0240.732] WbemLocator:IUnknown:Release (This=0x1c089da8) returned 0x4 [0240.733] WbemLocator:IRpcOptions:Query (in: This=0x1c089d70, pPrx=0x1c089da8, dwProperty=2, pdwValue=0x1c36dfb8 | out: pdwValue=0x1c36dfb8) returned 0x80004002 [0240.733] WbemLocator:IUnknown:Release (This=0x1c089d70) returned 0x3 [0240.733] WbemLocator:IUnknown:Release (This=0x1c089da8) returned 0x2 [0240.733] CoGetContextToken (in: pToken=0x1c36e330 | out: pToken=0x1c36e330) returned 0x0 [0240.733] CoGetContextToken (in: pToken=0x1c36e270 | out: pToken=0x1c36e270) returned 0x0 [0240.733] WbemLocator:IUnknown:AddRef (This=0x1c089da8) returned 0x3 [0240.733] WbemLocator:IUnknown:QueryInterface (in: This=0x1c089da8, riid=0x1c36e3b0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c36e390 | out: ppvObject=0x1c36e390*=0x1af27750) returned 0x0 [0240.733] WbemLocator:IUnknown:Release (This=0x1c089da8) returned 0x3 [0240.734] IUnknown:Release (This=0x1af27750) returned 0x2 [0240.734] IUnknown:Release (This=0x1af27750) returned 0x1 [0240.734] WbemLocator:IUnknown:Release (This=0x1c084fd0) returned 0x2 [0240.734] SysStringLen (param_1=0x0) returned 0x0 [0240.734] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1ae72ab0, puCount=0x1c36e9d0 | out: puCount=0x1c36e9d0*=0x2) returned 0x0 [0240.734] WbemDefPath:IWbemPath:GetText (in: This=0x1ae72ab0, lFlags=4, puBuffLength=0x1c36e9d0*=0x0, pszText=0x0 | out: puBuffLength=0x1c36e9d0*=0x19, pszText=0x0) returned 0x0 [0240.734] WbemDefPath:IWbemPath:GetText (in: This=0x1ae72ab0, lFlags=4, puBuffLength=0x1c36e9d0*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x1c36e9d0*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0240.735] CoGetContextToken (in: pToken=0x1c36e550 | out: pToken=0x1c36e550) returned 0x0 [0240.735] CoGetContextToken (in: pToken=0x1c36e490 | out: pToken=0x1c36e490) returned 0x0 [0240.735] WbemLocator:IUnknown:AddRef (This=0x1c089da8) returned 0x2 [0240.735] WbemLocator:IUnknown:QueryInterface (in: This=0x1c089da8, riid=0x1c36e5d0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c36e5b0 | out: ppvObject=0x1c36e5b0*=0x1af27750) returned 0x0 [0240.735] WbemLocator:IUnknown:Release (This=0x1c089da8) returned 0x2 [0240.735] IUnknown:AddRef (This=0x1af27750) returned 0x3 [0240.735] IEnumWbemClassObject:Clone (in: This=0x1af27750, ppEnum=0x1c36ea10 | out: ppEnum=0x1c36ea10*=0x1af27600) returned 0x0 [0240.954] IUnknown:QueryInterface (in: This=0x1af27600, riid=0x7ffb853a1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c36e668 | out: ppvObject=0x1c36e668*=0x1af27608) returned 0x0 [0240.954] IClientSecurity:QueryBlanket (in: This=0x1af27608, pProxy=0x1af27600, pAuthnSvc=0x1c36e660, pAuthzSvc=0x1c36e65c, pServerPrincName=0x1c36e688, pAuthnLevel=0x1c36e658, pImpLevel=0x1c36e674, pAuthInfo=0x1c36e698, pCapabilites=0x1c36e670 | out: pAuthnSvc=0x1c36e660*=0xa, pAuthzSvc=0x1c36e65c*=0x0, pServerPrincName=0x1c36e688, pAuthnLevel=0x1c36e658*=0x6, pImpLevel=0x1c36e674*=0x2, pAuthInfo=0x1c36e698, pCapabilites=0x1c36e670*=0x1) returned 0x0 [0240.954] IUnknown:Release (This=0x1af27608) returned 0x1 [0240.954] IUnknown:QueryInterface (in: This=0x1af27600, riid=0x7ffb853a1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c36e608 | out: ppvObject=0x1c36e608*=0x1c089f48) returned 0x0 [0240.954] IUnknown:QueryInterface (in: This=0x1af27600, riid=0x7ffb853a1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c36e598 | out: ppvObject=0x1c36e598*=0x1af27608) returned 0x0 [0240.954] IClientSecurity:SetBlanket (This=0x1af27608, pProxy=0x1af27600, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0240.956] IUnknown:Release (This=0x1af27608) returned 0x2 [0240.956] WbemLocator:IUnknown:Release (This=0x1c089f48) returned 0x1 [0240.956] CoTaskMemFree (pv=0x1af517b0) [0240.957] IUnknown:QueryInterface (in: This=0x1af27600, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c36e230 | out: ppvObject=0x1c36e230*=0x1c089f48) returned 0x0 [0240.957] WbemLocator:IUnknown:QueryInterface (in: This=0x1c089f48, riid=0x7ffb7330d840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c36e2b0 | out: ppvObject=0x1c36e2b0*=0x0) returned 0x80004002 [0240.958] WbemLocator:IUnknown:QueryInterface (in: This=0x1c089f48, riid=0x7ffb7330d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c36e048 | out: ppvObject=0x1c36e048*=0x0) returned 0x80004002 [0240.958] WbemLocator:IUnknown:AddRef (This=0x1c089f48) returned 0x3 [0240.959] CoGetContextToken (in: pToken=0x1c36df00 | out: pToken=0x1c36df00) returned 0x0 [0240.959] WbemLocator:IUnknown:QueryInterface (in: This=0x1c089f48, riid=0x7ffb7330d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c36dec0 | out: ppvObject=0x1c36dec0*=0x1c089e28) returned 0x0 [0240.959] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1c089e28, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c36def0 | out: pCid=0x1c36def0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0240.959] WbemLocator:IUnknown:Release (This=0x1c089e28) returned 0x3 [0240.959] CoGetContextToken (in: pToken=0x1c36ded0 | out: pToken=0x1c36ded0) returned 0x0 [0240.959] WbemLocator:IUnknown:AddRef (This=0x1c089f48) returned 0x4 [0240.959] WbemLocator:IUnknown:QueryInterface (in: This=0x1c089f48, riid=0x7ffb7330d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c36dfe8 | out: ppvObject=0x1c36dfe8*=0x1c089f10) returned 0x0 [0240.959] WbemLocator:IUnknown:Release (This=0x1c089f48) returned 0x4 [0240.960] WbemLocator:IRpcOptions:Query (in: This=0x1c089f10, pPrx=0x1c089f48, dwProperty=2, pdwValue=0x1c36e058 | out: pdwValue=0x1c36e058) returned 0x80004002 [0240.960] WbemLocator:IUnknown:Release (This=0x1c089f10) returned 0x3 [0240.960] WbemLocator:IUnknown:Release (This=0x1c089f48) returned 0x2 [0240.960] CoGetContextToken (in: pToken=0x1c36e3d0 | out: pToken=0x1c36e3d0) returned 0x0 [0240.960] CoGetContextToken (in: pToken=0x1c36e310 | out: pToken=0x1c36e310) returned 0x0 [0240.960] WbemLocator:IUnknown:AddRef (This=0x1c089f48) returned 0x3 [0240.960] WbemLocator:IUnknown:QueryInterface (in: This=0x1c089f48, riid=0x1c36e450*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c36e430 | out: ppvObject=0x1c36e430*=0x1af27600) returned 0x0 [0240.960] WbemLocator:IUnknown:Release (This=0x1c089f48) returned 0x3 [0240.961] IUnknown:Release (This=0x1af27600) returned 0x2 [0240.961] IUnknown:Release (This=0x1af27600) returned 0x1 [0240.961] IUnknown:Release (This=0x1af27750) returned 0x2 [0240.961] SysStringLen (param_1=0x0) returned 0x0 [0240.961] CoGetContextToken (in: pToken=0x1c36e850 | out: pToken=0x1c36e850) returned 0x0 [0240.961] CoGetContextToken (in: pToken=0x1c36e790 | out: pToken=0x1c36e790) returned 0x0 [0240.961] WbemLocator:IUnknown:AddRef (This=0x1c089f48) returned 0x2 [0240.961] WbemLocator:IUnknown:QueryInterface (in: This=0x1c089f48, riid=0x1c36e8d0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c36e8b0 | out: ppvObject=0x1c36e8b0*=0x1af27600) returned 0x0 [0240.961] WbemLocator:IUnknown:Release (This=0x1c089f48) returned 0x2 [0240.962] IUnknown:AddRef (This=0x1af27600) returned 0x3 [0240.962] IEnumWbemClassObject:Reset (This=0x1af27600) returned 0x0 [0240.964] IUnknown:Release (This=0x1af27600) returned 0x2 [0240.965] CoTaskMemAlloc (cb=0x8) returned 0x1af2a790 [0240.965] IEnumWbemClassObject:Next (in: This=0x1af27600, lTimeout=-1, uCount=0x1, apObjects=0x1af2a790, puReturned=0x1c36ead8 | out: apObjects=0x1af2a790*=0x0, puReturned=0x1c36ead8*=0x0) returned 0x1 [0240.966] CoTaskMemFree (pv=0x1af2a790) [0240.966] CoGetContextToken (in: pToken=0x1c36e7e0 | out: pToken=0x1c36e7e0) returned 0x0 [0240.966] WbemLocator:IUnknown:Release (This=0x1c089f48) returned 0x1 [0240.966] IUnknown:Release (This=0x1af27600) returned 0x0 [0240.967] SetEvent (hEvent=0x51c) returned 1 [0240.968] GetForegroundWindow () returned 0x10080 [0240.968] CoTaskMemAlloc (cb=0x204) returned 0x1c07b540 [0240.968] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b540, nMaxCount=256 | out: lpString="") returned 0 [0240.968] CoTaskMemFree (pv=0x1c07b540) [0241.439] GetForegroundWindow () returned 0x100d4 [0241.439] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0241.439] EnumProcesses (in: lpidProcess=0x285e350, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x285e350, lpcbNeeded=0x1c36f3d0) returned 1 [0241.440] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x127a0b08, ResultLength=0x1c36f370*=0xfa08) returned 0x0 [0241.447] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0241.448] CoTaskMemAlloc (cb=0x204) returned 0x1c07c1a0 [0241.448] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07c1a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0241.448] CoTaskMemFree (pv=0x1c07c1a0) [0241.450] GetForegroundWindow () returned 0x10080 [0241.450] CoTaskMemAlloc (cb=0x204) returned 0x1c07b330 [0241.450] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b330, nMaxCount=256 | out: lpString="") returned 0 [0241.450] CoTaskMemFree (pv=0x1c07b330) [0241.467] GetForegroundWindow () returned 0x10080 [0241.467] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0241.467] EnumProcesses (in: lpidProcess=0x287c7c0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x287c7c0, lpcbNeeded=0x1c36f3d0) returned 1 [0241.468] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x127c0b38, ResultLength=0x1c36f370*=0xfa08) returned 0x0 [0241.469] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0241.469] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0241.469] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0241.469] CoTaskMemFree (pv=0x1c07c3b0) [0241.592] GetForegroundWindow () returned 0x10080 [0241.592] CoTaskMemAlloc (cb=0x204) returned 0x1c07c7d0 [0241.592] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c7d0, nMaxCount=256 | out: lpString="") returned 0 [0241.593] CoTaskMemFree (pv=0x1c07c7d0) [0241.594] GetForegroundWindow () returned 0x10080 [0241.594] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0241.594] EnumProcesses (in: lpidProcess=0x28b9090, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28b9090, lpcbNeeded=0x1c36f3d0) returned 1 [0241.595] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800fb8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12800fb8, ResultLength=0x1c36f370*=0xfa08) returned 0x0 [0241.596] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0241.596] CoTaskMemAlloc (cb=0x204) returned 0x1c07b120 [0241.596] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b120, nMaxCount=256 | out: lpString="") returned 0 [0241.596] CoTaskMemFree (pv=0x1c07b120) [0241.748] GetForegroundWindow () returned 0x100d4 [0241.748] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0241.749] EnumProcesses (in: lpidProcess=0x28d7e18, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28d7e18, lpcbNeeded=0x1c36f3e0) returned 1 [0241.749] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820fe8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12820fe8, ResultLength=0x1c36f380*=0xfa08) returned 0x0 [0241.750] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0241.750] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0241.750] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0241.751] CoTaskMemFree (pv=0x1c07c3b0) [0241.752] GetForegroundWindow () returned 0x10080 [0241.752] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0241.752] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="") returned 0 [0241.752] CoTaskMemFree (pv=0x1c07bf90) [0241.920] GetForegroundWindow () returned 0x10080 [0241.920] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0241.920] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0241.921] CoTaskMemFree (pv=0x1c07b960) [0241.922] GetForegroundWindow () returned 0x10080 [0241.922] CoTaskMemAlloc (cb=0x204) returned 0x1c07b540 [0241.922] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b540, nMaxCount=256 | out: lpString="") returned 0 [0241.923] CoTaskMemFree (pv=0x1c07b540) [0242.046] GetForegroundWindow () returned 0x10080 [0242.046] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0242.046] EnumProcesses (in: lpidProcess=0x2933130, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2933130, lpcbNeeded=0x1c36f3e0) returned 1 [0242.047] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12881078, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12881078, ResultLength=0x1c36f380*=0xfa08) returned 0x0 [0242.048] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0242.048] CoTaskMemAlloc (cb=0x204) returned 0x1c07bd80 [0242.048] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bd80, nMaxCount=256 | out: lpString="") returned 0 [0242.048] CoTaskMemFree (pv=0x1c07bd80) [0242.049] GetForegroundWindow () returned 0x100d4 [0242.050] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0242.050] EnumProcesses (in: lpidProcess=0x29512e0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x29512e0, lpcbNeeded=0x1c36f3d0) returned 1 [0242.050] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a10a8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x128a10a8, ResultLength=0x1c36f370*=0xfa08) returned 0x0 [0242.051] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0242.052] CoTaskMemAlloc (cb=0x204) returned 0x1c07c7d0 [0242.052] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07c7d0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0242.053] CoTaskMemFree (pv=0x1c07c7d0) [0242.186] GetForegroundWindow () returned 0x10080 [0242.186] CoTaskMemAlloc (cb=0x204) returned 0x1c07c7d0 [0242.186] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c7d0, nMaxCount=256 | out: lpString="") returned 0 [0242.186] CoTaskMemFree (pv=0x1c07c7d0) [0242.188] GetForegroundWindow () returned 0x10080 [0242.188] CoTaskMemAlloc (cb=0x204) returned 0x1c07c5c0 [0242.188] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c5c0, nMaxCount=256 | out: lpString="") returned 0 [0242.188] CoTaskMemFree (pv=0x1c07c5c0) [0242.362] GetForegroundWindow () returned 0x10080 [0242.362] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0242.362] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0242.362] CoTaskMemFree (pv=0x1c07c3b0) [0242.363] GetForegroundWindow () returned 0x10080 [0242.364] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0242.364] EnumProcesses (in: lpidProcess=0x27c4240, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27c4240, lpcbNeeded=0x1c36f3d0) returned 1 [0242.366] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x129bd8f0, ResultLength=0x1c36f370*=0xf9b8) returned 0x0 [0242.370] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0242.370] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0242.370] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0242.370] CoTaskMemFree (pv=0x1c07b960) [0242.545] GetForegroundWindow () returned 0x100d4 [0242.548] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0242.548] EnumProcesses (in: lpidProcess=0x27e3138, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27e3138, lpcbNeeded=0x1c36f3e0) returned 1 [0242.550] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129dd920, ResultLength=0x1c36f380*=0xf9b8) returned 0x0 [0242.553] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0242.553] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0242.553] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0242.553] CoTaskMemFree (pv=0x1c07cbf0) [0242.555] GetForegroundWindow () returned 0x10080 [0242.555] CoTaskMemAlloc (cb=0x204) returned 0x1c07c5c0 [0242.555] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c5c0, nMaxCount=256 | out: lpString="") returned 0 [0242.555] CoTaskMemFree (pv=0x1c07c5c0) [0242.686] GetForegroundWindow () returned 0x10080 [0242.686] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0242.686] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0242.686] CoTaskMemFree (pv=0x1c07c3b0) [0242.688] GetForegroundWindow () returned 0x10080 [0242.688] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0242.688] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="") returned 0 [0242.688] CoTaskMemFree (pv=0x1c07cbf0) [0242.826] GetForegroundWindow () returned 0x10080 [0242.826] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0242.826] EnumProcesses (in: lpidProcess=0x283e228, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x283e228, lpcbNeeded=0x1c36f3e0) returned 1 [0242.828] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1c36f380*=0xf9b8) returned 0x0 [0242.830] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0242.831] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0242.831] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0242.831] CoTaskMemFree (pv=0x1c07b960) [0242.832] GetForegroundWindow () returned 0x100d4 [0242.832] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0242.832] EnumProcesses (in: lpidProcess=0x285c348, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x285c348, lpcbNeeded=0x1c36f3d0) returned 1 [0242.834] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1c36f370*=0xf9b8) returned 0x0 [0242.836] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0242.836] CoTaskMemAlloc (cb=0x204) returned 0x1c07b330 [0242.836] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07b330, nMaxCount=256 | out: lpString="FolderView") returned 10 [0242.836] CoTaskMemFree (pv=0x1c07b330) [0243.011] GetForegroundWindow () returned 0x10080 [0243.011] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0243.011] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0243.011] CoTaskMemFree (pv=0x1c07b960) [0243.012] GetLastInputInfo (in: plii=0x1c36f500 | out: plii=0x1c36f500*(cbSize=0x8, dwTime=0x16f3f)) returned 1 [0243.013] GetForegroundWindow () returned 0x10080 [0243.013] CoTaskMemAlloc (cb=0x204) returned 0x1c07bd80 [0243.013] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bd80, nMaxCount=256 | out: lpString="") returned 0 [0243.013] CoTaskMemFree (pv=0x1c07bd80) [0243.289] GetForegroundWindow () returned 0x10080 [0243.289] CoTaskMemAlloc (cb=0x204) returned 0x1c07c9e0 [0243.289] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c9e0, nMaxCount=256 | out: lpString="") returned 0 [0243.289] CoTaskMemFree (pv=0x1c07c9e0) [0243.291] GetForegroundWindow () returned 0x10080 [0243.291] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0243.291] EnumProcesses (in: lpidProcess=0x27c4150, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27c4150, lpcbNeeded=0x1c36f3d0) returned 1 [0243.295] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12700a18, ResultLength=0x1c36f370*=0xf9b8) returned 0x0 [0243.303] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0243.303] CoTaskMemAlloc (cb=0x204) returned 0x1c07b540 [0243.304] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b540, nMaxCount=256 | out: lpString="") returned 0 [0243.304] CoTaskMemFree (pv=0x1c07b540) [0243.420] GetForegroundWindow () returned 0x100d4 [0243.420] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0243.420] EnumProcesses (in: lpidProcess=0x27e2f90, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27e2f90, lpcbNeeded=0x1c36f3e0) returned 1 [0243.421] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12720a48, ResultLength=0x1c36f380*=0xf9b8) returned 0x0 [0243.422] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0243.422] CoTaskMemAlloc (cb=0x204) returned 0x1c07c1a0 [0243.422] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07c1a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0243.423] CoTaskMemFree (pv=0x1c07c1a0) [0243.424] GetForegroundWindow () returned 0x10080 [0243.424] CoTaskMemAlloc (cb=0x204) returned 0x1c07ce00 [0243.424] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07ce00, nMaxCount=256 | out: lpString="") returned 0 [0243.425] CoTaskMemFree (pv=0x1c07ce00) [0243.589] GetForegroundWindow () returned 0x10080 [0243.590] CoTaskMemAlloc (cb=0x204) returned 0x1c07c7d0 [0243.590] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c7d0, nMaxCount=256 | out: lpString="") returned 0 [0243.590] CoTaskMemFree (pv=0x1c07c7d0) [0243.592] GetForegroundWindow () returned 0x10080 [0243.592] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0243.592] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="") returned 0 [0243.592] CoTaskMemFree (pv=0x1c07bf90) [0243.717] GetForegroundWindow () returned 0x10080 [0243.717] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0243.717] EnumProcesses (in: lpidProcess=0x283dff0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x283dff0, lpcbNeeded=0x1c36f3e0) returned 1 [0243.718] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12780ad8, ResultLength=0x1c36f380*=0xf968) returned 0x0 [0243.719] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0243.719] CoTaskMemAlloc (cb=0x204) returned 0x1c07bd80 [0243.720] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bd80, nMaxCount=256 | out: lpString="") returned 0 [0243.720] CoTaskMemFree (pv=0x1c07bd80) [0243.721] GetForegroundWindow () returned 0x100d4 [0243.722] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0243.722] EnumProcesses (in: lpidProcess=0x285c080, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x285c080, lpcbNeeded=0x1c36f3d0) returned 1 [0243.722] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x127a0b08, ResultLength=0x1c36f370*=0xf968) returned 0x0 [0243.723] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0243.723] CoTaskMemAlloc (cb=0x204) returned 0x1c07c1a0 [0243.723] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07c1a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0243.723] CoTaskMemFree (pv=0x1c07c1a0) [0244.630] GetForegroundWindow () returned 0x10080 [0244.631] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0244.631] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0244.631] CoTaskMemFree (pv=0x1c07c3b0) [0244.632] GetForegroundWindow () returned 0x10080 [0244.632] CoTaskMemAlloc (cb=0x204) returned 0x1c07b540 [0244.632] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b540, nMaxCount=256 | out: lpString="") returned 0 [0244.633] CoTaskMemFree (pv=0x1c07b540) [0244.748] GetForegroundWindow () returned 0x10080 [0244.748] CoTaskMemAlloc (cb=0x204) returned 0x1c07c7d0 [0244.748] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c7d0, nMaxCount=256 | out: lpString="") returned 0 [0244.748] CoTaskMemFree (pv=0x1c07c7d0) [0244.750] GetForegroundWindow () returned 0x10080 [0244.750] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0244.750] EnumProcesses (in: lpidProcess=0x28b70c8, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28b70c8, lpcbNeeded=0x1c36f3d0) returned 1 [0244.751] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800fb8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12800fb8, ResultLength=0x1c36f370*=0xf9b8) returned 0x0 [0244.752] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0244.752] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0244.752] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0244.752] CoTaskMemFree (pv=0x1c07c3b0) [0244.940] GetForegroundWindow () returned 0x100d4 [0244.940] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0244.941] EnumProcesses (in: lpidProcess=0x28d5748, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28d5748, lpcbNeeded=0x1c36f3e0) returned 1 [0244.943] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820fe8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12820fe8, ResultLength=0x1c36f380*=0xf9b8) returned 0x0 [0244.945] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0244.946] CoTaskMemAlloc (cb=0x204) returned 0x1c07bd80 [0244.946] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07bd80, nMaxCount=256 | out: lpString="FolderView") returned 10 [0244.946] CoTaskMemFree (pv=0x1c07bd80) [0244.947] GetForegroundWindow () returned 0x10080 [0244.947] CoTaskMemAlloc (cb=0x204) returned 0x1c07b120 [0244.948] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b120, nMaxCount=256 | out: lpString="") returned 0 [0244.948] CoTaskMemFree (pv=0x1c07b120) [0245.144] GetForegroundWindow () returned 0x10080 [0245.144] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0245.145] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0245.145] CoTaskMemFree (pv=0x1c07c3b0) [0245.148] GetForegroundWindow () returned 0x10080 [0245.148] CoTaskMemAlloc (cb=0x204) returned 0x1c07ce00 [0245.148] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07ce00, nMaxCount=256 | out: lpString="") returned 0 [0245.148] CoTaskMemFree (pv=0x1c07ce00) [0245.284] GetForegroundWindow () returned 0x10080 [0245.284] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0245.284] EnumProcesses (in: lpidProcess=0x2930798, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2930798, lpcbNeeded=0x1c36f3e0) returned 1 [0245.285] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12881078, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12881078, ResultLength=0x1c36f380*=0xf8c8) returned 0x0 [0245.286] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0245.286] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0245.287] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="") returned 0 [0245.287] CoTaskMemFree (pv=0x1c07bf90) [0245.288] GetForegroundWindow () returned 0x100d4 [0245.288] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0245.289] EnumProcesses (in: lpidProcess=0x294e708, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x294e708, lpcbNeeded=0x1c36f3d0) returned 1 [0245.290] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a10a8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x128a10a8, ResultLength=0x1c36f370*=0xf8c8) returned 0x0 [0245.291] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0245.291] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0245.291] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07b960, nMaxCount=256 | out: lpString="FolderView") returned 10 [0245.291] CoTaskMemFree (pv=0x1c07b960) [0245.408] GetForegroundWindow () returned 0x10080 [0245.408] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0245.408] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0245.408] CoTaskMemFree (pv=0x1c07c3b0) [0245.410] GetForegroundWindow () returned 0x10080 [0245.410] CoTaskMemAlloc (cb=0x204) returned 0x1c07bb70 [0245.410] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bb70, nMaxCount=256 | out: lpString="") returned 0 [0245.410] CoTaskMemFree (pv=0x1c07bb70) [0245.549] GetForegroundWindow () returned 0x10080 [0245.549] CoTaskMemAlloc (cb=0x204) returned 0x1c07b330 [0245.550] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b330, nMaxCount=256 | out: lpString="") returned 0 [0245.550] CoTaskMemFree (pv=0x1c07b330) [0245.551] GetForegroundWindow () returned 0x10080 [0245.551] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0245.551] EnumProcesses (in: lpidProcess=0x27c1610, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27c1610, lpcbNeeded=0x1c36f3d0) returned 1 [0245.553] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x129bd8f0, ResultLength=0x1c36f370*=0xf8c8) returned 0x0 [0245.555] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0245.555] CoTaskMemAlloc (cb=0x204) returned 0x1c07bd80 [0245.555] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bd80, nMaxCount=256 | out: lpString="") returned 0 [0245.555] CoTaskMemFree (pv=0x1c07bd80) [0245.676] GetForegroundWindow () returned 0x100d4 [0245.676] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0245.676] EnumProcesses (in: lpidProcess=0x27e0470, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27e0470, lpcbNeeded=0x1c36f3e0) returned 1 [0245.677] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129dd920, ResultLength=0x1c36f380*=0xf968) returned 0x0 [0245.680] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0245.680] CoTaskMemAlloc (cb=0x204) returned 0x1c07c9e0 [0245.680] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07c9e0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0245.680] CoTaskMemFree (pv=0x1c07c9e0) [0245.681] GetForegroundWindow () returned 0x10080 [0245.681] CoTaskMemAlloc (cb=0x204) returned 0x1c07b540 [0245.681] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b540, nMaxCount=256 | out: lpString="") returned 0 [0245.682] CoTaskMemFree (pv=0x1c07b540) [0245.814] GetForegroundWindow () returned 0x10080 [0245.814] CoTaskMemAlloc (cb=0x204) returned 0x1c07b120 [0245.814] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b120, nMaxCount=256 | out: lpString="") returned 0 [0245.815] CoTaskMemFree (pv=0x1c07b120) [0245.816] GetForegroundWindow () returned 0x10080 [0245.816] CoTaskMemAlloc (cb=0x204) returned 0x1c07c7d0 [0245.816] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c7d0, nMaxCount=256 | out: lpString="") returned 0 [0245.816] CoTaskMemFree (pv=0x1c07c7d0) [0245.939] GetForegroundWindow () returned 0x10080 [0245.939] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0245.939] EnumProcesses (in: lpidProcess=0x283b5f0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x283b5f0, lpcbNeeded=0x1c36f3e0) returned 1 [0245.941] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1c36f380*=0xfa08) returned 0x0 [0245.944] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0245.944] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0245.944] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0245.945] CoTaskMemFree (pv=0x1c07c3b0) [0245.946] GetForegroundWindow () returned 0x100d4 [0245.946] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0245.946] EnumProcesses (in: lpidProcess=0x28597a0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28597a0, lpcbNeeded=0x1c36f3d0) returned 1 [0245.948] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1c36f370*=0xfa08) returned 0x0 [0245.951] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0245.951] CoTaskMemAlloc (cb=0x204) returned 0x1c07b120 [0245.951] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07b120, nMaxCount=256 | out: lpString="FolderView") returned 10 [0245.951] CoTaskMemFree (pv=0x1c07b120) [0246.080] GetForegroundWindow () returned 0x10080 [0246.080] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0246.080] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0246.080] CoTaskMemFree (pv=0x1c07c3b0) [0246.082] GetForegroundWindow () returned 0x10080 [0246.082] CoTaskMemAlloc (cb=0x204) returned 0x1c07b540 [0246.082] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b540, nMaxCount=256 | out: lpString="") returned 0 [0246.082] CoTaskMemFree (pv=0x1c07b540) [0246.220] GetForegroundWindow () returned 0x10080 [0246.220] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0246.220] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="") returned 0 [0246.221] CoTaskMemFree (pv=0x1c07cbf0) [0246.222] GetForegroundWindow () returned 0x10080 [0246.222] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0246.222] EnumProcesses (in: lpidProcess=0x27c4140, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27c4140, lpcbNeeded=0x1c36f3d0) returned 1 [0246.224] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12700a18, ResultLength=0x1c36f370*=0xf9b8) returned 0x0 [0246.224] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0246.225] CoTaskMemAlloc (cb=0x204) returned 0x1c07c9e0 [0246.225] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c9e0, nMaxCount=256 | out: lpString="") returned 0 [0246.225] CoTaskMemFree (pv=0x1c07c9e0) [0246.345] GetForegroundWindow () returned 0x100d4 [0246.345] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0246.345] EnumProcesses (in: lpidProcess=0x27e2ec0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27e2ec0, lpcbNeeded=0x1c36f3e0) returned 1 [0246.347] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12720a48, ResultLength=0x1c36f380*=0xf9b8) returned 0x0 [0246.348] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0246.348] CoTaskMemAlloc (cb=0x204) returned 0x1c07b330 [0246.348] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07b330, nMaxCount=256 | out: lpString="FolderView") returned 10 [0246.348] CoTaskMemFree (pv=0x1c07b330) [0246.349] GetForegroundWindow () returned 0x10080 [0246.350] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0246.350] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="") returned 0 [0246.350] CoTaskMemFree (pv=0x1c07cbf0) [0246.470] GetForegroundWindow () returned 0x10080 [0246.470] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0246.470] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0246.471] CoTaskMemFree (pv=0x1c07b960) [0246.472] GetForegroundWindow () returned 0x10080 [0246.472] CoTaskMemAlloc (cb=0x204) returned 0x1c07c7d0 [0246.472] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c7d0, nMaxCount=256 | out: lpString="") returned 0 [0246.473] CoTaskMemFree (pv=0x1c07c7d0) [0246.596] GetForegroundWindow () returned 0x10080 [0246.596] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0246.597] EnumProcesses (in: lpidProcess=0x283ddd0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x283ddd0, lpcbNeeded=0x1c36f3e0) returned 1 [0246.598] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12780ad8, ResultLength=0x1c36f380*=0xf9b8) returned 0x0 [0246.612] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0246.612] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0246.612] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="") returned 0 [0246.612] CoTaskMemFree (pv=0x1c07cbf0) [0246.615] GetForegroundWindow () returned 0x100d4 [0246.615] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0246.615] EnumProcesses (in: lpidProcess=0x285be50, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x285be50, lpcbNeeded=0x1c36f3d0) returned 1 [0246.616] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x127a0b08, ResultLength=0x1c36f370*=0xf9b8) returned 0x0 [0246.617] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0246.617] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0246.617] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0246.617] CoTaskMemFree (pv=0x1c07c3b0) [0246.672] GetForegroundWindow () returned 0x10080 [0246.672] CoTaskMemAlloc (cb=0x204) returned 0x1c07c1a0 [0246.672] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c1a0, nMaxCount=256 | out: lpString="") returned 0 [0246.672] CoTaskMemFree (pv=0x1c07c1a0) [0246.674] GetForegroundWindow () returned 0x10080 [0246.674] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0246.674] EnumProcesses (in: lpidProcess=0x287a208, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x287a208, lpcbNeeded=0x1c36f3d0) returned 1 [0246.675] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x127c0b38, ResultLength=0x1c36f370*=0xf9b8) returned 0x0 [0246.675] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0246.675] CoTaskMemAlloc (cb=0x204) returned 0x1c07c9e0 [0246.676] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c9e0, nMaxCount=256 | out: lpString="") returned 0 [0246.676] CoTaskMemFree (pv=0x1c07c9e0) [0246.789] GetForegroundWindow () returned 0x10080 [0246.790] CoTaskMemAlloc (cb=0x204) returned 0x1c07c5c0 [0246.790] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c5c0, nMaxCount=256 | out: lpString="") returned 0 [0246.790] CoTaskMemFree (pv=0x1c07c5c0) [0246.791] GetForegroundWindow () returned 0x10080 [0246.791] CoTaskMemAlloc (cb=0x204) returned 0x1c07bd80 [0246.792] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bd80, nMaxCount=256 | out: lpString="") returned 0 [0246.792] CoTaskMemFree (pv=0x1c07bd80) [0246.915] GetForegroundWindow () returned 0x100d4 [0246.915] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0246.915] EnumProcesses (in: lpidProcess=0x28b7088, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28b7088, lpcbNeeded=0x1c36f3e0) returned 1 [0246.916] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800fb8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12800fb8, ResultLength=0x1c36f380*=0xf9b8) returned 0x0 [0246.918] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0246.918] CoTaskMemAlloc (cb=0x204) returned 0x1c07c7d0 [0246.918] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07c7d0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0246.918] CoTaskMemFree (pv=0x1c07c7d0) [0246.920] GetForegroundWindow () returned 0x10080 [0246.920] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0246.920] EnumProcesses (in: lpidProcess=0x28d5118, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28d5118, lpcbNeeded=0x1c36f3d0) returned 1 [0246.921] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820fe8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12820fe8, ResultLength=0x1c36f370*=0xf9b8) returned 0x0 [0246.921] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0246.922] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0246.922] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0246.922] CoTaskMemFree (pv=0x1c07b960) [0247.072] GetForegroundWindow () returned 0x10080 [0247.072] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0247.072] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="") returned 0 [0247.072] CoTaskMemFree (pv=0x1c07bf90) [0247.074] GetLastInputInfo (in: plii=0x1c36f500 | out: plii=0x1c36f500*(cbSize=0x8, dwTime=0x16f3f)) returned 1 [0247.075] GetForegroundWindow () returned 0x10080 [0247.075] CoTaskMemAlloc (cb=0x204) returned 0x1c07bb70 [0247.075] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bb70, nMaxCount=256 | out: lpString="") returned 0 [0247.075] CoTaskMemFree (pv=0x1c07bb70) [0247.196] GetForegroundWindow () returned 0x10080 [0247.196] CoTaskMemAlloc (cb=0x204) returned 0x1c07bb70 [0247.196] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bb70, nMaxCount=256 | out: lpString="") returned 0 [0247.197] CoTaskMemFree (pv=0x1c07bb70) [0247.198] GetForegroundWindow () returned 0x100d4 [0247.198] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0247.198] EnumProcesses (in: lpidProcess=0x2912280, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2912280, lpcbNeeded=0x1c36f3d0) returned 1 [0247.199] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12861048, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12861048, ResultLength=0x1c36f370*=0xf9b8) returned 0x0 [0247.206] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0247.206] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0247.206] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07b960, nMaxCount=256 | out: lpString="FolderView") returned 10 [0247.206] CoTaskMemFree (pv=0x1c07b960) [0247.337] GetForegroundWindow () returned 0x10080 [0247.337] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0247.337] EnumProcesses (in: lpidProcess=0x296c420, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x296c420, lpcbNeeded=0x1c36f3e0) returned 1 [0247.338] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c10d8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x128c10d8, ResultLength=0x1c36f380*=0xf9b8) returned 0x0 [0247.340] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0247.340] CoTaskMemAlloc (cb=0x204) returned 0x1c07b120 [0247.340] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b120, nMaxCount=256 | out: lpString="") returned 0 [0247.340] CoTaskMemFree (pv=0x1c07b120) [0247.342] GetForegroundWindow () returned 0x10080 [0247.342] CoTaskMemAlloc (cb=0x204) returned 0x1c07bb70 [0247.342] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bb70, nMaxCount=256 | out: lpString="") returned 0 [0247.342] CoTaskMemFree (pv=0x1c07bb70) [0247.462] GetForegroundWindow () returned 0x10080 [0247.462] CoTaskMemAlloc (cb=0x204) returned 0x1c07c7d0 [0247.462] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c7d0, nMaxCount=256 | out: lpString="") returned 0 [0247.462] CoTaskMemFree (pv=0x1c07c7d0) [0247.464] GetForegroundWindow () returned 0x10080 [0247.464] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0247.464] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="") returned 0 [0247.464] CoTaskMemFree (pv=0x1c07bf90) [0247.602] GetForegroundWindow () returned 0x100d4 [0247.603] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0247.603] EnumProcesses (in: lpidProcess=0x27c1798, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27c1798, lpcbNeeded=0x1c36f3e0) returned 1 [0247.605] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129bd8f0, ResultLength=0x1c36f380*=0xf9b8) returned 0x0 [0247.608] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0247.608] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0247.608] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07b960, nMaxCount=256 | out: lpString="FolderView") returned 10 [0247.608] CoTaskMemFree (pv=0x1c07b960) [0247.610] GetForegroundWindow () returned 0x10080 [0247.610] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0247.610] EnumProcesses (in: lpidProcess=0x27e0118, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27e0118, lpcbNeeded=0x1c36f3d0) returned 1 [0247.612] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x129dd920, ResultLength=0x1c36f370*=0xf9b8) returned 0x0 [0247.615] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0247.615] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0247.615] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0247.616] CoTaskMemFree (pv=0x1c07b960) [0247.665] GetForegroundWindow () returned 0x10080 [0247.665] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0247.665] EnumProcesses (in: lpidProcess=0x27fe210, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27fe210, lpcbNeeded=0x1c36f3e0) returned 1 [0247.667] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129fd950, ResultLength=0x1c36f380*=0xf9b8) returned 0x0 [0247.670] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0247.670] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0247.670] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0247.670] CoTaskMemFree (pv=0x1c07b960) [0247.672] GetForegroundWindow () returned 0x10080 [0247.672] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0247.672] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0247.672] CoTaskMemFree (pv=0x1c07c3b0) [0247.790] GetForegroundWindow () returned 0x10080 [0247.790] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0247.790] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="") returned 0 [0247.790] CoTaskMemFree (pv=0x1c07cbf0) [0247.792] GetForegroundWindow () returned 0x100d4 [0247.792] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0247.792] EnumProcesses (in: lpidProcess=0x281cd50, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x281cd50, lpcbNeeded=0x1c36f3d0) returned 1 [0247.794] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a1d980, ResultLength=0x1c36f370*=0xf9b8) returned 0x0 [0247.798] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0247.798] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0247.798] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0247.798] CoTaskMemFree (pv=0x1c07cbf0) [0247.915] GetForegroundWindow () returned 0x10080 [0247.915] CoTaskMemAlloc (cb=0x204) returned 0x1c07bd80 [0247.915] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bd80, nMaxCount=256 | out: lpString="") returned 0 [0247.915] CoTaskMemFree (pv=0x1c07bd80) [0247.917] GetForegroundWindow () returned 0x10080 [0247.917] CoTaskMemAlloc (cb=0x204) returned 0x1c07ce00 [0247.917] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07ce00, nMaxCount=256 | out: lpString="") returned 0 [0247.917] CoTaskMemFree (pv=0x1c07ce00) [0248.044] GetForegroundWindow () returned 0x10080 [0248.045] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0248.045] EnumProcesses (in: lpidProcess=0x28779b0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28779b0, lpcbNeeded=0x1c36f3e0) returned 1 [0248.046] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7da10, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12a7da10, ResultLength=0x1c36f380*=0xf9b8) returned 0x0 [0248.049] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0248.049] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0248.049] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="") returned 0 [0248.049] CoTaskMemFree (pv=0x1c07cbf0) [0248.050] GetForegroundWindow () returned 0x10080 [0248.050] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0248.050] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="") returned 0 [0248.050] CoTaskMemFree (pv=0x1c07bf90) [0248.165] GetForegroundWindow () returned 0x100d4 [0248.165] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0248.165] EnumProcesses (in: lpidProcess=0x2896240, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2896240, lpcbNeeded=0x1c36f3e0) returned 1 [0248.198] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x126b6e90, ResultLength=0x1c36f380*=0xf9b8) returned 0x0 [0248.206] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0248.206] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0248.206] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07b960, nMaxCount=256 | out: lpString="FolderView") returned 10 [0248.207] CoTaskMemFree (pv=0x1c07b960) [0248.209] GetForegroundWindow () returned 0x10080 [0248.209] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0248.209] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0248.209] CoTaskMemFree (pv=0x1c07b960) [0248.353] GetForegroundWindow () returned 0x10080 [0248.353] CoTaskMemAlloc (cb=0x204) returned 0x1c07b540 [0248.353] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b540, nMaxCount=256 | out: lpString="") returned 0 [0248.353] CoTaskMemFree (pv=0x1c07b540) [0248.354] GetForegroundWindow () returned 0x10080 [0248.354] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0248.355] EnumProcesses (in: lpidProcess=0x2800c10, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2800c10, lpcbNeeded=0x1c36f3d0) returned 1 [0248.356] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12740a78, ResultLength=0x1c36f370*=0xf9b8) returned 0x0 [0248.357] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0248.357] CoTaskMemAlloc (cb=0x204) returned 0x1c07c7d0 [0248.357] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c7d0, nMaxCount=256 | out: lpString="") returned 0 [0248.357] CoTaskMemFree (pv=0x1c07c7d0) [0248.478] GetForegroundWindow () returned 0x10080 [0248.478] CoTaskMemAlloc (cb=0x204) returned 0x1c07c1a0 [0248.478] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c1a0, nMaxCount=256 | out: lpString="") returned 0 [0248.479] CoTaskMemFree (pv=0x1c07c1a0) [0248.480] GetForegroundWindow () returned 0x100d4 [0248.481] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0248.481] EnumProcesses (in: lpidProcess=0x281f4a0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x281f4a0, lpcbNeeded=0x1c36f3d0) returned 1 [0248.482] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12760aa8, ResultLength=0x1c36f370*=0xf9b8) returned 0x0 [0248.483] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0248.483] CoTaskMemAlloc (cb=0x204) returned 0x1c07bb70 [0248.484] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07bb70, nMaxCount=256 | out: lpString="FolderView") returned 10 [0248.484] CoTaskMemFree (pv=0x1c07bb70) [0248.602] GetForegroundWindow () returned 0x10080 [0248.602] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0248.602] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0248.603] CoTaskMemFree (pv=0x1c07b960) [0248.604] GetForegroundWindow () returned 0x10080 [0248.604] CoTaskMemAlloc (cb=0x204) returned 0x1c07c5c0 [0248.604] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c5c0, nMaxCount=256 | out: lpString="") returned 0 [0248.604] CoTaskMemFree (pv=0x1c07c5c0) [0248.727] GetForegroundWindow () returned 0x10080 [0248.727] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0248.728] EnumProcesses (in: lpidProcess=0x287a178, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x287a178, lpcbNeeded=0x1c36f3e0) returned 1 [0248.729] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x127c0b38, ResultLength=0x1c36f380*=0xf9b8) returned 0x0 [0248.730] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0248.730] CoTaskMemAlloc (cb=0x204) returned 0x1c07ce00 [0248.730] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07ce00, nMaxCount=256 | out: lpString="") returned 0 [0248.730] CoTaskMemFree (pv=0x1c07ce00) [0248.732] GetForegroundWindow () returned 0x10080 [0248.732] CoTaskMemAlloc (cb=0x204) returned 0x1c07bb70 [0248.732] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bb70, nMaxCount=256 | out: lpString="") returned 0 [0248.732] CoTaskMemFree (pv=0x1c07bb70) [0248.852] GetForegroundWindow () returned 0x100d4 [0248.852] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0248.852] EnumProcesses (in: lpidProcess=0x2898a08, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2898a08, lpcbNeeded=0x1c36f3e0) returned 1 [0248.853] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x127e0b68, ResultLength=0x1c36f380*=0xf9b8) returned 0x0 [0248.854] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0248.854] CoTaskMemAlloc (cb=0x204) returned 0x1c07b120 [0248.854] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07b120, nMaxCount=256 | out: lpString="FolderView") returned 10 [0248.854] CoTaskMemFree (pv=0x1c07b120) [0248.856] GetForegroundWindow () returned 0x10080 [0248.856] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0248.856] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0248.856] CoTaskMemFree (pv=0x1c07b960) [0248.993] GetForegroundWindow () returned 0x10080 [0248.993] CoTaskMemAlloc (cb=0x204) returned 0x1c07c1a0 [0248.993] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c1a0, nMaxCount=256 | out: lpString="") returned 0 [0248.993] CoTaskMemFree (pv=0x1c07c1a0) [0248.995] GetForegroundWindow () returned 0x10080 [0248.995] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0248.995] EnumProcesses (in: lpidProcess=0x28f3108, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28f3108, lpcbNeeded=0x1c36f3d0) returned 1 [0248.996] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12841018, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12841018, ResultLength=0x1c36f370*=0xf918) returned 0x0 [0248.997] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0248.997] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0248.997] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0248.997] CoTaskMemFree (pv=0x1c07b960) [0249.087] GetLastInputInfo (in: plii=0x1c36f500 | out: plii=0x1c36f500*(cbSize=0x8, dwTime=0x16f3f)) returned 1 [0249.181] GetForegroundWindow () returned 0x10080 [0249.181] CoTaskMemAlloc (cb=0x204) returned 0x1c07b330 [0249.181] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b330, nMaxCount=256 | out: lpString="") returned 0 [0249.181] CoTaskMemFree (pv=0x1c07b330) [0249.182] GetForegroundWindow () returned 0x100d4 [0249.182] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0249.182] EnumProcesses (in: lpidProcess=0x2911e20, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2911e20, lpcbNeeded=0x1c36f3d0) returned 1 [0249.183] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12861048, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12861048, ResultLength=0x1c36f370*=0xf918) returned 0x0 [0249.191] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0249.191] CoTaskMemAlloc (cb=0x204) returned 0x1c07ce00 [0249.191] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07ce00, nMaxCount=256 | out: lpString="FolderView") returned 10 [0249.191] CoTaskMemFree (pv=0x1c07ce00) [0249.305] GetForegroundWindow () returned 0x10080 [0249.306] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0249.306] EnumProcesses (in: lpidProcess=0x296bb40, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x296bb40, lpcbNeeded=0x1c36f3e0) returned 1 [0249.308] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c10d8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x128c10d8, ResultLength=0x1c36f380*=0xf8c8) returned 0x0 [0249.308] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0249.308] CoTaskMemAlloc (cb=0x204) returned 0x1c07b330 [0249.308] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b330, nMaxCount=256 | out: lpString="") returned 0 [0249.309] CoTaskMemFree (pv=0x1c07b330) [0249.310] GetForegroundWindow () returned 0x10080 [0249.310] CoTaskMemAlloc (cb=0x204) returned 0x1c07b330 [0249.310] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b330, nMaxCount=256 | out: lpString="") returned 0 [0249.310] CoTaskMemFree (pv=0x1c07b330) [0249.443] GetForegroundWindow () returned 0x10080 [0249.443] CoTaskMemAlloc (cb=0x204) returned 0x1c07ce00 [0249.443] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07ce00, nMaxCount=256 | out: lpString="") returned 0 [0249.443] CoTaskMemFree (pv=0x1c07ce00) [0249.445] GetForegroundWindow () returned 0x10080 [0249.445] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0249.445] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0249.445] CoTaskMemFree (pv=0x1c07b960) [0249.614] GetForegroundWindow () returned 0x100d4 [0249.614] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0249.615] EnumProcesses (in: lpidProcess=0x27c0db8, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27c0db8, lpcbNeeded=0x1c36f3e0) returned 1 [0249.616] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129bd8f0, ResultLength=0x1c36f380*=0xf8c8) returned 0x0 [0249.618] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0249.618] CoTaskMemAlloc (cb=0x204) returned 0x1c07bd80 [0249.618] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07bd80, nMaxCount=256 | out: lpString="FolderView") returned 10 [0249.618] CoTaskMemFree (pv=0x1c07bd80) [0249.620] GetForegroundWindow () returned 0x10080 [0249.620] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0249.620] EnumProcesses (in: lpidProcess=0x27df448, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27df448, lpcbNeeded=0x1c36f3d0) returned 1 [0249.621] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x129dd920, ResultLength=0x1c36f370*=0xf8c8) returned 0x0 [0249.623] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0249.623] CoTaskMemAlloc (cb=0x204) returned 0x1c07c9e0 [0249.623] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c9e0, nMaxCount=256 | out: lpString="") returned 0 [0249.623] CoTaskMemFree (pv=0x1c07c9e0) [0249.743] GetForegroundWindow () returned 0x10080 [0249.743] CoTaskMemAlloc (cb=0x204) returned 0x1c07bb70 [0249.743] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bb70, nMaxCount=256 | out: lpString="") returned 0 [0249.743] CoTaskMemFree (pv=0x1c07bb70) [0249.744] GetForegroundWindow () returned 0x10080 [0249.744] CoTaskMemAlloc (cb=0x204) returned 0x1c07bb70 [0249.744] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bb70, nMaxCount=256 | out: lpString="") returned 0 [0249.744] CoTaskMemFree (pv=0x1c07bb70) [0249.868] GetForegroundWindow () returned 0x10080 [0249.868] CoTaskMemAlloc (cb=0x204) returned 0x1c07b330 [0249.868] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b330, nMaxCount=256 | out: lpString="") returned 0 [0249.868] CoTaskMemFree (pv=0x1c07b330) [0249.869] GetForegroundWindow () returned 0x100d4 [0249.869] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0249.869] EnumProcesses (in: lpidProcess=0x281c8f8, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x281c8f8, lpcbNeeded=0x1c36f3d0) returned 1 [0249.871] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a1d980, ResultLength=0x1c36f370*=0xf8c8) returned 0x0 [0249.874] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0249.875] CoTaskMemAlloc (cb=0x204) returned 0x1c07c1a0 [0249.875] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07c1a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0249.875] CoTaskMemFree (pv=0x1c07c1a0) [0250.035] GetForegroundWindow () returned 0x10080 [0250.035] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0250.035] EnumProcesses (in: lpidProcess=0x2876468, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2876468, lpcbNeeded=0x1c36f3e0) returned 1 [0250.037] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7da10, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12a7da10, ResultLength=0x1c36f380*=0xf878) returned 0x0 [0250.042] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0250.042] CoTaskMemAlloc (cb=0x204) returned 0x1c07c1a0 [0250.042] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c1a0, nMaxCount=256 | out: lpString="") returned 0 [0250.042] CoTaskMemFree (pv=0x1c07c1a0) [0250.044] GetForegroundWindow () returned 0x10080 [0250.044] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0250.044] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="") returned 0 [0250.045] CoTaskMemFree (pv=0x1c07cbf0) [0250.357] GetForegroundWindow () returned 0x10080 [0250.357] CoTaskMemAlloc (cb=0x204) returned 0x1c07b540 [0250.357] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b540, nMaxCount=256 | out: lpString="") returned 0 [0250.358] CoTaskMemFree (pv=0x1c07b540) [0250.359] GetForegroundWindow () returned 0x10080 [0250.359] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0250.359] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="") returned 0 [0250.360] CoTaskMemFree (pv=0x1c07bf90) [0250.545] GetForegroundWindow () returned 0x100d4 [0250.545] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0250.545] EnumProcesses (in: lpidProcess=0x27c3730, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27c3730, lpcbNeeded=0x1c36f3e0) returned 1 [0250.546] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12700a18, ResultLength=0x1c36f380*=0xf878) returned 0x0 [0250.547] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0250.547] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0250.547] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0250.547] CoTaskMemFree (pv=0x1c07cbf0) [0250.549] GetForegroundWindow () returned 0x10080 [0250.549] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0250.549] EnumProcesses (in: lpidProcess=0x27e1d18, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27e1d18, lpcbNeeded=0x1c36f3d0) returned 1 [0250.550] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12720a48, ResultLength=0x1c36f370*=0xf878) returned 0x0 [0250.550] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0250.551] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0250.551] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="") returned 0 [0250.551] CoTaskMemFree (pv=0x1c07bf90) [0250.671] GetForegroundWindow () returned 0x10080 [0250.671] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0250.671] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0250.671] CoTaskMemFree (pv=0x1c07b960) [0250.673] GetForegroundWindow () returned 0x10080 [0250.673] CoTaskMemAlloc (cb=0x204) returned 0x1c07c1a0 [0250.673] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c1a0, nMaxCount=256 | out: lpString="") returned 0 [0250.673] CoTaskMemFree (pv=0x1c07c1a0) [0250.747] GetForegroundWindow () returned 0x10080 [0250.747] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0250.747] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0250.747] CoTaskMemFree (pv=0x1c07c3b0) [0250.749] GetForegroundWindow () returned 0x100d4 [0250.749] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0250.749] EnumProcesses (in: lpidProcess=0x281e620, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x281e620, lpcbNeeded=0x1c36f3d0) returned 1 [0250.750] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12760aa8, ResultLength=0x1c36f370*=0xf828) returned 0x0 [0250.751] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0250.751] CoTaskMemAlloc (cb=0x204) returned 0x1c07bd80 [0250.751] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07bd80, nMaxCount=256 | out: lpString="FolderView") returned 10 [0250.751] CoTaskMemFree (pv=0x1c07bd80) [0250.887] GetForegroundWindow () returned 0x10080 [0250.887] CoTaskMemAlloc (cb=0x204) returned 0x1c07c1a0 [0250.888] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c1a0, nMaxCount=256 | out: lpString="") returned 0 [0250.888] CoTaskMemFree (pv=0x1c07c1a0) [0250.889] GetForegroundWindow () returned 0x10080 [0250.889] CoTaskMemAlloc (cb=0x204) returned 0x1c07b330 [0250.889] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b330, nMaxCount=256 | out: lpString="") returned 0 [0250.890] CoTaskMemFree (pv=0x1c07b330) [0251.012] GetForegroundWindow () returned 0x10080 [0251.012] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0251.013] EnumProcesses (in: lpidProcess=0x2878a10, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2878a10, lpcbNeeded=0x1c36f3e0) returned 1 [0251.013] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x127c0b38, ResultLength=0x1c36f380*=0xf828) returned 0x0 [0251.014] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0251.014] CoTaskMemAlloc (cb=0x204) returned 0x1c07c5c0 [0251.014] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c5c0, nMaxCount=256 | out: lpString="") returned 0 [0251.015] CoTaskMemFree (pv=0x1c07c5c0) [0251.016] GetForegroundWindow () returned 0x10080 [0251.016] CoTaskMemAlloc (cb=0x204) returned 0x1c07b120 [0251.016] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b120, nMaxCount=256 | out: lpString="") returned 0 [0251.016] CoTaskMemFree (pv=0x1c07b120) [0251.107] GetLastInputInfo (in: plii=0x1c36f500 | out: plii=0x1c36f500*(cbSize=0x8, dwTime=0x19536)) returned 1 [0251.200] GetForegroundWindow () returned 0x100d4 [0251.200] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0251.200] EnumProcesses (in: lpidProcess=0x28b5088, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28b5088, lpcbNeeded=0x1c36f3e0) returned 1 [0251.201] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800fb8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12800fb8, ResultLength=0x1c36f380*=0xf828) returned 0x0 [0251.208] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0251.210] CoTaskMemAlloc (cb=0x204) returned 0x1c07c7d0 [0251.210] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07c7d0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0251.210] CoTaskMemFree (pv=0x1c07c7d0) [0251.212] GetForegroundWindow () returned 0x10080 [0251.212] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0251.212] EnumProcesses (in: lpidProcess=0x28d2e48, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28d2e48, lpcbNeeded=0x1c36f3d0) returned 1 [0251.212] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820fe8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12820fe8, ResultLength=0x1c36f370*=0xf828) returned 0x0 [0251.213] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0251.213] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0251.213] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="") returned 0 [0251.213] CoTaskMemFree (pv=0x1c07bf90) [0251.357] GetForegroundWindow () returned 0x10080 [0251.357] CoTaskMemAlloc (cb=0x204) returned 0x1c07b330 [0251.357] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b330, nMaxCount=256 | out: lpString="") returned 0 [0251.357] CoTaskMemFree (pv=0x1c07b330) [0251.359] GetForegroundWindow () returned 0x10080 [0251.359] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0251.359] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0251.359] CoTaskMemFree (pv=0x1c07b960) [0251.481] GetForegroundWindow () returned 0x10080 [0251.481] CoTaskMemAlloc (cb=0x204) returned 0x1c07c9e0 [0251.481] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c9e0, nMaxCount=256 | out: lpString="") returned 0 [0251.482] CoTaskMemFree (pv=0x1c07c9e0) [0251.484] GetForegroundWindow () returned 0x100d4 [0251.484] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0251.484] EnumProcesses (in: lpidProcess=0x290f9c8, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x290f9c8, lpcbNeeded=0x1c36f3d0) returned 1 [0251.485] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12861048, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12861048, ResultLength=0x1c36f370*=0xf7d8) returned 0x0 [0251.486] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0251.486] CoTaskMemAlloc (cb=0x204) returned 0x1c07ce00 [0251.486] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07ce00, nMaxCount=256 | out: lpString="FolderView") returned 10 [0251.486] CoTaskMemFree (pv=0x1c07ce00) [0251.606] GetForegroundWindow () returned 0x10080 [0251.606] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0251.606] EnumProcesses (in: lpidProcess=0x2969028, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2969028, lpcbNeeded=0x1c36f3e0) returned 1 [0251.607] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c10d8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x128c10d8, ResultLength=0x1c36f380*=0xf788) returned 0x0 [0251.608] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0251.608] CoTaskMemAlloc (cb=0x204) returned 0x1c07c9e0 [0251.608] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c9e0, nMaxCount=256 | out: lpString="") returned 0 [0251.609] CoTaskMemFree (pv=0x1c07c9e0) [0251.610] GetForegroundWindow () returned 0x10080 [0251.610] CoTaskMemAlloc (cb=0x204) returned 0x1c07c5c0 [0251.610] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c5c0, nMaxCount=256 | out: lpString="") returned 0 [0251.610] CoTaskMemFree (pv=0x1c07c5c0) [0251.794] GetForegroundWindow () returned 0x10080 [0251.794] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0251.794] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0251.794] CoTaskMemFree (pv=0x1c07b960) [0251.796] GetForegroundWindow () returned 0x10080 [0251.796] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0251.796] EnumProcesses (in: lpidProcess=0x29a5740, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x29a5740, lpcbNeeded=0x1c36f3d0) returned 1 [0251.798] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x129bd8f0, ResultLength=0x1c36f370*=0xf788) returned 0x0 [0251.815] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0251.815] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0251.815] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0251.815] CoTaskMemFree (pv=0x1c07c3b0) [0251.934] GetForegroundWindow () returned 0x100d4 [0251.935] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0251.935] EnumProcesses (in: lpidProcess=0x27d2d78, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27d2d78, lpcbNeeded=0x1c36f3e0) returned 1 [0251.937] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129dd920, ResultLength=0x1c36f380*=0xf788) returned 0x0 [0251.940] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0251.940] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0251.940] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0251.941] CoTaskMemFree (pv=0x1c07cbf0) [0251.942] GetForegroundWindow () returned 0x10080 [0251.942] CoTaskMemAlloc (cb=0x204) returned 0x1c07b540 [0251.942] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b540, nMaxCount=256 | out: lpString="") returned 0 [0251.942] CoTaskMemFree (pv=0x1c07b540) [0252.153] GetForegroundWindow () returned 0x10080 [0252.153] CoTaskMemAlloc (cb=0x204) returned 0x1c07c1a0 [0252.153] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c1a0, nMaxCount=256 | out: lpString="") returned 0 [0252.153] CoTaskMemFree (pv=0x1c07c1a0) [0252.155] GetForegroundWindow () returned 0x10080 [0252.155] CoTaskMemAlloc (cb=0x204) returned 0x1c07b540 [0252.155] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b540, nMaxCount=256 | out: lpString="") returned 0 [0252.155] CoTaskMemFree (pv=0x1c07b540) [0252.313] GetForegroundWindow () returned 0x10080 [0252.313] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0252.313] EnumProcesses (in: lpidProcess=0x282d0b8, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x282d0b8, lpcbNeeded=0x1c36f3e0) returned 1 [0252.318] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1c36f380*=0xf788) returned 0x0 [0252.321] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0252.322] CoTaskMemAlloc (cb=0x204) returned 0x1c07c5c0 [0252.322] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c5c0, nMaxCount=256 | out: lpString="") returned 0 [0252.322] CoTaskMemFree (pv=0x1c07c5c0) [0252.323] GetForegroundWindow () returned 0x100d4 [0252.324] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0252.324] EnumProcesses (in: lpidProcess=0x284ad48, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x284ad48, lpcbNeeded=0x1c36f3d0) returned 1 [0252.326] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1c36f370*=0xf788) returned 0x0 [0252.329] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0252.329] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0252.329] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="FolderView") returned 10 [0252.329] CoTaskMemFree (pv=0x1c07bf90) [0252.450] GetForegroundWindow () returned 0x10080 [0252.450] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0252.450] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0252.450] CoTaskMemFree (pv=0x1c07b960) [0252.451] GetForegroundWindow () returned 0x10080 [0252.452] CoTaskMemAlloc (cb=0x204) returned 0x1c07c1a0 [0252.452] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c1a0, nMaxCount=256 | out: lpString="") returned 0 [0252.452] CoTaskMemFree (pv=0x1c07c1a0) [0252.591] GetForegroundWindow () returned 0x10080 [0252.591] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0252.591] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="") returned 0 [0252.591] CoTaskMemFree (pv=0x1c07cbf0) [0252.593] GetForegroundWindow () returned 0x10080 [0252.593] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0252.593] EnumProcesses (in: lpidProcess=0x27c29d8, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27c29d8, lpcbNeeded=0x1c36f3d0) returned 1 [0252.594] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12700a18, ResultLength=0x1c36f370*=0xf788) returned 0x0 [0252.595] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0252.595] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0252.595] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="") returned 0 [0252.596] CoTaskMemFree (pv=0x1c07bf90) [0252.718] GetForegroundWindow () returned 0x100d4 [0252.718] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0252.718] EnumProcesses (in: lpidProcess=0x27e13e0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27e13e0, lpcbNeeded=0x1c36f3e0) returned 1 [0252.719] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12720a48, ResultLength=0x1c36f380*=0xf788) returned 0x0 [0252.720] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0252.720] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0252.720] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="FolderView") returned 10 [0252.720] CoTaskMemFree (pv=0x1c07bf90) [0252.721] GetForegroundWindow () returned 0x10080 [0252.721] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0252.721] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0252.721] CoTaskMemFree (pv=0x1c07c3b0) [0252.841] GetForegroundWindow () returned 0x10080 [0252.841] CoTaskMemAlloc (cb=0x204) returned 0x1c07b330 [0252.841] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b330, nMaxCount=256 | out: lpString="") returned 0 [0252.841] CoTaskMemFree (pv=0x1c07b330) [0252.842] GetForegroundWindow () returned 0x10080 [0252.842] CoTaskMemAlloc (cb=0x204) returned 0x1c07c7d0 [0252.842] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c7d0, nMaxCount=256 | out: lpString="") returned 0 [0252.842] CoTaskMemFree (pv=0x1c07c7d0) [0252.980] GetForegroundWindow () returned 0x10080 [0252.980] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0252.981] EnumProcesses (in: lpidProcess=0x283b600, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x283b600, lpcbNeeded=0x1c36f3e0) returned 1 [0252.981] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12780ad8, ResultLength=0x1c36f380*=0xf6e8) returned 0x0 [0252.982] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0252.982] CoTaskMemAlloc (cb=0x204) returned 0x1c07b120 [0252.982] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b120, nMaxCount=256 | out: lpString="") returned 0 [0252.983] CoTaskMemFree (pv=0x1c07b120) [0252.984] GetForegroundWindow () returned 0x100d4 [0252.985] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0252.985] EnumProcesses (in: lpidProcess=0x2859170, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2859170, lpcbNeeded=0x1c36f3d0) returned 1 [0252.985] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x127a0b08, ResultLength=0x1c36f370*=0xf6e8) returned 0x0 [0252.986] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0252.989] CoTaskMemAlloc (cb=0x204) returned 0x1c07b540 [0252.989] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07b540, nMaxCount=256 | out: lpString="FolderView") returned 10 [0252.989] CoTaskMemFree (pv=0x1c07b540) [0253.116] GetForegroundWindow () returned 0x10080 [0253.116] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0253.116] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="") returned 0 [0253.116] CoTaskMemFree (pv=0x1c07cbf0) [0253.118] GetLastInputInfo (in: plii=0x1c36f500 | out: plii=0x1c36f500*(cbSize=0x8, dwTime=0x195f1)) returned 1 [0253.118] GetForegroundWindow () returned 0x10080 [0253.118] CoTaskMemAlloc (cb=0x204) returned 0x1c07bb70 [0253.118] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bb70, nMaxCount=256 | out: lpString="") returned 0 [0253.119] CoTaskMemFree (pv=0x1c07bb70) [0253.234] GetForegroundWindow () returned 0x10080 [0253.234] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0253.235] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="") returned 0 [0253.235] CoTaskMemFree (pv=0x1c07bf90) [0253.236] GetForegroundWindow () returned 0x10080 [0253.236] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0253.236] EnumProcesses (in: lpidProcess=0x28b3198, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28b3198, lpcbNeeded=0x1c36f3d0) returned 1 [0253.237] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800fb8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12800fb8, ResultLength=0x1c36f370*=0xf6e8) returned 0x0 [0253.246] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0253.246] CoTaskMemAlloc (cb=0x204) returned 0x1c07ce00 [0253.246] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07ce00, nMaxCount=256 | out: lpString="") returned 0 [0253.246] CoTaskMemFree (pv=0x1c07ce00) [0253.362] GetForegroundWindow () returned 0x100d4 [0253.363] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0253.363] EnumProcesses (in: lpidProcess=0x28d1268, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28d1268, lpcbNeeded=0x1c36f3e0) returned 1 [0253.363] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820fe8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12820fe8, ResultLength=0x1c36f380*=0xf6e8) returned 0x0 [0253.364] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0253.364] CoTaskMemAlloc (cb=0x204) returned 0x1c07b120 [0253.364] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07b120, nMaxCount=256 | out: lpString="FolderView") returned 10 [0253.364] CoTaskMemFree (pv=0x1c07b120) [0253.365] GetForegroundWindow () returned 0x10080 [0253.365] CoTaskMemAlloc (cb=0x204) returned 0x1c07ce00 [0253.365] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07ce00, nMaxCount=256 | out: lpString="") returned 0 [0253.366] CoTaskMemFree (pv=0x1c07ce00) [0253.497] GetForegroundWindow () returned 0x10080 [0253.497] CoTaskMemAlloc (cb=0x204) returned 0x1c07c5c0 [0253.497] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c5c0, nMaxCount=256 | out: lpString="") returned 0 [0253.497] CoTaskMemFree (pv=0x1c07c5c0) [0253.498] GetForegroundWindow () returned 0x10080 [0253.498] CoTaskMemAlloc (cb=0x204) returned 0x1c07bd80 [0253.498] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bd80, nMaxCount=256 | out: lpString="") returned 0 [0253.498] CoTaskMemFree (pv=0x1c07bd80) [0253.622] GetForegroundWindow () returned 0x10080 [0253.622] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0253.622] EnumProcesses (in: lpidProcess=0x292b248, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x292b248, lpcbNeeded=0x1c36f3e0) returned 1 [0253.623] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12881078, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12881078, ResultLength=0x1c36f380*=0xf6e8) returned 0x0 [0253.624] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0253.624] CoTaskMemAlloc (cb=0x204) returned 0x1c07bb70 [0253.624] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bb70, nMaxCount=256 | out: lpString="") returned 0 [0253.624] CoTaskMemFree (pv=0x1c07bb70) [0253.626] GetForegroundWindow () returned 0x100d4 [0253.626] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0253.626] EnumProcesses (in: lpidProcess=0x2948db8, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2948db8, lpcbNeeded=0x1c36f3d0) returned 1 [0253.627] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a10a8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x128a10a8, ResultLength=0x1c36f370*=0xf6e8) returned 0x0 [0253.627] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0253.628] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0253.628] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0253.628] CoTaskMemFree (pv=0x1c07cbf0) [0253.809] GetForegroundWindow () returned 0x10080 [0253.809] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0253.809] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="") returned 0 [0253.810] CoTaskMemFree (pv=0x1c07cbf0) [0253.810] GetForegroundWindow () returned 0x10080 [0253.810] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0253.811] EnumProcesses (in: lpidProcess=0x29a28b0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x29a28b0, lpcbNeeded=0x1c36f3d0) returned 1 [0253.812] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x129bd8f0, ResultLength=0x1c36f370*=0xf6e8) returned 0x0 [0253.831] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0253.831] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0253.831] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0253.832] CoTaskMemFree (pv=0x1c0893a0) [0253.950] GetForegroundWindow () returned 0x10080 [0253.950] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0253.950] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0253.951] CoTaskMemFree (pv=0x1c08aa50) [0253.952] GetForegroundWindow () returned 0x10080 [0253.952] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0253.952] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0253.952] CoTaskMemFree (pv=0x1c088f80) [0254.122] GetForegroundWindow () returned 0x100d4 [0254.122] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0254.122] EnumProcesses (in: lpidProcess=0x27d14c0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27d14c0, lpcbNeeded=0x1c36f3e0) returned 1 [0254.124] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129dd920, ResultLength=0x1c36f380*=0xf6e8) returned 0x0 [0254.127] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0254.127] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0254.127] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0254.127] CoTaskMemFree (pv=0x1c0893a0) [0254.128] GetForegroundWindow () returned 0x10080 [0254.129] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0254.129] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0254.129] CoTaskMemFree (pv=0x1c0895b0) [0254.247] GetForegroundWindow () returned 0x10080 [0254.247] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0254.247] EnumProcesses (in: lpidProcess=0x27ef860, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27ef860, lpcbNeeded=0x1c36f3e0) returned 1 [0254.249] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129fd950, ResultLength=0x1c36f380*=0xf6e8) returned 0x0 [0254.252] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0254.252] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0254.252] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0254.252] CoTaskMemFree (pv=0x1c0895b0) [0254.254] GetForegroundWindow () returned 0x10080 [0254.254] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0254.254] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0254.254] CoTaskMemFree (pv=0x1c089df0) [0254.372] GetForegroundWindow () returned 0x10080 [0254.372] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0254.372] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0254.372] CoTaskMemFree (pv=0x1c0895b0) [0254.374] GetForegroundWindow () returned 0x100d4 [0254.374] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0254.374] EnumProcesses (in: lpidProcess=0x280de90, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x280de90, lpcbNeeded=0x1c36f3d0) returned 1 [0254.376] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a1d980, ResultLength=0x1c36f370*=0xf6e8) returned 0x0 [0254.379] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0254.379] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0254.379] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0254.379] CoTaskMemFree (pv=0x1c0899d0) [0254.497] GetForegroundWindow () returned 0x10080 [0254.497] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0254.497] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0254.497] CoTaskMemFree (pv=0x1c08a420) [0254.499] GetForegroundWindow () returned 0x10080 [0254.499] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0254.499] EnumProcesses (in: lpidProcess=0x282c230, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x282c230, lpcbNeeded=0x1c36f3d0) returned 1 [0254.501] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1c36f370*=0xf6e8) returned 0x0 [0254.503] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0254.504] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0254.504] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0254.504] CoTaskMemFree (pv=0x1c089190) [0254.622] GetForegroundWindow () returned 0x10080 [0254.622] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0254.622] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0254.622] CoTaskMemFree (pv=0x1c08ac60) [0254.623] GetForegroundWindow () returned 0x10080 [0254.623] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0254.623] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0254.624] CoTaskMemFree (pv=0x1c08a210) [0254.748] GetForegroundWindow () returned 0x100d4 [0254.748] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0254.748] EnumProcesses (in: lpidProcess=0x284ae38, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x284ae38, lpcbNeeded=0x1c36f3e0) returned 1 [0254.750] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1c36f380*=0xf6e8) returned 0x0 [0254.753] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0254.753] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0254.753] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0254.754] CoTaskMemFree (pv=0x1c08aa50) [0254.754] GetForegroundWindow () returned 0x10080 [0254.754] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0254.754] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0254.755] CoTaskMemFree (pv=0x1c08ac60) [0254.872] GetForegroundWindow () returned 0x10080 [0254.872] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0254.872] EnumProcesses (in: lpidProcess=0x28691d8, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28691d8, lpcbNeeded=0x1c36f3e0) returned 1 [0254.874] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7da10, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12a7da10, ResultLength=0x1c36f380*=0xf6e8) returned 0x0 [0254.877] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0254.877] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0254.877] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0254.877] CoTaskMemFree (pv=0x1c08aa50) [0254.879] GetForegroundWindow () returned 0x10080 [0254.879] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0254.879] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0254.879] CoTaskMemFree (pv=0x1c0893a0) [0254.998] GetForegroundWindow () returned 0x10080 [0254.998] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0254.998] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0254.998] CoTaskMemFree (pv=0x1c08a210) [0254.999] GetForegroundWindow () returned 0x100d4 [0255.000] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0255.000] EnumProcesses (in: lpidProcess=0x2887808, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2887808, lpcbNeeded=0x1c36f3d0) returned 1 [0255.016] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x126b6e90, ResultLength=0x1c36f370*=0xf6e8) returned 0x0 [0255.022] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0255.022] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0255.022] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0255.022] CoTaskMemFree (pv=0x1c08aa50) [0255.209] GetForegroundWindow () returned 0x10080 [0255.209] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0255.209] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0255.209] CoTaskMemFree (pv=0x1c089be0) [0255.211] GetForegroundWindow () returned 0x10080 [0255.211] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0255.211] EnumProcesses (in: lpidProcess=0x27c2c10, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27c2c10, lpcbNeeded=0x1c36f3d0) returned 1 [0255.212] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12700a18, ResultLength=0x1c36f370*=0xf738) returned 0x0 [0255.213] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0255.213] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0255.213] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0255.213] CoTaskMemFree (pv=0x1c089190) [0255.527] GetForegroundWindow () returned 0x10080 [0255.527] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0255.527] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0255.527] CoTaskMemFree (pv=0x1c08a210) [0255.528] GetForegroundWindow () returned 0x10080 [0255.528] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0255.528] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0255.529] CoTaskMemFree (pv=0x1c0893a0) [0255.656] GetForegroundWindow () returned 0x100d4 [0255.656] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0255.657] EnumProcesses (in: lpidProcess=0x27e2250, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27e2250, lpcbNeeded=0x1c36f3e0) returned 1 [0255.657] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12720a48, ResultLength=0x1c36f380*=0xf738) returned 0x0 [0255.658] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0255.658] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0255.658] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a420, nMaxCount=256 | out: lpString="FolderView") returned 10 [0255.658] CoTaskMemFree (pv=0x1c08a420) [0255.659] GetForegroundWindow () returned 0x10080 [0255.659] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0255.659] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0255.659] CoTaskMemFree (pv=0x1c08ac60) [0255.767] WSASend (in: s=0x410, lpBuffers=0x1c36f260*=((len=0xc, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c36f258, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c36f258*=0xc, lpOverlapped=0x27ce1c8) returned 0 [0255.861] GetForegroundWindow () returned 0x10080 [0255.861] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0255.861] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0255.861] CoTaskMemFree (pv=0x1c08aa50) [0255.862] GetForegroundWindow () returned 0x10080 [0255.862] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0255.862] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0255.862] CoTaskMemFree (pv=0x1c08aa50) [0256.000] GetForegroundWindow () returned 0x10080 [0256.000] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0256.000] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0256.001] CoTaskMemFree (pv=0x1c089df0) [0256.002] GetForegroundWindow () returned 0x100d4 [0256.002] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0256.002] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089be0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0256.002] CoTaskMemFree (pv=0x1c089be0) [0256.125] GetForegroundWindow () returned 0x10080 [0256.125] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0256.126] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0256.126] CoTaskMemFree (pv=0x1c088f80) [0256.127] GetForegroundWindow () returned 0x10080 [0256.127] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0256.127] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0256.127] CoTaskMemFree (pv=0x1c08a210) [0256.252] GetForegroundWindow () returned 0x10080 [0256.252] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0256.252] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0256.252] CoTaskMemFree (pv=0x1c0899d0) [0256.253] GetForegroundWindow () returned 0x10080 [0256.254] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0256.254] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0256.254] CoTaskMemFree (pv=0x1c088f80) [0256.375] GetForegroundWindow () returned 0x100d4 [0256.375] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0256.375] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0256.376] CoTaskMemFree (pv=0x1c08aa50) [0256.376] GetForegroundWindow () returned 0x10080 [0256.377] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0256.377] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0256.377] CoTaskMemFree (pv=0x1c089be0) [0256.506] GetForegroundWindow () returned 0x10080 [0256.506] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0256.506] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0256.506] CoTaskMemFree (pv=0x1c08a420) [0256.507] GetForegroundWindow () returned 0x10080 [0256.507] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0256.507] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0256.507] CoTaskMemFree (pv=0x1c0899d0) [0256.625] GetForegroundWindow () returned 0x10080 [0256.625] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0256.625] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0256.626] CoTaskMemFree (pv=0x1c08ac60) [0256.627] GetForegroundWindow () returned 0x100d4 [0256.627] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0256.627] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089df0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0256.627] CoTaskMemFree (pv=0x1c089df0) [0256.750] GetForegroundWindow () returned 0x10080 [0256.750] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0256.750] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0256.751] CoTaskMemFree (pv=0x1c089be0) [0256.752] GetForegroundWindow () returned 0x10080 [0256.752] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0256.752] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0256.752] CoTaskMemFree (pv=0x1c088f80) [0256.800] GetForegroundWindow () returned 0x10080 [0256.800] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0256.800] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0256.801] CoTaskMemFree (pv=0x1c089df0) [0256.803] GetForegroundWindow () returned 0x10080 [0256.803] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0256.803] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0256.803] CoTaskMemFree (pv=0x1c08aa50) [0256.923] GetForegroundWindow () returned 0x100d4 [0256.924] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0256.924] EnumProcesses (in: lpidProcess=0x28d58d0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28d58d0, lpcbNeeded=0x1c36f3e0) returned 1 [0256.925] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820fe8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12820fe8, ResultLength=0x1c36f380*=0xf6e8) returned 0x0 [0256.934] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0256.934] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0256.934] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a000, nMaxCount=256 | out: lpString="FolderView") returned 10 [0256.934] CoTaskMemFree (pv=0x1c08a000) [0256.936] GetForegroundWindow () returned 0x10080 [0256.936] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0256.936] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0256.936] CoTaskMemFree (pv=0x1c08a630) [0257.058] GetForegroundWindow () returned 0x10080 [0257.058] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0257.058] EnumProcesses (in: lpidProcess=0x28f3c70, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28f3c70, lpcbNeeded=0x1c36f3e0) returned 1 [0257.060] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12841018, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12841018, ResultLength=0x1c36f380*=0xf6e8) returned 0x0 [0257.061] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0257.061] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0257.061] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0257.062] CoTaskMemFree (pv=0x1c08aa50) [0257.064] GetForegroundWindow () returned 0x10080 [0257.064] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0257.064] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0257.064] CoTaskMemFree (pv=0x1c0893a0) [0257.164] GetLastInputInfo (in: plii=0x1c36f500 | out: plii=0x1c36f500*(cbSize=0x8, dwTime=0x195f1)) returned 1 [0257.243] GetForegroundWindow () returned 0x10080 [0257.243] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0257.243] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0257.244] CoTaskMemFree (pv=0x1c089df0) [0257.245] GetForegroundWindow () returned 0x100d4 [0257.246] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0257.246] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a210, nMaxCount=256 | out: lpString="FolderView") returned 10 [0257.246] CoTaskMemFree (pv=0x1c08a210) [0257.386] GetForegroundWindow () returned 0x10080 [0257.386] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0257.386] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0257.386] CoTaskMemFree (pv=0x1c0899d0) [0257.387] GetForegroundWindow () returned 0x10080 [0257.387] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0257.387] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0257.387] CoTaskMemFree (pv=0x1c0899d0) [0257.519] GetForegroundWindow () returned 0x10080 [0257.519] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0257.519] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0257.519] CoTaskMemFree (pv=0x1c08a630) [0257.520] GetForegroundWindow () returned 0x10080 [0257.520] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0257.520] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0257.520] CoTaskMemFree (pv=0x1c0895b0) [0257.649] GetForegroundWindow () returned 0x100d4 [0257.649] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0257.649] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0257.649] CoTaskMemFree (pv=0x1c08aa50) [0257.650] GetForegroundWindow () returned 0x10080 [0257.650] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0257.650] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0257.650] CoTaskMemFree (pv=0x1c08ac60) [0257.774] GetForegroundWindow () returned 0x10080 [0257.774] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0257.774] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0257.774] CoTaskMemFree (pv=0x1c089190) [0257.775] GetForegroundWindow () returned 0x10080 [0257.775] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0257.775] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0257.776] CoTaskMemFree (pv=0x1c0897c0) [0257.836] GetForegroundWindow () returned 0x10080 [0257.836] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0257.836] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0257.837] CoTaskMemFree (pv=0x1c08a420) [0257.838] GetForegroundWindow () returned 0x100d4 [0257.838] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0257.838] EnumProcesses (in: lpidProcess=0x298bc60, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x298bc60, lpcbNeeded=0x1c36f3d0) returned 1 [0257.839] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x1299d8c0, ResultLength=0x1c36f370*=0xf6e8) returned 0x0 [0257.853] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0257.853] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0257.853] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0257.853] CoTaskMemFree (pv=0x1c08aa50) [0257.977] GetForegroundWindow () returned 0x10080 [0257.977] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0257.977] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0257.977] CoTaskMemFree (pv=0x1c08a840) [0257.978] GetForegroundWindow () returned 0x10080 [0257.979] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0257.979] EnumProcesses (in: lpidProcess=0x27c1600, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27c1600, lpcbNeeded=0x1c36f3d0) returned 1 [0257.981] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x129bd8f0, ResultLength=0x1c36f370*=0xf6e8) returned 0x0 [0257.991] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0257.991] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0257.991] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0257.991] CoTaskMemFree (pv=0x1c08aa50) [0258.117] GetForegroundWindow () returned 0x10080 [0258.117] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0258.118] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0258.118] CoTaskMemFree (pv=0x1c08aa50) [0258.119] GetForegroundWindow () returned 0x10080 [0258.119] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0258.119] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0258.119] CoTaskMemFree (pv=0x1c08a840) [0258.243] GetForegroundWindow () returned 0x100d4 [0258.243] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0258.243] EnumProcesses (in: lpidProcess=0x27e0968, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27e0968, lpcbNeeded=0x1c36f3e0) returned 1 [0258.245] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129dd920, ResultLength=0x1c36f380*=0xf6e8) returned 0x0 [0258.247] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0258.247] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0258.247] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089df0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0258.247] CoTaskMemFree (pv=0x1c089df0) [0258.248] GetForegroundWindow () returned 0x10080 [0258.249] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0258.249] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0258.249] CoTaskMemFree (pv=0x1c0893a0) [0258.430] GetForegroundWindow () returned 0x10080 [0258.430] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0258.430] EnumProcesses (in: lpidProcess=0x27fed08, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27fed08, lpcbNeeded=0x1c36f3e0) returned 1 [0258.432] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129fd950, ResultLength=0x1c36f380*=0xf6e8) returned 0x0 [0258.434] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0258.434] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0258.434] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0258.434] CoTaskMemFree (pv=0x1c089df0) [0258.435] GetForegroundWindow () returned 0x10080 [0258.435] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0258.435] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0258.436] CoTaskMemFree (pv=0x1c0893a0) [0258.556] GetForegroundWindow () returned 0x10080 [0258.556] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0258.556] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0258.556] CoTaskMemFree (pv=0x1c08a840) [0258.557] GetForegroundWindow () returned 0x100d4 [0258.557] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0258.557] EnumProcesses (in: lpidProcess=0x281d338, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x281d338, lpcbNeeded=0x1c36f3d0) returned 1 [0258.559] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a1d980, ResultLength=0x1c36f370*=0xf6e8) returned 0x0 [0258.564] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0258.564] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0258.564] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a840, nMaxCount=256 | out: lpString="FolderView") returned 10 [0258.564] CoTaskMemFree (pv=0x1c08a840) [0258.680] GetForegroundWindow () returned 0x10080 [0258.680] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0258.680] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0258.680] CoTaskMemFree (pv=0x1c0893a0) [0258.681] GetForegroundWindow () returned 0x10080 [0258.681] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0258.682] EnumProcesses (in: lpidProcess=0x283b6d8, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x283b6d8, lpcbNeeded=0x1c36f3d0) returned 1 [0258.683] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1c36f370*=0xf6e8) returned 0x0 [0258.685] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0258.686] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0258.686] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0258.686] CoTaskMemFree (pv=0x1c08a210) [0258.807] GetForegroundWindow () returned 0x10080 [0258.807] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0258.807] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0258.807] CoTaskMemFree (pv=0x1c08aa50) [0258.808] GetForegroundWindow () returned 0x10080 [0258.808] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0258.808] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0258.809] CoTaskMemFree (pv=0x1c089be0) [0258.930] GetForegroundWindow () returned 0x100d4 [0258.930] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0258.930] EnumProcesses (in: lpidProcess=0x285a2e0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x285a2e0, lpcbNeeded=0x1c36f3e0) returned 1 [0258.932] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1c36f380*=0xf6e8) returned 0x0 [0258.937] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0258.937] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0258.938] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0258.938] CoTaskMemFree (pv=0x1c08aa50) [0258.939] GetForegroundWindow () returned 0x10080 [0258.939] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0258.939] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0258.939] CoTaskMemFree (pv=0x1c0897c0) [0259.055] GetForegroundWindow () returned 0x10080 [0259.055] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0259.055] EnumProcesses (in: lpidProcess=0x2878680, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2878680, lpcbNeeded=0x1c36f3e0) returned 1 [0259.057] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7da10, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12a7da10, ResultLength=0x1c36f380*=0xf6e8) returned 0x0 [0259.059] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0259.059] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0259.059] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0259.060] CoTaskMemFree (pv=0x1c08a420) [0259.061] GetForegroundWindow () returned 0x10080 [0259.061] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0259.061] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0259.061] CoTaskMemFree (pv=0x1c0897c0) [0259.180] GetForegroundWindow () returned 0x10080 [0259.180] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0259.180] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0259.180] CoTaskMemFree (pv=0x1c08a210) [0259.181] GetLastInputInfo (in: plii=0x1c36f500 | out: plii=0x1c36f500*(cbSize=0x8, dwTime=0x195f1)) returned 1 [0259.182] GetForegroundWindow () returned 0x100d4 [0259.182] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0259.182] EnumProcesses (in: lpidProcess=0x2896cf8, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2896cf8, lpcbNeeded=0x1c36f3d0) returned 1 [0259.194] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x126b6e90, ResultLength=0x1c36f370*=0xf6e8) returned 0x0 [0259.200] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0259.200] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0259.200] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0259.200] CoTaskMemFree (pv=0x1c0893a0) [0259.321] GetForegroundWindow () returned 0x10080 [0259.321] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0259.321] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0259.321] CoTaskMemFree (pv=0x1c08a210) [0259.322] GetForegroundWindow () returned 0x10080 [0259.322] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0259.322] EnumProcesses (in: lpidProcess=0x27c3820, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27c3820, lpcbNeeded=0x1c36f3d0) returned 1 [0259.323] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12700a18, ResultLength=0x1c36f370*=0xf6e8) returned 0x0 [0259.324] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0259.324] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0259.324] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0259.324] CoTaskMemFree (pv=0x1c08a630) [0259.446] GetForegroundWindow () returned 0x10080 [0259.446] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0259.446] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0259.446] CoTaskMemFree (pv=0x1c08a630) [0259.447] GetForegroundWindow () returned 0x10080 [0259.447] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0259.447] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0259.448] CoTaskMemFree (pv=0x1c08a420) [0259.571] GetForegroundWindow () returned 0x100d4 [0259.571] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0259.572] EnumProcesses (in: lpidProcess=0x27e2b58, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27e2b58, lpcbNeeded=0x1c36f3e0) returned 1 [0259.573] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12720a48, ResultLength=0x1c36f380*=0xf6e8) returned 0x0 [0259.573] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0259.574] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0259.574] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a000, nMaxCount=256 | out: lpString="FolderView") returned 10 [0259.574] CoTaskMemFree (pv=0x1c08a000) [0259.575] GetForegroundWindow () returned 0x10080 [0259.575] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0259.575] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0259.575] CoTaskMemFree (pv=0x1c08ac60) [0259.696] GetForegroundWindow () returned 0x10080 [0259.696] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0259.696] EnumProcesses (in: lpidProcess=0x2800ef8, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2800ef8, lpcbNeeded=0x1c36f3e0) returned 1 [0259.697] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12740a78, ResultLength=0x1c36f380*=0xf6e8) returned 0x0 [0259.698] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0259.698] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0259.698] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0259.698] CoTaskMemFree (pv=0x1c08a420) [0259.699] GetForegroundWindow () returned 0x10080 [0259.700] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0259.700] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0259.700] CoTaskMemFree (pv=0x1c089df0) [0259.822] GetForegroundWindow () returned 0x10080 [0259.822] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0259.822] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0259.823] CoTaskMemFree (pv=0x1c08aa50) [0259.823] GetForegroundWindow () returned 0x100d4 [0259.824] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0259.824] EnumProcesses (in: lpidProcess=0x281f5a0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x281f5a0, lpcbNeeded=0x1c36f3d0) returned 1 [0259.825] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12760aa8, ResultLength=0x1c36f370*=0xf6e8) returned 0x0 [0259.825] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0259.825] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0259.825] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a000, nMaxCount=256 | out: lpString="FolderView") returned 10 [0259.826] CoTaskMemFree (pv=0x1c08a000) [0259.946] GetForegroundWindow () returned 0x10080 [0259.946] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0259.946] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0259.946] CoTaskMemFree (pv=0x1c0893a0) [0259.948] GetForegroundWindow () returned 0x10080 [0259.948] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0259.948] EnumProcesses (in: lpidProcess=0x283d940, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x283d940, lpcbNeeded=0x1c36f3d0) returned 1 [0259.949] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12780ad8, ResultLength=0x1c36f370*=0xf6e8) returned 0x0 [0259.950] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0259.950] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0259.950] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0259.950] CoTaskMemFree (pv=0x1c08a000) [0260.071] GetForegroundWindow () returned 0x10080 [0260.071] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0260.071] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0260.071] CoTaskMemFree (pv=0x1c089190) [0260.072] GetForegroundWindow () returned 0x10080 [0260.072] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0260.073] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0260.073] CoTaskMemFree (pv=0x1c08a210) [0260.189] GetForegroundWindow () returned 0x100d4 [0260.189] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0260.189] EnumProcesses (in: lpidProcess=0x285c4d0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x285c4d0, lpcbNeeded=0x1c36f3e0) returned 1 [0260.190] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x127a0b08, ResultLength=0x1c36f380*=0xf6e8) returned 0x0 [0260.191] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0260.192] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0260.192] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a630, nMaxCount=256 | out: lpString="FolderView") returned 10 [0260.192] CoTaskMemFree (pv=0x1c08a630) [0260.193] GetForegroundWindow () returned 0x10080 [0260.194] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0260.194] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0260.194] CoTaskMemFree (pv=0x1c088f80) [0260.322] GetForegroundWindow () returned 0x10080 [0260.323] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0260.325] EnumProcesses (in: lpidProcess=0x287a870, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x287a870, lpcbNeeded=0x1c36f3e0) returned 1 [0260.326] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x127c0b38, ResultLength=0x1c36f380*=0xf6e8) returned 0x0 [0260.334] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0260.336] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0260.336] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0260.339] CoTaskMemFree (pv=0x1c08a210) [0260.340] GetForegroundWindow () returned 0x10080 [0260.341] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0260.341] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0260.341] CoTaskMemFree (pv=0x1c089df0) [0260.466] GetForegroundWindow () returned 0x10080 [0260.466] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0260.467] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0260.467] CoTaskMemFree (pv=0x1c0895b0) [0260.468] GetForegroundWindow () returned 0x100d4 [0260.468] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0260.468] EnumProcesses (in: lpidProcess=0x2899118, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2899118, lpcbNeeded=0x1c36f3d0) returned 1 [0260.469] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x127e0b68, ResultLength=0x1c36f370*=0xf6e8) returned 0x0 [0260.470] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0260.470] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0260.470] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0260.470] CoTaskMemFree (pv=0x1c0893a0) [0260.588] GetForegroundWindow () returned 0x10080 [0260.588] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0260.588] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0260.588] CoTaskMemFree (pv=0x1c089be0) [0260.589] GetForegroundWindow () returned 0x10080 [0260.589] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0260.589] EnumProcesses (in: lpidProcess=0x28b74b8, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28b74b8, lpcbNeeded=0x1c36f3d0) returned 1 [0260.590] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800fb8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12800fb8, ResultLength=0x1c36f370*=0xf6e8) returned 0x0 [0260.591] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0260.591] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0260.591] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0260.591] CoTaskMemFree (pv=0x1c08a630) [0260.713] GetForegroundWindow () returned 0x10080 [0260.713] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0260.713] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0260.713] CoTaskMemFree (pv=0x1c08a630) [0260.714] GetForegroundWindow () returned 0x10080 [0260.714] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0260.714] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0260.714] CoTaskMemFree (pv=0x1c08a420) [0260.838] WSASend (in: s=0x410, lpBuffers=0x1c36f260*=((len=0xc, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c36f258, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c36f258*=0xc, lpOverlapped=0x27ce1c8) returned 0 [0260.840] GetForegroundWindow () returned 0x100d4 [0260.840] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0260.840] EnumProcesses (in: lpidProcess=0x28d6210, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28d6210, lpcbNeeded=0x1c36f3e0) returned 1 [0260.841] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820fe8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12820fe8, ResultLength=0x1c36f380*=0xf6e8) returned 0x0 [0260.847] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0260.848] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0260.848] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0260.848] CoTaskMemFree (pv=0x1c08aa50) [0260.849] GetForegroundWindow () returned 0x10080 [0260.849] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0260.849] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0260.849] CoTaskMemFree (pv=0x1c08a420) [0260.963] GetForegroundWindow () returned 0x10080 [0260.963] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0260.963] EnumProcesses (in: lpidProcess=0x28f45b0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28f45b0, lpcbNeeded=0x1c36f3e0) returned 1 [0260.964] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12841018, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12841018, ResultLength=0x1c36f380*=0xf6e8) returned 0x0 [0260.964] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0260.965] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0260.965] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0260.966] CoTaskMemFree (pv=0x1c08a210) [0260.966] GetForegroundWindow () returned 0x10080 [0260.967] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0260.967] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0260.967] CoTaskMemFree (pv=0x1c08aa50) [0261.088] GetForegroundWindow () returned 0x10080 [0261.088] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0261.088] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0261.088] CoTaskMemFree (pv=0x1c0897c0) [0261.089] GetForegroundWindow () returned 0x100d4 [0261.089] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0261.089] EnumProcesses (in: lpidProcess=0x2912be0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2912be0, lpcbNeeded=0x1c36f3d0) returned 1 [0261.090] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12861048, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12861048, ResultLength=0x1c36f370*=0xf6e8) returned 0x0 [0261.091] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0261.091] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0261.091] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089190, nMaxCount=256 | out: lpString="FolderView") returned 10 [0261.091] CoTaskMemFree (pv=0x1c089190) [0261.213] GetLastInputInfo (in: plii=0x1c36f500 | out: plii=0x1c36f500*(cbSize=0x8, dwTime=0x1b9d5)) returned 1 [0261.302] GetForegroundWindow () returned 0x10080 [0261.302] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0261.302] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0261.302] CoTaskMemFree (pv=0x1c0897c0) [0261.303] GetForegroundWindow () returned 0x10080 [0261.303] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0261.303] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0261.303] CoTaskMemFree (pv=0x1c089be0) [0261.432] GetForegroundWindow () returned 0x10080 [0261.432] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0261.432] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0261.432] CoTaskMemFree (pv=0x1c08a840) [0261.433] GetForegroundWindow () returned 0x10080 [0261.433] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0261.433] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0261.433] CoTaskMemFree (pv=0x1c0893a0) [0261.557] GetForegroundWindow () returned 0x100d4 [0261.557] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0261.557] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a000, nMaxCount=256 | out: lpString="FolderView") returned 10 [0261.557] CoTaskMemFree (pv=0x1c08a000) [0261.558] GetForegroundWindow () returned 0x10080 [0261.558] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0261.558] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0261.558] CoTaskMemFree (pv=0x1c08ac60) [0261.682] GetForegroundWindow () returned 0x10080 [0261.682] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0261.682] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0261.682] CoTaskMemFree (pv=0x1c08a630) [0261.683] GetForegroundWindow () returned 0x10080 [0261.684] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0261.684] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0261.684] CoTaskMemFree (pv=0x1c089df0) [0261.822] GetForegroundWindow () returned 0x10080 [0261.822] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0261.823] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0261.823] CoTaskMemFree (pv=0x1c089be0) [0261.824] GetForegroundWindow () returned 0x100d4 [0261.824] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0261.824] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a000, nMaxCount=256 | out: lpString="FolderView") returned 10 [0261.824] CoTaskMemFree (pv=0x1c08a000) [0261.890] GetForegroundWindow () returned 0x10080 [0261.890] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0261.890] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0261.890] CoTaskMemFree (pv=0x1c08a210) [0261.891] GetForegroundWindow () returned 0x10080 [0261.891] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0261.892] EnumProcesses (in: lpidProcess=0x27c1900, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27c1900, lpcbNeeded=0x1c36f3d0) returned 1 [0261.893] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x129bd8f0, ResultLength=0x1c36f370*=0xf698) returned 0x0 [0261.904] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0261.904] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0261.904] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0261.904] CoTaskMemFree (pv=0x1c0893a0) [0262.025] GetForegroundWindow () returned 0x10080 [0262.025] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0262.025] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0262.026] CoTaskMemFree (pv=0x1c08a630) [0262.027] GetForegroundWindow () returned 0x10080 [0262.027] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0262.027] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0262.027] CoTaskMemFree (pv=0x1c08a210) [0262.150] GetForegroundWindow () returned 0x100d4 [0262.150] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0262.150] EnumProcesses (in: lpidProcess=0x27e0c18, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27e0c18, lpcbNeeded=0x1c36f3e0) returned 1 [0262.152] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129dd920, ResultLength=0x1c36f380*=0xf698) returned 0x0 [0262.155] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0262.155] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0262.155] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089be0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0262.155] CoTaskMemFree (pv=0x1c089be0) [0262.156] GetForegroundWindow () returned 0x10080 [0262.156] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0262.156] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0262.156] CoTaskMemFree (pv=0x1c088f80) [0262.275] GetForegroundWindow () returned 0x10080 [0262.275] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0262.275] EnumProcesses (in: lpidProcess=0x27fef28, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27fef28, lpcbNeeded=0x1c36f3e0) returned 1 [0262.277] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129fd950, ResultLength=0x1c36f380*=0xf698) returned 0x0 [0262.280] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0262.280] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0262.280] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0262.280] CoTaskMemFree (pv=0x1c08a210) [0262.282] GetForegroundWindow () returned 0x10080 [0262.282] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0262.282] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0262.282] CoTaskMemFree (pv=0x1c08ac60) [0262.400] GetForegroundWindow () returned 0x10080 [0262.400] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0262.400] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0262.401] CoTaskMemFree (pv=0x1c089df0) [0262.402] GetForegroundWindow () returned 0x100d4 [0262.402] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0262.402] EnumProcesses (in: lpidProcess=0x281d4c8, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x281d4c8, lpcbNeeded=0x1c36f3d0) returned 1 [0262.404] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a1d980, ResultLength=0x1c36f370*=0xf698) returned 0x0 [0262.406] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0262.407] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0262.407] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0262.407] CoTaskMemFree (pv=0x1c0897c0) [0262.525] GetForegroundWindow () returned 0x10080 [0262.525] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0262.525] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0262.526] CoTaskMemFree (pv=0x1c08a210) [0262.526] GetForegroundWindow () returned 0x10080 [0262.527] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0262.527] EnumProcesses (in: lpidProcess=0x283b7d8, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x283b7d8, lpcbNeeded=0x1c36f3d0) returned 1 [0262.528] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1c36f370*=0xf698) returned 0x0 [0262.531] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0262.531] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0262.531] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0262.531] CoTaskMemFree (pv=0x1c0899d0) [0262.650] GetForegroundWindow () returned 0x10080 [0262.651] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0262.651] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0262.651] CoTaskMemFree (pv=0x1c089190) [0262.652] GetForegroundWindow () returned 0x10080 [0262.652] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0262.652] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0262.652] CoTaskMemFree (pv=0x1c089be0) [0262.776] GetForegroundWindow () returned 0x100d4 [0262.776] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0262.776] EnumProcesses (in: lpidProcess=0x285a2f0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x285a2f0, lpcbNeeded=0x1c36f3e0) returned 1 [0262.778] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1c36f380*=0xf698) returned 0x0 [0262.781] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0262.781] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0262.781] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a840, nMaxCount=256 | out: lpString="FolderView") returned 10 [0262.781] CoTaskMemFree (pv=0x1c08a840) [0262.782] GetForegroundWindow () returned 0x10080 [0262.782] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0262.782] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0262.782] CoTaskMemFree (pv=0x1c0893a0) [0262.916] GetForegroundWindow () returned 0x10080 [0262.916] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0262.916] EnumProcesses (in: lpidProcess=0x2878678, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2878678, lpcbNeeded=0x1c36f3e0) returned 1 [0262.918] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7da10, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12a7da10, ResultLength=0x1c36f380*=0xf698) returned 0x0 [0262.921] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0262.921] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0262.921] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0262.921] CoTaskMemFree (pv=0x1c088f80) [0262.922] GetForegroundWindow () returned 0x10080 [0262.922] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0262.922] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0262.923] CoTaskMemFree (pv=0x1c08a630) [0263.041] GetForegroundWindow () returned 0x10080 [0263.041] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0263.041] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0263.041] CoTaskMemFree (pv=0x1c08a210) [0263.043] GetForegroundWindow () returned 0x100d4 [0263.043] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0263.043] EnumProcesses (in: lpidProcess=0x2896c18, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2896c18, lpcbNeeded=0x1c36f3d0) returned 1 [0263.059] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x126b6e90, ResultLength=0x1c36f370*=0xf698) returned 0x0 [0263.065] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0263.065] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0263.065] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c088f80, nMaxCount=256 | out: lpString="FolderView") returned 10 [0263.066] CoTaskMemFree (pv=0x1c088f80) [0263.181] GetForegroundWindow () returned 0x10080 [0263.182] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0263.182] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0263.182] CoTaskMemFree (pv=0x1c08a210) [0263.183] GetForegroundWindow () returned 0x10080 [0263.183] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0263.183] EnumProcesses (in: lpidProcess=0x27c3750, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27c3750, lpcbNeeded=0x1c36f3d0) returned 1 [0263.184] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12700a18, ResultLength=0x1c36f370*=0xf648) returned 0x0 [0263.185] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0263.185] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0263.185] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0263.185] CoTaskMemFree (pv=0x1c0893a0) [0263.244] GetForegroundWindow () returned 0x10080 [0263.244] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0263.244] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0263.244] CoTaskMemFree (pv=0x1c08aa50) [0263.245] GetForegroundWindow () returned 0x10080 [0263.246] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0263.246] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0263.246] CoTaskMemFree (pv=0x1c08a840) [0263.369] GetForegroundWindow () returned 0x100d4 [0263.369] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0263.369] EnumProcesses (in: lpidProcess=0x27e23b0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27e23b0, lpcbNeeded=0x1c36f3e0) returned 1 [0263.370] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12720a48, ResultLength=0x1c36f380*=0xf648) returned 0x0 [0263.371] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0263.371] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0263.371] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089190, nMaxCount=256 | out: lpString="FolderView") returned 10 [0263.371] CoTaskMemFree (pv=0x1c089190) [0263.372] GetForegroundWindow () returned 0x10080 [0263.373] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0263.373] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0263.373] CoTaskMemFree (pv=0x1c08aa50) [0263.494] GetForegroundWindow () returned 0x10080 [0263.494] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0263.494] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0263.494] CoTaskMemFree (pv=0x1c0895b0) [0263.495] GetForegroundWindow () returned 0x10080 [0263.496] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0263.496] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0263.496] CoTaskMemFree (pv=0x1c08a630) [0263.619] GetForegroundWindow () returned 0x10080 [0263.619] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0263.619] EnumProcesses (in: lpidProcess=0x283be50, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x283be50, lpcbNeeded=0x1c36f3e0) returned 1 [0263.620] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12780ad8, ResultLength=0x1c36f380*=0xf5f8) returned 0x0 [0263.621] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0263.621] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0263.621] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0263.621] CoTaskMemFree (pv=0x1c08aa50) [0263.622] GetForegroundWindow () returned 0x100d4 [0263.623] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0263.623] EnumProcesses (in: lpidProcess=0x2859770, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2859770, lpcbNeeded=0x1c36f3d0) returned 1 [0263.623] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x127a0b08, ResultLength=0x1c36f370*=0xf5f8) returned 0x0 [0263.624] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0263.624] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0263.624] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a210, nMaxCount=256 | out: lpString="FolderView") returned 10 [0263.624] CoTaskMemFree (pv=0x1c08a210) [0263.744] GetForegroundWindow () returned 0x10080 [0263.744] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0263.744] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0263.744] CoTaskMemFree (pv=0x1c08a000) [0263.746] GetForegroundWindow () returned 0x10080 [0263.746] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0263.746] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0263.746] CoTaskMemFree (pv=0x1c08a840) [0263.870] GetForegroundWindow () returned 0x10080 [0263.870] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0263.870] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0263.871] CoTaskMemFree (pv=0x1c08a420) [0263.872] GetForegroundWindow () returned 0x10080 [0263.872] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0263.872] EnumProcesses (in: lpidProcess=0x28b30d8, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28b30d8, lpcbNeeded=0x1c36f3d0) returned 1 [0263.873] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800fb8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12800fb8, ResultLength=0x1c36f370*=0xf5f8) returned 0x0 [0263.873] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0263.874] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0263.874] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0263.874] CoTaskMemFree (pv=0x1c089be0) [0264.010] GetForegroundWindow () returned 0x100d4 [0264.010] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0264.010] EnumProcesses (in: lpidProcess=0x28d0f58, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28d0f58, lpcbNeeded=0x1c36f3e0) returned 1 [0264.011] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820fe8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12820fe8, ResultLength=0x1c36f380*=0xf5f8) returned 0x0 [0264.012] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0264.012] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0264.012] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a630, nMaxCount=256 | out: lpString="FolderView") returned 10 [0264.012] CoTaskMemFree (pv=0x1c08a630) [0264.013] GetForegroundWindow () returned 0x10080 [0264.014] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0264.014] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0264.014] CoTaskMemFree (pv=0x1c0895b0) [0264.135] GetForegroundWindow () returned 0x10080 [0264.135] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0264.135] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0264.135] CoTaskMemFree (pv=0x1c089df0) [0264.137] GetForegroundWindow () returned 0x10080 [0264.137] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0264.137] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0264.137] CoTaskMemFree (pv=0x1c0899d0) [0264.264] GetForegroundWindow () returned 0x10080 [0264.264] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0264.264] EnumProcesses (in: lpidProcess=0x292a848, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x292a848, lpcbNeeded=0x1c36f3e0) returned 1 [0264.265] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12881078, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12881078, ResultLength=0x1c36f380*=0xf5f8) returned 0x0 [0264.266] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0264.266] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0264.266] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0264.266] CoTaskMemFree (pv=0x1c0899d0) [0264.268] GetForegroundWindow () returned 0x100d4 [0264.268] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0264.268] EnumProcesses (in: lpidProcess=0x2948168, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2948168, lpcbNeeded=0x1c36f3d0) returned 1 [0264.268] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a10a8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x128a10a8, ResultLength=0x1c36f370*=0xf5f8) returned 0x0 [0264.269] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0264.269] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0264.269] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0264.269] CoTaskMemFree (pv=0x1c0895b0) [0264.385] GetForegroundWindow () returned 0x10080 [0264.385] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0264.385] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0264.385] CoTaskMemFree (pv=0x1c088f80) [0264.386] GetForegroundWindow () returned 0x10080 [0264.386] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0264.386] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0264.386] CoTaskMemFree (pv=0x1c0899d0) [0264.510] GetForegroundWindow () returned 0x10080 [0264.510] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0264.510] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0264.510] CoTaskMemFree (pv=0x1c08a630) [0264.511] GetForegroundWindow () returned 0x10080 [0264.511] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0264.511] EnumProcesses (in: lpidProcess=0x29a1a58, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x29a1a58, lpcbNeeded=0x1c36f3d0) returned 1 [0264.513] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x129bd8f0, ResultLength=0x1c36f370*=0xf5f8) returned 0x0 [0264.527] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0264.527] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0264.527] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0264.527] CoTaskMemFree (pv=0x1c089df0) [0264.652] GetForegroundWindow () returned 0x100d4 [0264.652] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0264.652] EnumProcesses (in: lpidProcess=0x27cff88, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27cff88, lpcbNeeded=0x1c36f3e0) returned 1 [0264.653] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129dd920, ResultLength=0x1c36f380*=0xf5f8) returned 0x0 [0264.656] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0264.656] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0264.656] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0264.656] CoTaskMemFree (pv=0x1c0897c0) [0264.657] GetForegroundWindow () returned 0x10080 [0264.657] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0264.657] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0264.657] CoTaskMemFree (pv=0x1c0895b0) [0264.775] GetForegroundWindow () returned 0x10080 [0264.775] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0264.775] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0264.776] CoTaskMemFree (pv=0x1c0897c0) [0264.776] GetForegroundWindow () returned 0x10080 [0264.777] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0264.777] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0264.777] CoTaskMemFree (pv=0x1c08a210) [0264.963] GetForegroundWindow () returned 0x10080 [0264.963] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0264.963] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0264.963] CoTaskMemFree (pv=0x1c08aa50) [0264.965] GetForegroundWindow () returned 0x100d4 [0264.965] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0264.965] EnumProcesses (in: lpidProcess=0x2847770, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2847770, lpcbNeeded=0x1c36f3d0) returned 1 [0264.967] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1c36f370*=0xf5f8) returned 0x0 [0264.970] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0264.970] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0264.970] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0264.970] CoTaskMemFree (pv=0x1c08aa50) [0265.088] GetForegroundWindow () returned 0x10080 [0265.088] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0265.088] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0265.088] CoTaskMemFree (pv=0x1c089be0) [0265.089] GetForegroundWindow () returned 0x10080 [0265.089] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0265.089] EnumProcesses (in: lpidProcess=0x28658c0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28658c0, lpcbNeeded=0x1c36f3d0) returned 1 [0265.091] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7da10, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a7da10, ResultLength=0x1c36f370*=0xf5f8) returned 0x0 [0265.093] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0265.093] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0265.093] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0265.093] CoTaskMemFree (pv=0x1c08ac60) [0265.207] GetForegroundWindow () returned 0x10080 [0265.208] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0265.208] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0265.208] CoTaskMemFree (pv=0x1c08aa50) [0265.210] GetForegroundWindow () returned 0x10080 [0265.210] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0265.210] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0265.210] CoTaskMemFree (pv=0x1c089df0) [0265.266] GetForegroundWindow () returned 0x100d4 [0265.267] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0265.267] EnumProcesses (in: lpidProcess=0x2883ce8, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2883ce8, lpcbNeeded=0x1c36f3e0) returned 1 [0265.284] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x126b6e90, ResultLength=0x1c36f380*=0xf5f8) returned 0x0 [0265.290] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0265.303] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0265.304] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0265.304] CoTaskMemFree (pv=0x1c0895b0) [0265.304] GetForegroundWindow () returned 0x10080 [0265.304] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0265.304] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0265.304] CoTaskMemFree (pv=0x1c0897c0) [0265.423] GetForegroundWindow () returned 0x10080 [0265.423] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0265.423] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0265.423] CoTaskMemFree (pv=0x1c0893a0) [0265.424] GetForegroundWindow () returned 0x10080 [0265.424] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0265.424] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0265.425] CoTaskMemFree (pv=0x1c08a630) [0265.580] GetForegroundWindow () returned 0x10080 [0265.580] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0265.580] EnumProcesses (in: lpidProcess=0x27feac0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27feac0, lpcbNeeded=0x1c36f3e0) returned 1 [0265.581] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12740a78, ResultLength=0x1c36f380*=0xf5f8) returned 0x0 [0265.582] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0265.582] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0265.582] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0265.582] CoTaskMemFree (pv=0x1c08a000) [0265.584] GetForegroundWindow () returned 0x100d4 [0265.584] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0265.584] EnumProcesses (in: lpidProcess=0x281c3e0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x281c3e0, lpcbNeeded=0x1c36f3d0) returned 1 [0265.585] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12760aa8, ResultLength=0x1c36f370*=0xf5f8) returned 0x0 [0265.586] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0265.586] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0265.586] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0265.586] CoTaskMemFree (pv=0x1c0899d0) [0265.705] GetForegroundWindow () returned 0x10080 [0265.705] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0265.705] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0265.705] CoTaskMemFree (pv=0x1c0895b0) [0265.707] GetForegroundWindow () returned 0x10080 [0265.707] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0265.707] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0265.707] CoTaskMemFree (pv=0x1c08a420) [0265.830] GetForegroundWindow () returned 0x10080 [0265.830] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0265.830] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0265.830] CoTaskMemFree (pv=0x1c08ac60) [0265.831] GetForegroundWindow () returned 0x10080 [0265.831] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0265.832] EnumProcesses (in: lpidProcess=0x2875cd0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2875cd0, lpcbNeeded=0x1c36f3d0) returned 1 [0265.832] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x127c0b38, ResultLength=0x1c36f370*=0xf5f8) returned 0x0 [0265.833] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0265.833] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0265.834] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0265.834] CoTaskMemFree (pv=0x1c0899d0) [0265.958] GetForegroundWindow () returned 0x100d4 [0265.958] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0265.958] EnumProcesses (in: lpidProcess=0x2893d18, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2893d18, lpcbNeeded=0x1c36f3e0) returned 1 [0265.959] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x127e0b68, ResultLength=0x1c36f380*=0xf5f8) returned 0x0 [0265.960] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0265.961] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0265.961] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c088f80, nMaxCount=256 | out: lpString="FolderView") returned 10 [0265.961] CoTaskMemFree (pv=0x1c088f80) [0265.962] GetForegroundWindow () returned 0x10080 [0265.962] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0265.962] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0265.962] CoTaskMemFree (pv=0x1c0895b0) [0266.080] GetForegroundWindow () returned 0x10080 [0266.080] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0266.080] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0266.080] CoTaskMemFree (pv=0x1c08a000) [0266.081] GetForegroundWindow () returned 0x10080 [0266.081] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0266.081] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0266.081] CoTaskMemFree (pv=0x1c0897c0) [0266.206] GetForegroundWindow () returned 0x10080 [0266.206] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0266.206] EnumProcesses (in: lpidProcess=0x28edc80, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28edc80, lpcbNeeded=0x1c36f3e0) returned 1 [0266.207] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12841018, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12841018, ResultLength=0x1c36f380*=0xf5f8) returned 0x0 [0266.208] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0266.208] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0266.208] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0266.208] CoTaskMemFree (pv=0x1c089190) [0266.210] GetForegroundWindow () returned 0x100d4 [0266.210] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0266.210] EnumProcesses (in: lpidProcess=0x290b5a0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x290b5a0, lpcbNeeded=0x1c36f3d0) returned 1 [0266.211] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12861048, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12861048, ResultLength=0x1c36f370*=0xf5f8) returned 0x0 [0266.212] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0266.212] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0266.212] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="FolderView") returned 10 [0266.212] CoTaskMemFree (pv=0x1c08ac60) [0266.337] GetForegroundWindow () returned 0x10080 [0266.337] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0266.337] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0266.337] CoTaskMemFree (pv=0x1c089190) [0266.339] GetForegroundWindow () returned 0x10080 [0266.339] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0266.339] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0266.339] CoTaskMemFree (pv=0x1c089190) [0266.454] GetForegroundWindow () returned 0x10080 [0266.454] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0266.454] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0266.454] CoTaskMemFree (pv=0x1c08ac60) [0266.455] GetForegroundWindow () returned 0x10080 [0266.455] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0266.455] EnumProcesses (in: lpidProcess=0x2964e90, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2964e90, lpcbNeeded=0x1c36f3d0) returned 1 [0266.456] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c10d8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x128c10d8, ResultLength=0x1c36f370*=0xf5f8) returned 0x0 [0266.457] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0266.457] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0266.457] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0266.457] CoTaskMemFree (pv=0x1c0897c0) [0266.583] GetForegroundWindow () returned 0x100d4 [0266.583] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0266.583] EnumProcesses (in: lpidProcess=0x2982d10, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2982d10, lpcbNeeded=0x1c36f3e0) returned 1 [0266.584] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x1299d8c0, ResultLength=0x1c36f380*=0xf5f8) returned 0x0 [0266.585] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0266.585] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0266.585] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089be0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0266.585] CoTaskMemFree (pv=0x1c089be0) [0266.586] GetForegroundWindow () returned 0x10080 [0266.586] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0266.586] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0266.586] CoTaskMemFree (pv=0x1c08a840) [0266.710] GetForegroundWindow () returned 0x10080 [0266.710] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0266.710] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0266.710] CoTaskMemFree (pv=0x1c0899d0) [0266.711] GetForegroundWindow () returned 0x10080 [0266.712] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0266.712] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0266.712] CoTaskMemFree (pv=0x1c0899d0) [0266.842] GetForegroundWindow () returned 0x10080 [0266.842] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0266.842] EnumProcesses (in: lpidProcess=0x27ecf08, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27ecf08, lpcbNeeded=0x1c36f3e0) returned 1 [0266.844] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129fd950, ResultLength=0x1c36f380*=0xf5f8) returned 0x0 [0266.854] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0266.854] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0266.854] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0266.854] CoTaskMemFree (pv=0x1c089190) [0266.856] GetForegroundWindow () returned 0x100d4 [0266.856] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0266.856] EnumProcesses (in: lpidProcess=0x280a828, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x280a828, lpcbNeeded=0x1c36f3d0) returned 1 [0266.858] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a1d980, ResultLength=0x1c36f370*=0xf5f8) returned 0x0 [0266.861] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0266.861] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0266.861] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a000, nMaxCount=256 | out: lpString="FolderView") returned 10 [0266.861] CoTaskMemFree (pv=0x1c08a000) [0266.984] GetForegroundWindow () returned 0x10080 [0266.984] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0266.984] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0266.984] CoTaskMemFree (pv=0x1c08a000) [0266.985] GetForegroundWindow () returned 0x10080 [0266.985] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0266.985] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0266.986] CoTaskMemFree (pv=0x1c08aa50) [0267.107] GetForegroundWindow () returned 0x10080 [0267.107] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0267.107] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0267.107] CoTaskMemFree (pv=0x1c0893a0) [0267.109] GetForegroundWindow () returned 0x10080 [0267.109] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0267.109] EnumProcesses (in: lpidProcess=0x2864190, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2864190, lpcbNeeded=0x1c36f3d0) returned 1 [0267.111] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7da10, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a7da10, ResultLength=0x1c36f370*=0xf5f8) returned 0x0 [0267.114] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0267.114] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0267.114] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0267.114] CoTaskMemFree (pv=0x1c089df0) [0267.232] GetForegroundWindow () returned 0x100d4 [0267.232] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0267.232] EnumProcesses (in: lpidProcess=0x2882010, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2882010, lpcbNeeded=0x1c36f3e0) returned 1 [0267.248] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x126b6e90, ResultLength=0x1c36f380*=0xf5f8) returned 0x0 [0267.254] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0267.254] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0267.254] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0267.254] CoTaskMemFree (pv=0x1c08aa50) [0267.256] GetLastInputInfo (in: plii=0x1c36f500 | out: plii=0x1c36f500*(cbSize=0x8, dwTime=0x1b9d5)) returned 1 [0267.257] GetForegroundWindow () returned 0x10080 [0267.257] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0267.257] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0267.257] CoTaskMemFree (pv=0x1c089df0) [0267.438] GetForegroundWindow () returned 0x10080 [0267.438] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0267.438] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0267.439] CoTaskMemFree (pv=0x1c0897c0) [0267.441] GetForegroundWindow () returned 0x10080 [0267.441] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0267.441] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0267.442] CoTaskMemFree (pv=0x1c08a000) [0267.583] GetForegroundWindow () returned 0x10080 [0267.583] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0267.583] EnumProcesses (in: lpidProcess=0x27fe968, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27fe968, lpcbNeeded=0x1c36f3e0) returned 1 [0267.584] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12740a78, ResultLength=0x1c36f380*=0xf738) returned 0x0 [0267.591] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0267.591] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0267.591] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0267.591] CoTaskMemFree (pv=0x1c08a210) [0267.592] GetForegroundWindow () returned 0x100d4 [0267.592] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0267.592] EnumProcesses (in: lpidProcess=0x281c4c8, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x281c4c8, lpcbNeeded=0x1c36f3d0) returned 1 [0267.593] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12760aa8, ResultLength=0x1c36f370*=0xf738) returned 0x0 [0267.593] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0267.594] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0267.594] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089be0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0267.594] CoTaskMemFree (pv=0x1c089be0) [0268.645] GetForegroundWindow () returned 0x10080 [0268.645] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0268.645] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0268.645] CoTaskMemFree (pv=0x1c08a000) [0268.647] GetForegroundWindow () returned 0x10080 [0268.647] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0268.647] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0268.647] CoTaskMemFree (pv=0x1c089190) [0268.904] GetForegroundWindow () returned 0x10080 [0268.904] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0268.904] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0268.905] CoTaskMemFree (pv=0x1c08a420) [0268.906] GetForegroundWindow () returned 0x10080 [0268.906] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0268.906] EnumProcesses (in: lpidProcess=0x2876eb0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2876eb0, lpcbNeeded=0x1c36f3d0) returned 1 [0268.907] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x127c0b38, ResultLength=0x1c36f370*=0xf968) returned 0x0 [0268.908] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0268.908] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0268.908] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0268.908] CoTaskMemFree (pv=0x1c088f80) [0269.084] GetForegroundWindow () returned 0x100d4 [0269.084] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0269.084] EnumProcesses (in: lpidProcess=0x2895780, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2895780, lpcbNeeded=0x1c36f3e0) returned 1 [0269.085] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x127e0b68, ResultLength=0x1c36f380*=0xf968) returned 0x0 [0269.086] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0269.086] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0269.086] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a630, nMaxCount=256 | out: lpString="FolderView") returned 10 [0269.086] CoTaskMemFree (pv=0x1c08a630) [0269.087] GetForegroundWindow () returned 0x10080 [0269.087] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0269.088] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0269.088] CoTaskMemFree (pv=0x1c089df0) [0269.334] GetForegroundWindow () returned 0x10080 [0269.334] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0269.334] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0269.335] CoTaskMemFree (pv=0x1c089190) [0269.336] GetForegroundWindow () returned 0x10080 [0269.336] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0269.336] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0269.336] CoTaskMemFree (pv=0x1c0897c0) [0270.258] GetForegroundWindow () returned 0x10080 [0270.258] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0270.258] EnumProcesses (in: lpidProcess=0x28f10b0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28f10b0, lpcbNeeded=0x1c36f3e0) returned 1 [0270.259] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12841018, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12841018, ResultLength=0x1c36f380*=0xfaa8) returned 0x0 [0270.260] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0270.260] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0270.260] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0270.260] CoTaskMemFree (pv=0x1c08a840) [0270.262] GetForegroundWindow () returned 0x100d4 [0270.262] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0270.262] EnumProcesses (in: lpidProcess=0x290f660, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x290f660, lpcbNeeded=0x1c36f3d0) returned 1 [0270.263] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12861048, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12861048, ResultLength=0x1c36f370*=0xfaa8) returned 0x0 [0270.264] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0270.264] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0270.264] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="FolderView") returned 10 [0270.264] CoTaskMemFree (pv=0x1c08ac60) [0270.396] GetForegroundWindow () returned 0x10080 [0270.396] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0270.397] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0270.397] CoTaskMemFree (pv=0x1c08a840) [0270.398] GetForegroundWindow () returned 0x10080 [0270.398] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0270.398] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0270.399] CoTaskMemFree (pv=0x1c08a420) [0270.529] GetForegroundWindow () returned 0x10080 [0270.530] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0270.530] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0270.530] CoTaskMemFree (pv=0x1c0895b0) [0270.531] GetForegroundWindow () returned 0x10080 [0270.531] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0270.531] EnumProcesses (in: lpidProcess=0x296b958, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x296b958, lpcbNeeded=0x1c36f3d0) returned 1 [0270.532] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c10d8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x128c10d8, ResultLength=0x1c36f370*=0xfaf8) returned 0x0 [0270.532] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0270.532] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0270.533] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0270.533] CoTaskMemFree (pv=0x1c08a210) [0270.740] GetForegroundWindow () returned 0x100d4 [0270.740] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0270.740] EnumProcesses (in: lpidProcess=0x298a5d0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x298a5d0, lpcbNeeded=0x1c36f3e0) returned 1 [0270.741] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x1299d8c0, ResultLength=0x1c36f380*=0xfd78) returned 0x0 [0270.751] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0270.751] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0270.751] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0270.751] CoTaskMemFree (pv=0x1c08aa50) [0270.752] GetForegroundWindow () returned 0x10080 [0270.752] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0270.752] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0270.752] CoTaskMemFree (pv=0x1c0893a0) [0271.078] GetForegroundWindow () returned 0x10080 [0271.078] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0271.078] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0271.079] CoTaskMemFree (pv=0x1c08a000) [0271.080] GetForegroundWindow () returned 0x10080 [0271.080] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0271.080] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0271.080] CoTaskMemFree (pv=0x1c0893a0) [0271.235] GetForegroundWindow () returned 0x10080 [0271.235] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0271.235] EnumProcesses (in: lpidProcess=0x27ff3c8, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27ff3c8, lpcbNeeded=0x1c36f3e0) returned 1 [0271.237] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129fd950, ResultLength=0x1c36f380*=0xfd78) returned 0x0 [0271.245] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0271.245] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0271.245] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0271.245] CoTaskMemFree (pv=0x1c08a420) [0271.247] GetForegroundWindow () returned 0x100d4 [0271.247] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0271.247] EnumProcesses (in: lpidProcess=0x281df88, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x281df88, lpcbNeeded=0x1c36f3d0) returned 1 [0271.249] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a1d980, ResultLength=0x1c36f370*=0xfd78) returned 0x0 [0271.251] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0271.252] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0271.252] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089df0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0271.252] CoTaskMemFree (pv=0x1c089df0) [0271.467] GetForegroundWindow () returned 0x10080 [0271.468] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0271.468] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0271.468] CoTaskMemFree (pv=0x1c0895b0) [0271.469] GetForegroundWindow () returned 0x10080 [0271.469] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0271.469] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0271.469] CoTaskMemFree (pv=0x1c08a000) [0271.584] GetForegroundWindow () returned 0x10080 [0271.584] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0271.584] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0271.584] CoTaskMemFree (pv=0x1c08aa50) [0271.586] GetForegroundWindow () returned 0x10080 [0271.586] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0271.586] EnumProcesses (in: lpidProcess=0x287b1d0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x287b1d0, lpcbNeeded=0x1c36f3d0) returned 1 [0271.588] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7da10, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a7da10, ResultLength=0x1c36f370*=0xfdc8) returned 0x0 [0271.591] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0271.600] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0271.600] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0271.600] CoTaskMemFree (pv=0x1c089df0) [0271.727] GetForegroundWindow () returned 0x100d4 [0271.727] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0271.727] EnumProcesses (in: lpidProcess=0x289a5e8, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x289a5e8, lpcbNeeded=0x1c36f3e0) returned 1 [0271.746] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x126b6e90, ResultLength=0x1c36f380*=0xfdc8) returned 0x0 [0271.753] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0271.753] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0271.753] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089df0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0271.753] CoTaskMemFree (pv=0x1c089df0) [0271.755] GetForegroundWindow () returned 0x10080 [0271.755] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0271.755] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0271.755] CoTaskMemFree (pv=0x1c08a210) [0272.037] GetForegroundWindow () returned 0x10080 [0272.037] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0272.037] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0272.037] CoTaskMemFree (pv=0x1c089190) [0272.039] GetForegroundWindow () returned 0x10080 [0272.039] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0272.039] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0272.039] CoTaskMemFree (pv=0x1c08a630) [0272.162] GetForegroundWindow () returned 0x10080 [0272.162] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0272.162] EnumProcesses (in: lpidProcess=0x2803100, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2803100, lpcbNeeded=0x1c36f3e0) returned 1 [0272.163] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12740a78, ResultLength=0x1c36f380*=0xfdc8) returned 0x0 [0272.164] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0272.165] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0272.166] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0272.166] CoTaskMemFree (pv=0x1c088f80) [0272.167] GetForegroundWindow () returned 0x100d4 [0272.167] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0272.167] EnumProcesses (in: lpidProcess=0x2821df0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2821df0, lpcbNeeded=0x1c36f3d0) returned 1 [0272.168] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12760aa8, ResultLength=0x1c36f370*=0xfdc8) returned 0x0 [0272.169] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0272.169] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0272.169] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0272.169] CoTaskMemFree (pv=0x1c0893a0) [0272.287] GetForegroundWindow () returned 0x10080 [0272.287] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0272.287] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0272.287] CoTaskMemFree (pv=0x1c08aa50) [0272.288] GetForegroundWindow () returned 0x10080 [0272.288] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0272.288] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0272.289] CoTaskMemFree (pv=0x1c0899d0) [0272.412] GetForegroundWindow () returned 0x10080 [0272.412] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0272.412] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0272.412] CoTaskMemFree (pv=0x1c089df0) [0272.413] GetForegroundWindow () returned 0x10080 [0272.413] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0272.413] EnumProcesses (in: lpidProcess=0x287f250, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x287f250, lpcbNeeded=0x1c36f3d0) returned 1 [0272.414] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x127c0b38, ResultLength=0x1c36f370*=0xfdc8) returned 0x0 [0272.415] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0272.415] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0272.415] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0272.416] CoTaskMemFree (pv=0x1c08ac60) [0272.537] GetForegroundWindow () returned 0x100d4 [0272.537] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0272.537] EnumProcesses (in: lpidProcess=0x289e4a0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x289e4a0, lpcbNeeded=0x1c36f3e0) returned 1 [0272.538] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x127e0b68, ResultLength=0x1c36f380*=0xfdc8) returned 0x0 [0272.539] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0272.539] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0272.539] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c088f80, nMaxCount=256 | out: lpString="FolderView") returned 10 [0272.539] CoTaskMemFree (pv=0x1c088f80) [0272.540] GetForegroundWindow () returned 0x10080 [0272.540] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0272.540] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0272.540] CoTaskMemFree (pv=0x1c08ac60) [0272.663] GetForegroundWindow () returned 0x10080 [0272.664] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0272.664] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0272.664] CoTaskMemFree (pv=0x1c08a420) [0272.665] GetForegroundWindow () returned 0x10080 [0272.665] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0272.665] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0272.665] CoTaskMemFree (pv=0x1c089be0) [0272.787] GetForegroundWindow () returned 0x10080 [0272.787] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0272.787] EnumProcesses (in: lpidProcess=0x28fb978, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28fb978, lpcbNeeded=0x1c36f3e0) returned 1 [0272.788] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12841018, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12841018, ResultLength=0x1c36f380*=0xfdc8) returned 0x0 [0272.789] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0272.789] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0272.789] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0272.789] CoTaskMemFree (pv=0x1c0899d0) [0272.791] GetForegroundWindow () returned 0x100d4 [0272.791] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0272.791] EnumProcesses (in: lpidProcess=0x291a668, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x291a668, lpcbNeeded=0x1c36f3d0) returned 1 [0272.792] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12861048, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12861048, ResultLength=0x1c36f370*=0xfdc8) returned 0x0 [0272.792] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0272.792] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0272.793] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0272.793] CoTaskMemFree (pv=0x1c08aa50) [0272.915] GetForegroundWindow () returned 0x10080 [0272.916] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0272.916] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0272.916] CoTaskMemFree (pv=0x1c08aa50) [0272.917] GetForegroundWindow () returned 0x10080 [0272.917] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0272.917] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0272.917] CoTaskMemFree (pv=0x1c08aa50) [0273.037] GetForegroundWindow () returned 0x10080 [0273.037] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0273.037] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0273.037] CoTaskMemFree (pv=0x1c0899d0) [0273.038] GetForegroundWindow () returned 0x10080 [0273.038] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0273.038] EnumProcesses (in: lpidProcess=0x2977be8, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2977be8, lpcbNeeded=0x1c36f3d0) returned 1 [0273.039] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c10d8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x128c10d8, ResultLength=0x1c36f370*=0xfe68) returned 0x0 [0273.039] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0273.039] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0273.040] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0273.040] CoTaskMemFree (pv=0x1c0893a0) [0273.162] GetForegroundWindow () returned 0x100d4 [0273.162] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0273.162] EnumProcesses (in: lpidProcess=0x2996f58, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2996f58, lpcbNeeded=0x1c36f3e0) returned 1 [0273.163] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x1299d8c0, ResultLength=0x1c36f380*=0xfe68) returned 0x0 [0273.180] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0273.180] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0273.180] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0273.181] CoTaskMemFree (pv=0x1c08aa50) [0273.182] GetForegroundWindow () returned 0x10080 [0273.182] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0273.182] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0273.182] CoTaskMemFree (pv=0x1c088f80) [0273.304] GetForegroundWindow () returned 0x10080 [0273.304] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0273.304] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0273.304] CoTaskMemFree (pv=0x1c0893a0) [0273.306] GetForegroundWindow () returned 0x10080 [0273.306] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0273.306] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0273.306] CoTaskMemFree (pv=0x1c0895b0) [0273.409] GetForegroundWindow () returned 0x10080 [0273.409] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0273.409] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0273.410] CoTaskMemFree (pv=0x1c0895b0) [0273.411] GetForegroundWindow () returned 0x100d4 [0273.411] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0273.412] EnumProcesses (in: lpidProcess=0x27e90a8, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27e90a8, lpcbNeeded=0x1c36f3d0) returned 1 [0273.414] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x129dd920, ResultLength=0x1c36f370*=0xfe18) returned 0x0 [0273.417] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0273.417] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0273.417] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089df0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0273.417] CoTaskMemFree (pv=0x1c089df0) [0273.552] GetForegroundWindow () returned 0x10080 [0273.553] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0273.553] EnumProcesses (in: lpidProcess=0x2845948, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2845948, lpcbNeeded=0x1c36f3e0) returned 1 [0273.555] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1c36f380*=0xfe18) returned 0x0 [0273.558] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0273.558] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0273.558] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0273.558] CoTaskMemFree (pv=0x1c0895b0) [0273.559] GetForegroundWindow () returned 0x10080 [0273.559] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0273.559] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0273.560] CoTaskMemFree (pv=0x1c0899d0) [0273.679] GetForegroundWindow () returned 0x10080 [0273.679] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0273.679] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0273.680] CoTaskMemFree (pv=0x1c08a420) [0273.680] GetForegroundWindow () returned 0x10080 [0273.681] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0273.681] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0273.681] CoTaskMemFree (pv=0x1c089190) [0273.802] GetForegroundWindow () returned 0x100d4 [0273.803] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0273.803] EnumProcesses (in: lpidProcess=0x28844f0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28844f0, lpcbNeeded=0x1c36f3e0) returned 1 [0273.805] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7da10, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12a7da10, ResultLength=0x1c36f380*=0xfe18) returned 0x0 [0273.816] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0273.816] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0273.816] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="FolderView") returned 10 [0273.816] CoTaskMemFree (pv=0x1c08ac60) [0273.818] GetForegroundWindow () returned 0x10080 [0273.818] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0273.818] EnumProcesses (in: lpidProcess=0x28a3280, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28a3280, lpcbNeeded=0x1c36f3d0) returned 1 [0273.835] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x126b6e90, ResultLength=0x1c36f370*=0xfe18) returned 0x0 [0273.841] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0273.842] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0273.842] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0273.842] CoTaskMemFree (pv=0x1c08a210) [0273.960] GetForegroundWindow () returned 0x10080 [0273.960] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0273.960] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0273.960] CoTaskMemFree (pv=0x1c08aa50) [0273.962] GetForegroundWindow () returned 0x10080 [0273.962] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0273.962] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0273.962] CoTaskMemFree (pv=0x1c08ac60) [0274.085] GetForegroundWindow () returned 0x10080 [0274.085] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0274.085] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0274.085] CoTaskMemFree (pv=0x1c08aa50) [0274.087] GetForegroundWindow () returned 0x100d4 [0274.087] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0274.087] EnumProcesses (in: lpidProcess=0x27e4740, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27e4740, lpcbNeeded=0x1c36f3d0) returned 1 [0274.088] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12720a48, ResultLength=0x1c36f370*=0xfe18) returned 0x0 [0274.088] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0274.089] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0274.089] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0274.089] CoTaskMemFree (pv=0x1c0893a0) [0274.225] GetForegroundWindow () returned 0x10080 [0274.225] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0274.225] EnumProcesses (in: lpidProcess=0x2841658, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2841658, lpcbNeeded=0x1c36f3e0) returned 1 [0274.226] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12780ad8, ResultLength=0x1c36f380*=0xfe18) returned 0x0 [0274.227] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0274.227] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0274.227] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0274.227] CoTaskMemFree (pv=0x1c08a210) [0274.229] GetForegroundWindow () returned 0x10080 [0274.229] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0274.229] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0274.229] CoTaskMemFree (pv=0x1c08aa50) [0274.349] GetForegroundWindow () returned 0x10080 [0274.349] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0274.349] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0274.350] CoTaskMemFree (pv=0x1c089be0) [0274.351] GetForegroundWindow () returned 0x10080 [0274.351] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0274.351] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0274.351] CoTaskMemFree (pv=0x1c089190) [0274.475] GetForegroundWindow () returned 0x100d4 [0274.475] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0274.475] EnumProcesses (in: lpidProcess=0x2880188, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2880188, lpcbNeeded=0x1c36f3e0) returned 1 [0274.476] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x127c0b38, ResultLength=0x1c36f380*=0xfe18) returned 0x0 [0274.477] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0274.477] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0274.477] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a210, nMaxCount=256 | out: lpString="FolderView") returned 10 [0274.477] CoTaskMemFree (pv=0x1c08a210) [0274.478] GetForegroundWindow () returned 0x10080 [0274.478] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0274.478] EnumProcesses (in: lpidProcess=0x289ef18, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x289ef18, lpcbNeeded=0x1c36f3d0) returned 1 [0274.479] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x127e0b68, ResultLength=0x1c36f370*=0xfe18) returned 0x0 [0274.479] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0274.479] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0274.480] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0274.480] CoTaskMemFree (pv=0x1c0893a0) [0274.601] GetForegroundWindow () returned 0x10080 [0274.601] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0274.601] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0274.605] CoTaskMemFree (pv=0x1c08a420) [0274.606] GetForegroundWindow () returned 0x10080 [0274.606] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0274.606] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0274.607] CoTaskMemFree (pv=0x1c08ac60) [0274.787] GetForegroundWindow () returned 0x10080 [0274.787] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0274.787] EnumProcesses (in: lpidProcess=0x28fc840, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28fc840, lpcbNeeded=0x1c36f3e0) returned 1 [0274.788] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12841018, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12841018, ResultLength=0x1c36f380*=0xfe18) returned 0x0 [0274.789] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0274.789] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0274.789] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0274.789] CoTaskMemFree (pv=0x1c089be0) [0274.791] GetForegroundWindow () returned 0x100d4 [0274.791] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0274.791] EnumProcesses (in: lpidProcess=0x291b5c0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x291b5c0, lpcbNeeded=0x1c36f3d0) returned 1 [0274.792] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12861048, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12861048, ResultLength=0x1c36f370*=0xfe18) returned 0x0 [0274.792] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0274.792] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0274.792] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0274.793] CoTaskMemFree (pv=0x1c0893a0) [0274.912] GetForegroundWindow () returned 0x10080 [0274.912] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0274.912] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0274.913] CoTaskMemFree (pv=0x1c08aa50) [0274.914] GetForegroundWindow () returned 0x10080 [0274.914] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0274.914] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0274.914] CoTaskMemFree (pv=0x1c08aa50) [0275.045] GetForegroundWindow () returned 0x10080 [0275.045] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0275.045] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0275.045] CoTaskMemFree (pv=0x1c089df0) [0275.046] GetForegroundWindow () returned 0x10080 [0275.047] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0275.047] EnumProcesses (in: lpidProcess=0x2978bd0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2978bd0, lpcbNeeded=0x1c36f3d0) returned 1 [0275.048] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c10d8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x128c10d8, ResultLength=0x1c36f370*=0xfb98) returned 0x0 [0275.048] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0275.048] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0275.048] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0275.049] CoTaskMemFree (pv=0x1c089be0) [0275.216] GetForegroundWindow () returned 0x100d4 [0275.216] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0275.216] EnumProcesses (in: lpidProcess=0x2997a30, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2997a30, lpcbNeeded=0x1c36f3e0) returned 1 [0275.217] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x1299d8c0, ResultLength=0x1c36f380*=0xf328) returned 0x0 [0275.233] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0275.233] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0275.233] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c088f80, nMaxCount=256 | out: lpString="FolderView") returned 10 [0275.233] CoTaskMemFree (pv=0x1c088f80) [0275.234] GetForegroundWindow () returned 0x10080 [0275.235] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0275.235] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0275.235] CoTaskMemFree (pv=0x1c08a210) [0275.363] GetForegroundWindow () returned 0x10080 [0275.363] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0275.363] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0275.363] CoTaskMemFree (pv=0x1c0899d0) [0275.364] GetLastInputInfo (in: plii=0x1c36f500 | out: plii=0x1c36f500*(cbSize=0x8, dwTime=0x1e133)) returned 1 [0275.365] GetForegroundWindow () returned 0x10080 [0275.365] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0275.365] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0275.365] CoTaskMemFree (pv=0x1c088f80) [0275.504] GetForegroundWindow () returned 0x10080 [0275.504] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0275.504] EnumProcesses (in: lpidProcess=0x2804690, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2804690, lpcbNeeded=0x1c36f3e0) returned 1 [0275.506] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129fd950, ResultLength=0x1c36f380*=0xf328) returned 0x0 [0275.519] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0275.519] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0275.519] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0275.520] CoTaskMemFree (pv=0x1c08aa50) [0275.521] GetForegroundWindow () returned 0x100d4 [0275.521] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0275.521] EnumProcesses (in: lpidProcess=0x2821e40, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2821e40, lpcbNeeded=0x1c36f3d0) returned 1 [0275.523] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a1d980, ResultLength=0x1c36f370*=0xf328) returned 0x0 [0275.526] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0275.527] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0275.527] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089be0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0275.527] CoTaskMemFree (pv=0x1c089be0) [0275.644] GetForegroundWindow () returned 0x10080 [0275.644] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0275.644] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0275.644] CoTaskMemFree (pv=0x1c08a420) [0275.645] GetForegroundWindow () returned 0x10080 [0275.645] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0275.646] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0275.646] CoTaskMemFree (pv=0x1c0899d0) [0275.769] GetForegroundWindow () returned 0x10080 [0275.769] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0275.769] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0275.770] CoTaskMemFree (pv=0x1c08ac60) [0275.771] GetForegroundWindow () returned 0x10080 [0275.771] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0275.771] EnumProcesses (in: lpidProcess=0x287b358, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x287b358, lpcbNeeded=0x1c36f3d0) returned 1 [0275.773] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7da10, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a7da10, ResultLength=0x1c36f370*=0xf328) returned 0x0 [0275.776] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0275.776] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0275.776] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0275.776] CoTaskMemFree (pv=0x1c089df0) [0275.894] GetForegroundWindow () returned 0x100d4 [0275.894] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0275.895] EnumProcesses (in: lpidProcess=0x2899068, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2899068, lpcbNeeded=0x1c36f3e0) returned 1 [0275.911] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x126b6e90, ResultLength=0x1c36f380*=0xf328) returned 0x0 [0275.917] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0275.917] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0275.917] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089be0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0275.918] CoTaskMemFree (pv=0x1c089be0) [0275.919] GetForegroundWindow () returned 0x10080 [0275.919] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0275.919] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0275.919] CoTaskMemFree (pv=0x1c088f80) [0276.041] GetForegroundWindow () returned 0x10080 [0276.041] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0276.041] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0276.041] CoTaskMemFree (pv=0x1c089df0) [0276.042] GetForegroundWindow () returned 0x10080 [0276.043] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0276.043] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0276.043] CoTaskMemFree (pv=0x1c08aa50) [0276.164] GetForegroundWindow () returned 0x10080 [0276.164] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0276.164] EnumProcesses (in: lpidProcess=0x27ff128, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27ff128, lpcbNeeded=0x1c36f3e0) returned 1 [0276.165] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12740a78, ResultLength=0x1c36f380*=0xf328) returned 0x0 [0276.166] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0276.166] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0276.166] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0276.166] CoTaskMemFree (pv=0x1c08a000) [0276.167] GetForegroundWindow () returned 0x100d4 [0276.167] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0276.167] EnumProcesses (in: lpidProcess=0x281c8d8, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x281c8d8, lpcbNeeded=0x1c36f3d0) returned 1 [0276.168] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12760aa8, ResultLength=0x1c36f370*=0xf328) returned 0x0 [0276.168] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0276.168] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0276.168] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a630, nMaxCount=256 | out: lpString="FolderView") returned 10 [0276.168] CoTaskMemFree (pv=0x1c08a630) [0276.294] GetForegroundWindow () returned 0x10080 [0276.295] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0276.295] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0276.295] CoTaskMemFree (pv=0x1c08aa50) [0276.296] GetForegroundWindow () returned 0x10080 [0276.296] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0276.296] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0276.296] CoTaskMemFree (pv=0x1c0893a0) [0276.425] GetForegroundWindow () returned 0x10080 [0276.426] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0276.426] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0276.426] CoTaskMemFree (pv=0x1c089df0) [0276.427] GetForegroundWindow () returned 0x10080 [0276.427] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0276.427] EnumProcesses (in: lpidProcess=0x2875d78, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2875d78, lpcbNeeded=0x1c36f3d0) returned 1 [0276.428] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x127c0b38, ResultLength=0x1c36f370*=0xf328) returned 0x0 [0276.429] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0276.431] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0276.431] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0276.431] CoTaskMemFree (pv=0x1c08a210) [0276.566] GetForegroundWindow () returned 0x100d4 [0276.566] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0276.566] EnumProcesses (in: lpidProcess=0x2893a88, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2893a88, lpcbNeeded=0x1c36f3e0) returned 1 [0276.567] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x127e0b68, ResultLength=0x1c36f380*=0xf328) returned 0x0 [0276.568] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0276.568] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0276.568] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0276.568] CoTaskMemFree (pv=0x1c0899d0) [0276.570] GetForegroundWindow () returned 0x10080 [0276.570] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0276.570] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0276.570] CoTaskMemFree (pv=0x1c0899d0) [0276.789] WSASend (in: s=0x410, lpBuffers=0x1c36f260*=((len=0xc, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c36f258, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c36f258*=0xc, lpOverlapped=0x27ce1c8) returned 0 [0276.792] GetForegroundWindow () returned 0x10080 [0276.792] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0276.792] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0276.792] CoTaskMemFree (pv=0x1c08aa50) [0276.793] GetForegroundWindow () returned 0x10080 [0276.793] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0276.793] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0276.793] CoTaskMemFree (pv=0x1c08ac60) [0276.929] GetForegroundWindow () returned 0x10080 [0276.929] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0276.930] EnumProcesses (in: lpidProcess=0x28ed0f0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28ed0f0, lpcbNeeded=0x1c36f3e0) returned 1 [0276.931] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12841018, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12841018, ResultLength=0x1c36f380*=0xf2d8) returned 0x0 [0276.941] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0276.941] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0276.941] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0276.941] CoTaskMemFree (pv=0x1c089190) [0276.942] GetForegroundWindow () returned 0x100d4 [0276.944] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0276.944] EnumProcesses (in: lpidProcess=0x290a810, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x290a810, lpcbNeeded=0x1c36f3d0) returned 1 [0276.945] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12861048, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12861048, ResultLength=0x1c36f370*=0xf2d8) returned 0x0 [0276.945] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0276.945] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0276.945] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0276.946] CoTaskMemFree (pv=0x1c0897c0) [0277.072] GetForegroundWindow () returned 0x10080 [0277.072] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0277.072] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0277.073] CoTaskMemFree (pv=0x1c08a420) [0277.074] GetForegroundWindow () returned 0x10080 [0277.074] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0277.074] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0277.074] CoTaskMemFree (pv=0x1c08aa50) [0277.214] GetForegroundWindow () returned 0x10080 [0277.215] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0277.215] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0277.215] CoTaskMemFree (pv=0x1c08a840) [0277.216] GetForegroundWindow () returned 0x10080 [0277.216] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0277.217] EnumProcesses (in: lpidProcess=0x2963b00, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2963b00, lpcbNeeded=0x1c36f3d0) returned 1 [0277.218] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c10d8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x128c10d8, ResultLength=0x1c36f370*=0xf2d8) returned 0x0 [0277.219] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0277.219] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0277.219] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0277.219] CoTaskMemFree (pv=0x1c08aa50) [0277.341] GetForegroundWindow () returned 0x100d4 [0277.341] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0277.341] EnumProcesses (in: lpidProcess=0x2981780, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2981780, lpcbNeeded=0x1c36f3e0) returned 1 [0277.342] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x1299d8c0, ResultLength=0x1c36f380*=0xf2d8) returned 0x0 [0277.343] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0277.343] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0277.343] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0277.343] CoTaskMemFree (pv=0x1c08aa50) [0277.344] GetForegroundWindow () returned 0x10080 [0277.345] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0277.345] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0277.345] CoTaskMemFree (pv=0x1c08a840) [0277.397] GetForegroundWindow () returned 0x10080 [0277.397] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0277.397] EnumProcesses (in: lpidProcess=0x299f1a8, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x299f1a8, lpcbNeeded=0x1c36f3e0) returned 1 [0277.399] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129bd8f0, ResultLength=0x1c36f380*=0xf2d8) returned 0x0 [0277.414] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0277.415] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0277.415] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0277.415] CoTaskMemFree (pv=0x1c089df0) [0277.416] GetForegroundWindow () returned 0x10080 [0277.416] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0277.416] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0277.416] CoTaskMemFree (pv=0x1c0893a0) [0277.538] GetForegroundWindow () returned 0x10080 [0277.538] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0277.538] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0277.539] CoTaskMemFree (pv=0x1c089df0) [0277.540] GetForegroundWindow () returned 0x100d4 [0277.540] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0277.540] EnumProcesses (in: lpidProcess=0x27ceb18, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27ceb18, lpcbNeeded=0x1c36f3d0) returned 1 [0277.542] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x129dd920, ResultLength=0x1c36f370*=0xf2d8) returned 0x0 [0277.545] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0277.545] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0277.545] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0277.545] CoTaskMemFree (pv=0x1c0893a0) [0277.679] GetForegroundWindow () returned 0x10080 [0277.679] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0277.679] EnumProcesses (in: lpidProcess=0x2826f78, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2826f78, lpcbNeeded=0x1c36f3e0) returned 1 [0277.681] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1c36f380*=0xf288) returned 0x0 [0277.684] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0277.684] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0277.684] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0277.684] CoTaskMemFree (pv=0x1c08a840) [0277.685] GetForegroundWindow () returned 0x10080 [0277.685] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0277.685] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0277.686] CoTaskMemFree (pv=0x1c08a840) [0277.805] GetForegroundWindow () returned 0x10080 [0277.805] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0277.805] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0277.805] CoTaskMemFree (pv=0x1c0893a0) [0277.806] GetForegroundWindow () returned 0x10080 [0277.806] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0277.806] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0277.806] CoTaskMemFree (pv=0x1c08a210) [0277.939] GetForegroundWindow () returned 0x100d4 [0277.939] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0277.940] EnumProcesses (in: lpidProcess=0x2862dd0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2862dd0, lpcbNeeded=0x1c36f3e0) returned 1 [0277.944] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7da10, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12a7da10, ResultLength=0x1c36f380*=0xf2d8) returned 0x0 [0277.948] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0277.948] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0277.948] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0277.948] CoTaskMemFree (pv=0x1c08aa50) [0277.950] GetForegroundWindow () returned 0x10080 [0277.950] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0277.950] EnumProcesses (in: lpidProcess=0x2880500, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2880500, lpcbNeeded=0x1c36f3d0) returned 1 [0277.970] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x126b6e90, ResultLength=0x1c36f370*=0xf2d8) returned 0x0 [0277.982] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0277.982] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0277.982] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0277.982] CoTaskMemFree (pv=0x1c089be0) [0278.038] GetForegroundWindow () returned 0x10080 [0278.038] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0278.038] EnumProcesses (in: lpidProcess=0x27c1de8, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27c1de8, lpcbNeeded=0x1c36f3e0) returned 1 [0278.039] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12700a18, ResultLength=0x1c36f380*=0xf2d8) returned 0x0 [0278.040] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0278.040] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0278.040] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0278.040] CoTaskMemFree (pv=0x1c08aa50) [0278.041] GetForegroundWindow () returned 0x10080 [0278.041] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0278.041] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0278.042] CoTaskMemFree (pv=0x1c0897c0) [0278.163] GetForegroundWindow () returned 0x10080 [0278.163] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0278.163] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0278.163] CoTaskMemFree (pv=0x1c08a420) [0278.164] GetForegroundWindow () returned 0x100d4 [0278.164] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0278.164] EnumProcesses (in: lpidProcess=0x27e0768, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27e0768, lpcbNeeded=0x1c36f3d0) returned 1 [0278.165] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12720a48, ResultLength=0x1c36f370*=0xf2d8) returned 0x0 [0278.165] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0278.165] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0278.165] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0278.165] CoTaskMemFree (pv=0x1c0897c0) [0278.303] GetForegroundWindow () returned 0x10080 [0278.303] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0278.303] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0278.304] CoTaskMemFree (pv=0x1c08a210) [0278.304] GetForegroundWindow () returned 0x10080 [0278.305] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0278.305] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0278.305] CoTaskMemFree (pv=0x1c0893a0) [0278.428] GetForegroundWindow () returned 0x10080 [0278.428] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0278.429] EnumProcesses (in: lpidProcess=0x28397a8, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28397a8, lpcbNeeded=0x1c36f3e0) returned 1 [0278.429] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12780ad8, ResultLength=0x1c36f380*=0xf2d8) returned 0x0 [0278.430] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0278.430] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0278.430] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0278.431] CoTaskMemFree (pv=0x1c08a210) [0278.432] GetForegroundWindow () returned 0x10080 [0278.432] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0278.432] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0278.432] CoTaskMemFree (pv=0x1c08a630) [0278.650] GetForegroundWindow () returned 0x100d4 [0278.650] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0278.650] EnumProcesses (in: lpidProcess=0x28576d8, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28576d8, lpcbNeeded=0x1c36f3e0) returned 1 [0278.651] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x127a0b08, ResultLength=0x1c36f380*=0xf2d8) returned 0x0 [0278.652] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0278.652] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0278.652] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a630, nMaxCount=256 | out: lpString="FolderView") returned 10 [0278.652] CoTaskMemFree (pv=0x1c08a630) [0278.653] GetForegroundWindow () returned 0x10080 [0278.653] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0278.653] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0278.654] CoTaskMemFree (pv=0x1c08a420) [0278.772] GetForegroundWindow () returned 0x10080 [0278.772] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0278.772] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0278.773] CoTaskMemFree (pv=0x1c08a000) [0278.773] GetForegroundWindow () returned 0x10080 [0278.774] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0278.774] EnumProcesses (in: lpidProcess=0x28b01b8, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28b01b8, lpcbNeeded=0x1c36f3d0) returned 1 [0278.774] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800fb8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12800fb8, ResultLength=0x1c36f370*=0xf2d8) returned 0x0 [0278.775] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0278.775] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0278.775] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0278.776] CoTaskMemFree (pv=0x1c08ac60) [0278.858] GetForegroundWindow () returned 0x10080 [0278.858] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0278.858] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0278.859] CoTaskMemFree (pv=0x1c08a420) [0278.859] GetForegroundWindow () returned 0x100d4 [0278.860] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0278.860] EnumProcesses (in: lpidProcess=0x28cdc00, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28cdc00, lpcbNeeded=0x1c36f3d0) returned 1 [0278.860] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820fe8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12820fe8, ResultLength=0x1c36f370*=0xf2d8) returned 0x0 [0278.861] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0278.861] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0278.861] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089df0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0278.861] CoTaskMemFree (pv=0x1c089df0) [0278.975] GetForegroundWindow () returned 0x10080 [0278.975] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0278.975] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0278.976] CoTaskMemFree (pv=0x1c08aa50) [0278.977] GetForegroundWindow () returned 0x10080 [0278.977] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0278.977] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0278.977] CoTaskMemFree (pv=0x1c08a000) [0279.103] GetForegroundWindow () returned 0x10080 [0279.103] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0279.103] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0279.103] CoTaskMemFree (pv=0x1c0893a0) [0279.104] GetForegroundWindow () returned 0x10080 [0279.104] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0279.104] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0279.104] CoTaskMemFree (pv=0x1c08a000) [0279.225] GetForegroundWindow () returned 0x100d4 [0279.225] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0279.225] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089190, nMaxCount=256 | out: lpString="FolderView") returned 10 [0279.226] CoTaskMemFree (pv=0x1c089190) [0279.226] GetForegroundWindow () returned 0x10080 [0279.226] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0279.227] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0279.227] CoTaskMemFree (pv=0x1c08a210) [0279.350] GetForegroundWindow () returned 0x10080 [0279.350] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0279.350] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0279.351] CoTaskMemFree (pv=0x1c08a630) [0279.352] GetForegroundWindow () returned 0x10080 [0279.352] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0279.352] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0279.352] CoTaskMemFree (pv=0x1c088f80) [0279.476] GetForegroundWindow () returned 0x10080 [0279.476] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0279.476] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0279.477] CoTaskMemFree (pv=0x1c08a210) [0279.478] GetForegroundWindow () returned 0x100d4 [0279.478] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0279.478] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089df0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0279.478] CoTaskMemFree (pv=0x1c089df0) [0279.608] GetForegroundWindow () returned 0x10080 [0279.608] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0279.608] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0279.608] CoTaskMemFree (pv=0x1c0895b0) [0279.609] GetForegroundWindow () returned 0x10080 [0279.609] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0279.609] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0279.609] CoTaskMemFree (pv=0x1c0893a0) [0279.725] GetForegroundWindow () returned 0x10080 [0279.725] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0279.725] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0279.726] CoTaskMemFree (pv=0x1c089be0) [0279.727] GetForegroundWindow () returned 0x10080 [0279.727] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0279.727] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0279.727] CoTaskMemFree (pv=0x1c08a630) [0279.944] GetForegroundWindow () returned 0x100d4 [0279.945] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0279.945] EnumProcesses (in: lpidProcess=0x27ce890, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27ce890, lpcbNeeded=0x1c36f3e0) returned 1 [0279.947] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129dd920, ResultLength=0x1c36f380*=0xf378) returned 0x0 [0279.949] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0279.949] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0279.949] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a630, nMaxCount=256 | out: lpString="FolderView") returned 10 [0279.949] CoTaskMemFree (pv=0x1c08a630) [0279.950] GetForegroundWindow () returned 0x10080 [0279.951] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0279.951] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0279.951] CoTaskMemFree (pv=0x1c08a420) [0280.089] GetForegroundWindow () returned 0x10080 [0280.089] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0280.089] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0280.089] CoTaskMemFree (pv=0x1c08a210) [0280.090] GetForegroundWindow () returned 0x10080 [0280.090] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0280.091] EnumProcesses (in: lpidProcess=0x28276d0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28276d0, lpcbNeeded=0x1c36f3d0) returned 1 [0280.092] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1c36f370*=0xf378) returned 0x0 [0280.095] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0280.095] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0280.095] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0280.095] CoTaskMemFree (pv=0x1c0897c0) [0280.258] GetForegroundWindow () returned 0x10080 [0280.258] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0280.258] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0280.258] CoTaskMemFree (pv=0x1c08aa50) [0280.259] GetForegroundWindow () returned 0x100d4 [0280.259] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0280.259] EnumProcesses (in: lpidProcess=0x2845720, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2845720, lpcbNeeded=0x1c36f3d0) returned 1 [0280.261] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1c36f370*=0xf378) returned 0x0 [0280.263] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0280.263] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0280.263] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a420, nMaxCount=256 | out: lpString="FolderView") returned 10 [0280.263] CoTaskMemFree (pv=0x1c08a420) [0280.383] GetForegroundWindow () returned 0x10080 [0280.385] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0280.385] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0280.386] CoTaskMemFree (pv=0x1c08a210) [0280.387] GetForegroundWindow () returned 0x10080 [0280.387] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0280.387] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0280.387] CoTaskMemFree (pv=0x1c08aa50) [0280.523] GetForegroundWindow () returned 0x10080 [0280.526] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0280.526] EnumProcesses (in: lpidProcess=0x27c21a8, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27c21a8, lpcbNeeded=0x1c36f3e0) returned 1 [0280.527] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12700a18, ResultLength=0x1c36f380*=0xf378) returned 0x0 [0280.528] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0280.528] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0280.528] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0280.528] CoTaskMemFree (pv=0x1c0897c0) [0280.530] GetForegroundWindow () returned 0x10080 [0280.530] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0280.530] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0280.530] CoTaskMemFree (pv=0x1c089190) [0280.651] GetForegroundWindow () returned 0x100d4 [0280.651] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0280.651] EnumProcesses (in: lpidProcess=0x27e09c8, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27e09c8, lpcbNeeded=0x1c36f3e0) returned 1 [0280.652] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12720a48, ResultLength=0x1c36f380*=0xf378) returned 0x0 [0280.653] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0280.653] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0280.653] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0280.653] CoTaskMemFree (pv=0x1c0897c0) [0280.655] GetForegroundWindow () returned 0x10080 [0280.655] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0280.655] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0280.655] CoTaskMemFree (pv=0x1c089be0) [0280.773] GetForegroundWindow () returned 0x10080 [0280.774] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0280.774] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0280.776] CoTaskMemFree (pv=0x1c08a840) [0280.777] GetForegroundWindow () returned 0x10080 [0280.778] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0280.778] EnumProcesses (in: lpidProcess=0x2839808, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2839808, lpcbNeeded=0x1c36f3d0) returned 1 [0280.779] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12780ad8, ResultLength=0x1c36f370*=0xf2d8) returned 0x0 [0280.779] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0280.780] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0280.780] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0280.780] CoTaskMemFree (pv=0x1c0893a0) [0280.898] GetForegroundWindow () returned 0x10080 [0280.898] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0280.898] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0280.901] CoTaskMemFree (pv=0x1c08a000) [0280.902] GetForegroundWindow () returned 0x100d4 [0280.902] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0280.902] EnumProcesses (in: lpidProcess=0x28577b0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28577b0, lpcbNeeded=0x1c36f3d0) returned 1 [0280.903] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x127a0b08, ResultLength=0x1c36f370*=0xf1e8) returned 0x0 [0280.904] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0280.904] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0280.904] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="FolderView") returned 10 [0280.905] CoTaskMemFree (pv=0x1c08ac60) [0281.024] GetForegroundWindow () returned 0x10080 [0281.024] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0281.024] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0281.024] CoTaskMemFree (pv=0x1c08a630) [0281.025] GetForegroundWindow () returned 0x10080 [0281.026] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0281.026] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0281.026] CoTaskMemFree (pv=0x1c089df0) [0281.149] GetForegroundWindow () returned 0x10080 [0281.149] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0281.149] EnumProcesses (in: lpidProcess=0x28b01c0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28b01c0, lpcbNeeded=0x1c36f3e0) returned 1 [0281.150] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800fb8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12800fb8, ResultLength=0x1c36f380*=0xf198) returned 0x0 [0281.151] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0281.151] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0281.151] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0281.151] CoTaskMemFree (pv=0x1c089be0) [0281.152] GetForegroundWindow () returned 0x10080 [0281.152] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0281.153] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0281.153] CoTaskMemFree (pv=0x1c08a000) [0281.359] GetForegroundWindow () returned 0x100d4 [0281.359] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0281.359] EnumProcesses (in: lpidProcess=0x28cdeb0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28cdeb0, lpcbNeeded=0x1c36f3e0) returned 1 [0281.362] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820fe8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12820fe8, ResultLength=0x1c36f380*=0xf198) returned 0x0 [0281.363] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0281.363] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0281.363] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a210, nMaxCount=256 | out: lpString="FolderView") returned 10 [0281.364] CoTaskMemFree (pv=0x1c08a210) [0281.365] GetForegroundWindow () returned 0x10080 [0281.365] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0281.365] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0281.365] CoTaskMemFree (pv=0x1c0893a0) [0281.494] GetForegroundWindow () returned 0x10080 [0281.494] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0281.494] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0281.494] CoTaskMemFree (pv=0x1c08a630) [0281.495] GetForegroundWindow () returned 0x10080 [0281.495] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0281.495] EnumProcesses (in: lpidProcess=0x2926318, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2926318, lpcbNeeded=0x1c36f3d0) returned 1 [0281.496] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12881078, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12881078, ResultLength=0x1c36f370*=0xf198) returned 0x0 [0281.497] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0281.497] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0281.497] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0281.498] CoTaskMemFree (pv=0x1c08a210) [0281.617] GetForegroundWindow () returned 0x10080 [0281.617] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0281.617] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0281.618] CoTaskMemFree (pv=0x1c089be0) [0281.618] GetForegroundWindow () returned 0x100d4 [0281.619] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0281.619] EnumProcesses (in: lpidProcess=0x2944008, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2944008, lpcbNeeded=0x1c36f3d0) returned 1 [0281.619] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a10a8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x128a10a8, ResultLength=0x1c36f370*=0xf198) returned 0x0 [0281.620] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0281.620] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0281.620] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c088f80, nMaxCount=256 | out: lpString="FolderView") returned 10 [0281.622] CoTaskMemFree (pv=0x1c088f80) [0281.742] GetForegroundWindow () returned 0x10080 [0281.742] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0281.742] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0281.742] CoTaskMemFree (pv=0x1c08a210) [0281.743] GetForegroundWindow () returned 0x10080 [0281.743] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0281.743] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0281.743] CoTaskMemFree (pv=0x1c08ac60) [0281.853] WSASend (in: s=0x410, lpBuffers=0x1c36f260*=((len=0xc, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c36f258, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c36f258*=0xc, lpOverlapped=0x27ce1c8) returned 0 [0281.945] GetForegroundWindow () returned 0x10080 [0281.945] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0281.945] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0281.945] CoTaskMemFree (pv=0x1c08a210) [0281.946] GetForegroundWindow () returned 0x10080 [0281.946] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0281.946] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0281.946] CoTaskMemFree (pv=0x1c0899d0) [0282.070] GetForegroundWindow () returned 0x100d4 [0282.070] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0282.070] EnumProcesses (in: lpidProcess=0x27e9f90, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27e9f90, lpcbNeeded=0x1c36f3e0) returned 1 [0282.072] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129fd950, ResultLength=0x1c36f380*=0xf198) returned 0x0 [0282.080] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0282.081] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0282.081] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089190, nMaxCount=256 | out: lpString="FolderView") returned 10 [0282.081] CoTaskMemFree (pv=0x1c089190) [0282.082] GetForegroundWindow () returned 0x10080 [0282.082] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0282.082] EnumProcesses (in: lpidProcess=0x2807480, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2807480, lpcbNeeded=0x1c36f3d0) returned 1 [0282.084] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a1d980, ResultLength=0x1c36f370*=0xf198) returned 0x0 [0282.087] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0282.087] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0282.087] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0282.087] CoTaskMemFree (pv=0x1c089be0) [0282.211] GetForegroundWindow () returned 0x10080 [0282.211] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0282.211] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0282.211] CoTaskMemFree (pv=0x1c08a840) [0282.212] GetForegroundWindow () returned 0x10080 [0282.212] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0282.212] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0282.213] CoTaskMemFree (pv=0x1c0893a0) [0282.336] GetForegroundWindow () returned 0x10080 [0282.336] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0282.336] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0282.336] CoTaskMemFree (pv=0x1c088f80) [0282.337] GetForegroundWindow () returned 0x100d4 [0282.337] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0282.337] EnumProcesses (in: lpidProcess=0x2842e60, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2842e60, lpcbNeeded=0x1c36f3d0) returned 1 [0282.341] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1c36f370*=0xf0a8) returned 0x0 [0282.344] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0282.344] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0282.344] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a630, nMaxCount=256 | out: lpString="FolderView") returned 10 [0282.344] CoTaskMemFree (pv=0x1c08a630) [0282.492] GetForegroundWindow () returned 0x10080 [0282.492] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0282.492] EnumProcesses (in: lpidProcess=0x27c1558, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27c1558, lpcbNeeded=0x1c36f3e0) returned 1 [0282.493] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12700a18, ResultLength=0x1c36f380*=0xf058) returned 0x0 [0282.494] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0282.494] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0282.494] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0282.494] CoTaskMemFree (pv=0x1c08a210) [0282.495] GetForegroundWindow () returned 0x10080 [0282.495] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0282.495] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0282.495] CoTaskMemFree (pv=0x1c088f80) [0282.617] GetForegroundWindow () returned 0x10080 [0282.617] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0282.617] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0282.617] CoTaskMemFree (pv=0x1c08a210) [0282.618] GetForegroundWindow () returned 0x10080 [0282.618] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0282.618] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0282.618] CoTaskMemFree (pv=0x1c0893a0) [0282.742] GetForegroundWindow () returned 0x100d4 [0282.742] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0282.742] EnumProcesses (in: lpidProcess=0x27fca80, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27fca80, lpcbNeeded=0x1c36f3e0) returned 1 [0282.743] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12740a78, ResultLength=0x1c36f380*=0xf058) returned 0x0 [0282.744] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0282.744] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0282.744] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0282.744] CoTaskMemFree (pv=0x1c08aa50) [0282.745] GetForegroundWindow () returned 0x10080 [0282.746] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0282.746] EnumProcesses (in: lpidProcess=0x2819910, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2819910, lpcbNeeded=0x1c36f3d0) returned 1 [0282.746] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12760aa8, ResultLength=0x1c36f370*=0xf058) returned 0x0 [0282.747] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0282.747] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0282.747] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0282.747] CoTaskMemFree (pv=0x1c08a840) [0282.869] GetForegroundWindow () returned 0x10080 [0282.869] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0282.869] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0282.869] CoTaskMemFree (pv=0x1c089190) [0282.870] GetForegroundWindow () returned 0x10080 [0282.870] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0282.870] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0282.870] CoTaskMemFree (pv=0x1c08aa50) [0282.993] GetForegroundWindow () returned 0x10080 [0282.994] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0282.994] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0282.994] CoTaskMemFree (pv=0x1c0895b0) [0282.995] GetForegroundWindow () returned 0x100d4 [0282.995] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0282.995] EnumProcesses (in: lpidProcess=0x28546a8, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28546a8, lpcbNeeded=0x1c36f3d0) returned 1 [0282.996] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x127a0b08, ResultLength=0x1c36f370*=0xf058) returned 0x0 [0282.997] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0282.997] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0282.997] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a630, nMaxCount=256 | out: lpString="FolderView") returned 10 [0282.997] CoTaskMemFree (pv=0x1c08a630) [0283.117] GetForegroundWindow () returned 0x10080 [0283.118] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0283.118] EnumProcesses (in: lpidProcess=0x28ab248, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28ab248, lpcbNeeded=0x1c36f3e0) returned 1 [0283.119] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800fb8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12800fb8, ResultLength=0x1c36f380*=0xf058) returned 0x0 [0283.119] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0283.120] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0283.120] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0283.120] CoTaskMemFree (pv=0x1c08aa50) [0283.121] GetForegroundWindow () returned 0x10080 [0283.121] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0283.121] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0283.121] CoTaskMemFree (pv=0x1c08a210) [0283.295] GetForegroundWindow () returned 0x10080 [0283.295] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0283.295] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0283.295] CoTaskMemFree (pv=0x1c08a000) [0283.296] GetForegroundWindow () returned 0x10080 [0283.296] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0283.297] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0283.297] CoTaskMemFree (pv=0x1c08a840) [0283.430] GetForegroundWindow () returned 0x100d4 [0283.430] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0283.430] EnumProcesses (in: lpidProcess=0x28e5f78, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28e5f78, lpcbNeeded=0x1c36f3e0) returned 1 [0283.431] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12841018, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12841018, ResultLength=0x1c36f380*=0xf058) returned 0x0 [0283.431] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0283.432] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0283.432] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a420, nMaxCount=256 | out: lpString="FolderView") returned 10 [0283.432] CoTaskMemFree (pv=0x1c08a420) [0283.433] GetLastInputInfo (in: plii=0x1c36f500 | out: plii=0x1c36f500*(cbSize=0x8, dwTime=0x209e9)) returned 1 [0283.433] GetForegroundWindow () returned 0x10080 [0283.433] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0283.434] EnumProcesses (in: lpidProcess=0x2902e50, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2902e50, lpcbNeeded=0x1c36f3d0) returned 1 [0283.434] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12861048, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12861048, ResultLength=0x1c36f370*=0xf058) returned 0x0 [0283.441] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0283.441] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0283.441] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0283.441] CoTaskMemFree (pv=0x1c089be0) [0283.570] GetForegroundWindow () returned 0x10080 [0283.570] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0283.570] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0283.571] CoTaskMemFree (pv=0x1c08a630) [0283.572] GetForegroundWindow () returned 0x10080 [0283.572] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0283.572] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0283.572] CoTaskMemFree (pv=0x1c0895b0) [0283.695] GetForegroundWindow () returned 0x10080 [0283.695] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0283.695] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0283.696] CoTaskMemFree (pv=0x1c089df0) [0283.697] GetForegroundWindow () returned 0x100d4 [0283.697] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0283.697] EnumProcesses (in: lpidProcess=0x293db70, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x293db70, lpcbNeeded=0x1c36f3d0) returned 1 [0283.698] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a10a8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x128a10a8, ResultLength=0x1c36f370*=0xf058) returned 0x0 [0283.698] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0283.699] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0283.699] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0283.699] CoTaskMemFree (pv=0x1c0899d0) [0283.820] GetForegroundWindow () returned 0x10080 [0283.820] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0283.820] EnumProcesses (in: lpidProcess=0x2994710, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2994710, lpcbNeeded=0x1c36f3e0) returned 1 [0283.822] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129bd8f0, ResultLength=0x1c36f380*=0xf058) returned 0x0 [0283.840] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0283.840] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0283.840] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0283.840] CoTaskMemFree (pv=0x1c0899d0) [0283.842] GetForegroundWindow () returned 0x10080 [0283.842] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0283.842] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0283.842] CoTaskMemFree (pv=0x1c0895b0) [0283.961] GetForegroundWindow () returned 0x10080 [0283.961] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0283.961] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0283.961] CoTaskMemFree (pv=0x1c088f80) [0283.962] GetForegroundWindow () returned 0x10080 [0283.962] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0283.963] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0283.963] CoTaskMemFree (pv=0x1c0899d0) [0284.086] GetForegroundWindow () returned 0x100d4 [0284.086] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0284.086] EnumProcesses (in: lpidProcess=0x27e4378, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27e4378, lpcbNeeded=0x1c36f3e0) returned 1 [0284.087] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129fd950, ResultLength=0x1c36f380*=0xf058) returned 0x0 [0284.090] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0284.090] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0284.090] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a630, nMaxCount=256 | out: lpString="FolderView") returned 10 [0284.090] CoTaskMemFree (pv=0x1c08a630) [0284.091] GetForegroundWindow () returned 0x10080 [0284.092] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0284.092] EnumProcesses (in: lpidProcess=0x2801208, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2801208, lpcbNeeded=0x1c36f3d0) returned 1 [0284.093] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a1d980, ResultLength=0x1c36f370*=0xf058) returned 0x0 [0284.095] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0284.096] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0284.096] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0284.096] CoTaskMemFree (pv=0x1c089df0) [0284.211] GetForegroundWindow () returned 0x10080 [0284.211] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0284.211] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0284.211] CoTaskMemFree (pv=0x1c0897c0) [0284.212] GetForegroundWindow () returned 0x10080 [0284.213] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0284.213] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0284.213] CoTaskMemFree (pv=0x1c0895b0) [0284.398] GetForegroundWindow () returned 0x10080 [0284.399] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0284.399] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0284.399] CoTaskMemFree (pv=0x1c0897c0) [0284.400] GetForegroundWindow () returned 0x100d4 [0284.400] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0284.400] EnumProcesses (in: lpidProcess=0x283bf28, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x283bf28, lpcbNeeded=0x1c36f3d0) returned 1 [0284.402] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1c36f370*=0xf058) returned 0x0 [0284.405] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0284.405] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0284.406] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a210, nMaxCount=256 | out: lpString="FolderView") returned 10 [0284.406] CoTaskMemFree (pv=0x1c08a210) [0284.539] GetForegroundWindow () returned 0x10080 [0284.539] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0284.539] EnumProcesses (in: lpidProcess=0x27c1558, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27c1558, lpcbNeeded=0x1c36f3e0) returned 1 [0284.540] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12700a18, ResultLength=0x1c36f380*=0xf058) returned 0x0 [0284.541] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0284.541] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0284.541] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0284.541] CoTaskMemFree (pv=0x1c08aa50) [0284.543] GetForegroundWindow () returned 0x10080 [0284.543] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0284.543] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0284.543] CoTaskMemFree (pv=0x1c08aa50) [0284.680] GetForegroundWindow () returned 0x10080 [0284.680] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0284.680] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0284.680] CoTaskMemFree (pv=0x1c089be0) [0284.681] GetForegroundWindow () returned 0x10080 [0284.681] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0284.681] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0284.682] CoTaskMemFree (pv=0x1c08ac60) [0284.805] GetForegroundWindow () returned 0x100d4 [0284.805] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0284.805] EnumProcesses (in: lpidProcess=0x27fca68, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27fca68, lpcbNeeded=0x1c36f3e0) returned 1 [0284.806] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12740a78, ResultLength=0x1c36f380*=0xf058) returned 0x0 [0284.807] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0284.807] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0284.807] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0284.807] CoTaskMemFree (pv=0x1c08aa50) [0284.808] GetForegroundWindow () returned 0x10080 [0284.808] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0284.809] EnumProcesses (in: lpidProcess=0x28198f8, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28198f8, lpcbNeeded=0x1c36f3d0) returned 1 [0284.809] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12760aa8, ResultLength=0x1c36f370*=0xf058) returned 0x0 [0284.810] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0284.810] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0284.810] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0284.810] CoTaskMemFree (pv=0x1c089df0) [0284.992] GetForegroundWindow () returned 0x10080 [0284.992] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0284.992] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0284.993] CoTaskMemFree (pv=0x1c0895b0) [0284.994] GetForegroundWindow () returned 0x10080 [0284.994] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0284.994] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0284.994] CoTaskMemFree (pv=0x1c0897c0) [0285.117] GetForegroundWindow () returned 0x10080 [0285.117] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0285.117] EnumProcesses (in: lpidProcess=0x2871520, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2871520, lpcbNeeded=0x1c36f3e0) returned 1 [0285.118] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x127c0b38, ResultLength=0x1c36f380*=0xf058) returned 0x0 [0285.126] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0285.126] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0285.126] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0285.127] CoTaskMemFree (pv=0x1c0893a0) [0285.128] GetForegroundWindow () returned 0x100d4 [0285.128] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0285.128] EnumProcesses (in: lpidProcess=0x288e3a0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x288e3a0, lpcbNeeded=0x1c36f3d0) returned 1 [0285.129] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x127e0b68, ResultLength=0x1c36f370*=0xf058) returned 0x0 [0285.130] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0285.130] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0285.130] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a630, nMaxCount=256 | out: lpString="FolderView") returned 10 [0285.130] CoTaskMemFree (pv=0x1c08a630) [0285.473] GetForegroundWindow () returned 0x10080 [0285.473] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0285.473] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0285.475] CoTaskMemFree (pv=0x1c08a000) [0285.478] GetLastInputInfo (in: plii=0x1c36f500 | out: plii=0x1c36f500*(cbSize=0x8, dwTime=0x209e9)) returned 1 [0285.480] GetForegroundWindow () returned 0x10080 [0285.480] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0285.480] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0285.481] CoTaskMemFree (pv=0x1c0899d0) [0285.615] GetForegroundWindow () returned 0x10080 [0285.615] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0285.615] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0285.615] CoTaskMemFree (pv=0x1c0895b0) [0285.617] GetForegroundWindow () returned 0x10080 [0285.617] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0285.617] EnumProcesses (in: lpidProcess=0x28e5f70, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28e5f70, lpcbNeeded=0x1c36f3d0) returned 1 [0285.618] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12841018, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12841018, ResultLength=0x1c36f370*=0xf058) returned 0x0 [0285.626] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0285.627] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0285.627] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0285.627] CoTaskMemFree (pv=0x1c08a420) [0285.754] GetForegroundWindow () returned 0x100d4 [0285.755] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0285.755] EnumProcesses (in: lpidProcess=0x2903350, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2903350, lpcbNeeded=0x1c36f3e0) returned 1 [0285.756] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12861048, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12861048, ResultLength=0x1c36f380*=0xf058) returned 0x0 [0285.757] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0285.757] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0285.757] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="FolderView") returned 10 [0285.757] CoTaskMemFree (pv=0x1c08ac60) [0285.758] GetForegroundWindow () returned 0x10080 [0285.758] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0285.758] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0285.758] CoTaskMemFree (pv=0x1c0899d0) [0285.878] GetForegroundWindow () returned 0x10080 [0285.878] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0285.878] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0285.879] CoTaskMemFree (pv=0x1c088f80) [0285.880] GetForegroundWindow () returned 0x10080 [0285.880] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0285.880] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0285.880] CoTaskMemFree (pv=0x1c0895b0) [0285.941] GetForegroundWindow () returned 0x10080 [0285.941] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0285.941] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0285.941] CoTaskMemFree (pv=0x1c08a000) [0285.944] GetForegroundWindow () returned 0x100d4 [0285.945] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0285.945] EnumProcesses (in: lpidProcess=0x293de48, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x293de48, lpcbNeeded=0x1c36f3d0) returned 1 [0285.945] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a10a8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x128a10a8, ResultLength=0x1c36f370*=0xf058) returned 0x0 [0285.946] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0285.946] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0285.946] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0285.947] CoTaskMemFree (pv=0x1c0897c0) [0286.066] GetForegroundWindow () returned 0x10080 [0286.066] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0286.066] EnumProcesses (in: lpidProcess=0x29949e8, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x29949e8, lpcbNeeded=0x1c36f3e0) returned 1 [0286.068] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129bd8f0, ResultLength=0x1c36f380*=0xf058) returned 0x0 [0286.083] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0286.084] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0286.084] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0286.084] CoTaskMemFree (pv=0x1c089190) [0286.085] GetForegroundWindow () returned 0x10080 [0286.085] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0286.085] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0286.085] CoTaskMemFree (pv=0x1c08ac60) [0286.206] GetForegroundWindow () returned 0x10080 [0286.207] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0286.207] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0286.207] CoTaskMemFree (pv=0x1c089190) [0286.208] GetForegroundWindow () returned 0x10080 [0286.208] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0286.208] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0286.208] CoTaskMemFree (pv=0x1c089190) [0286.469] GetForegroundWindow () returned 0x100d4 [0286.469] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0286.470] EnumProcesses (in: lpidProcess=0x27e45a0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27e45a0, lpcbNeeded=0x1c36f3e0) returned 1 [0286.471] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129fd950, ResultLength=0x1c36f380*=0xf058) returned 0x0 [0286.474] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0286.474] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0286.475] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="FolderView") returned 10 [0286.475] CoTaskMemFree (pv=0x1c08ac60) [0286.476] GetForegroundWindow () returned 0x10080 [0286.476] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0286.476] EnumProcesses (in: lpidProcess=0x2801430, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2801430, lpcbNeeded=0x1c36f3d0) returned 1 [0286.478] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a1d980, ResultLength=0x1c36f370*=0xf058) returned 0x0 [0286.481] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0286.481] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0286.481] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0286.481] CoTaskMemFree (pv=0x1c0897c0) [0286.623] GetForegroundWindow () returned 0x10080 [0286.624] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0286.624] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0286.624] CoTaskMemFree (pv=0x1c089be0) [0286.625] GetForegroundWindow () returned 0x10080 [0286.625] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0286.625] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0286.625] CoTaskMemFree (pv=0x1c08a840) [0286.741] GetForegroundWindow () returned 0x10080 [0286.741] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0286.741] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0286.741] CoTaskMemFree (pv=0x1c0899d0) [0286.743] GetForegroundWindow () returned 0x100d4 [0286.743] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0286.743] EnumProcesses (in: lpidProcess=0x283c150, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x283c150, lpcbNeeded=0x1c36f3d0) returned 1 [0286.745] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1c36f370*=0xf058) returned 0x0 [0286.748] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0286.748] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0286.748] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0286.749] CoTaskMemFree (pv=0x1c0899d0) [0286.881] GetForegroundWindow () returned 0x10080 [0286.881] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0286.881] EnumProcesses (in: lpidProcess=0x27c1548, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27c1548, lpcbNeeded=0x1c36f3e0) returned 1 [0286.883] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12700a18, ResultLength=0x1c36f380*=0xf058) returned 0x0 [0286.883] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0286.884] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0286.884] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0286.884] CoTaskMemFree (pv=0x1c089190) [0286.885] GetForegroundWindow () returned 0x10080 [0286.885] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0286.885] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0286.885] CoTaskMemFree (pv=0x1c08a000) [0287.006] GetForegroundWindow () returned 0x10080 [0287.006] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0287.006] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0287.007] CoTaskMemFree (pv=0x1c08a000) [0287.008] GetForegroundWindow () returned 0x10080 [0287.008] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0287.008] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0287.008] CoTaskMemFree (pv=0x1c08aa50) [0287.131] GetForegroundWindow () returned 0x100d4 [0287.131] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0287.132] EnumProcesses (in: lpidProcess=0x27fcc30, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27fcc30, lpcbNeeded=0x1c36f3e0) returned 1 [0287.133] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12740a78, ResultLength=0x1c36f380*=0xf058) returned 0x0 [0287.133] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0287.133] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0287.133] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0287.134] CoTaskMemFree (pv=0x1c0893a0) [0287.135] GetForegroundWindow () returned 0x10080 [0287.135] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0287.135] EnumProcesses (in: lpidProcess=0x2819ac0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2819ac0, lpcbNeeded=0x1c36f3d0) returned 1 [0287.136] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12760aa8, ResultLength=0x1c36f370*=0xf058) returned 0x0 [0287.136] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0287.136] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0287.136] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0287.137] CoTaskMemFree (pv=0x1c089df0) [0287.256] GetForegroundWindow () returned 0x10080 [0287.256] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0287.256] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0287.257] CoTaskMemFree (pv=0x1c08aa50) [0287.258] GetForegroundWindow () returned 0x10080 [0287.258] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0287.258] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0287.258] CoTaskMemFree (pv=0x1c089df0) [0287.475] GetForegroundWindow () returned 0x10080 [0287.475] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0287.475] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0287.476] CoTaskMemFree (pv=0x1c0897c0) [0287.477] GetLastInputInfo (in: plii=0x1c36f500 | out: plii=0x1c36f500*(cbSize=0x8, dwTime=0x209e9)) returned 1 [0287.478] GetForegroundWindow () returned 0x100d4 [0287.478] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0287.478] EnumProcesses (in: lpidProcess=0x2854828, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2854828, lpcbNeeded=0x1c36f3d0) returned 1 [0287.479] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x127a0b08, ResultLength=0x1c36f370*=0xf058) returned 0x0 [0287.486] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0287.486] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0287.486] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a000, nMaxCount=256 | out: lpString="FolderView") returned 10 [0287.487] CoTaskMemFree (pv=0x1c08a000) [0287.626] GetForegroundWindow () returned 0x10080 [0287.626] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0287.626] EnumProcesses (in: lpidProcess=0x28ab3c8, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28ab3c8, lpcbNeeded=0x1c36f3e0) returned 1 [0287.627] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800fb8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12800fb8, ResultLength=0x1c36f380*=0xf058) returned 0x0 [0287.628] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0287.628] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0287.628] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0287.628] CoTaskMemFree (pv=0x1c08a210) [0287.630] GetForegroundWindow () returned 0x10080 [0287.630] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0287.630] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0287.630] CoTaskMemFree (pv=0x1c089be0) [0287.756] GetForegroundWindow () returned 0x10080 [0287.756] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0287.756] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0287.756] CoTaskMemFree (pv=0x1c08a000) [0287.757] GetForegroundWindow () returned 0x10080 [0287.757] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0287.757] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0287.758] CoTaskMemFree (pv=0x1c089190) [0287.881] GetForegroundWindow () returned 0x100d4 [0287.881] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0287.882] EnumProcesses (in: lpidProcess=0x28e60f8, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28e60f8, lpcbNeeded=0x1c36f3e0) returned 1 [0287.882] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12841018, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12841018, ResultLength=0x1c36f380*=0xf058) returned 0x0 [0287.883] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0287.883] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0287.883] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a420, nMaxCount=256 | out: lpString="FolderView") returned 10 [0287.883] CoTaskMemFree (pv=0x1c08a420) [0287.885] GetForegroundWindow () returned 0x10080 [0287.885] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0287.885] EnumProcesses (in: lpidProcess=0x2902f88, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2902f88, lpcbNeeded=0x1c36f3d0) returned 1 [0287.885] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12861048, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12861048, ResultLength=0x1c36f370*=0xf058) returned 0x0 [0287.886] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0287.886] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0287.886] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0287.886] CoTaskMemFree (pv=0x1c088f80) [0288.007] GetForegroundWindow () returned 0x10080 [0288.007] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0288.007] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0288.007] CoTaskMemFree (pv=0x1c08a630) [0288.008] GetForegroundWindow () returned 0x10080 [0288.009] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0288.009] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0288.009] CoTaskMemFree (pv=0x1c089df0) [0288.132] GetForegroundWindow () returned 0x10080 [0288.132] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0288.132] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0288.132] CoTaskMemFree (pv=0x1c089190) [0288.133] GetForegroundWindow () returned 0x100d4 [0288.133] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0288.134] EnumProcesses (in: lpidProcess=0x293dd20, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x293dd20, lpcbNeeded=0x1c36f3d0) returned 1 [0288.134] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a10a8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x128a10a8, ResultLength=0x1c36f370*=0xf058) returned 0x0 [0288.135] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0288.135] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0288.135] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0288.136] CoTaskMemFree (pv=0x1c0897c0) [0288.257] GetForegroundWindow () returned 0x10080 [0288.257] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0288.257] EnumProcesses (in: lpidProcess=0x29948c0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x29948c0, lpcbNeeded=0x1c36f3e0) returned 1 [0288.259] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129bd8f0, ResultLength=0x1c36f380*=0xf058) returned 0x0 [0288.432] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0288.432] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0288.432] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0288.432] CoTaskMemFree (pv=0x1c08a840) [0288.433] GetForegroundWindow () returned 0x10080 [0288.433] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0288.433] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0288.434] CoTaskMemFree (pv=0x1c08ac60) [0288.554] GetForegroundWindow () returned 0x10080 [0288.554] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0288.554] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0288.554] CoTaskMemFree (pv=0x1c08a840) [0288.555] GetForegroundWindow () returned 0x10080 [0288.556] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0288.556] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0288.556] CoTaskMemFree (pv=0x1c08a420) [0288.710] GetForegroundWindow () returned 0x100d4 [0288.710] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0288.710] EnumProcesses (in: lpidProcess=0x27e45a0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27e45a0, lpcbNeeded=0x1c36f3e0) returned 1 [0288.712] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129fd950, ResultLength=0x1c36f380*=0xf0a8) returned 0x0 [0288.715] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0288.715] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0288.715] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0288.715] CoTaskMemFree (pv=0x1c0895b0) [0288.716] GetForegroundWindow () returned 0x10080 [0288.717] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0288.717] EnumProcesses (in: lpidProcess=0x28014c0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28014c0, lpcbNeeded=0x1c36f3d0) returned 1 [0288.718] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a1d980, ResultLength=0x1c36f370*=0xf0a8) returned 0x0 [0288.721] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0288.721] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0288.721] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0288.721] CoTaskMemFree (pv=0x1c08a210) [0288.890] GetForegroundWindow () returned 0x10080 [0288.890] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0288.890] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0288.890] CoTaskMemFree (pv=0x1c08aa50) [0288.891] GetForegroundWindow () returned 0x10080 [0288.891] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0288.891] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0288.891] CoTaskMemFree (pv=0x1c0893a0) [0289.392] GetForegroundWindow () returned 0x10080 [0289.392] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0289.392] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0289.392] CoTaskMemFree (pv=0x1c08a000) [0289.393] GetForegroundWindow () returned 0x100d4 [0289.393] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0289.394] EnumProcesses (in: lpidProcess=0x283c378, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x283c378, lpcbNeeded=0x1c36f3d0) returned 1 [0289.396] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1c36f370*=0xf198) returned 0x0 [0289.399] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0289.399] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0289.399] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0289.399] CoTaskMemFree (pv=0x1c0893a0) [0289.536] GetForegroundWindow () returned 0x10080 [0289.537] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0289.537] EnumProcesses (in: lpidProcess=0x27c1a68, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27c1a68, lpcbNeeded=0x1c36f3e0) returned 1 [0289.538] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12700a18, ResultLength=0x1c36f380*=0xf2d8) returned 0x0 [0289.539] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0289.539] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0289.539] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0289.539] CoTaskMemFree (pv=0x1c08a420) [0289.540] GetLastInputInfo (in: plii=0x1c36f500 | out: plii=0x1c36f500*(cbSize=0x8, dwTime=0x209e9)) returned 1 [0289.541] GetForegroundWindow () returned 0x10080 [0289.541] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0289.541] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0289.541] CoTaskMemFree (pv=0x1c089df0) [0290.376] GetForegroundWindow () returned 0x10080 [0290.376] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0290.376] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0290.376] CoTaskMemFree (pv=0x1c0895b0) [0290.377] GetForegroundWindow () returned 0x10080 [0290.377] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0290.377] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0290.377] CoTaskMemFree (pv=0x1c08a000) [0290.501] GetForegroundWindow () returned 0x100d4 [0290.501] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0290.502] EnumProcesses (in: lpidProcess=0x27fdcd0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27fdcd0, lpcbNeeded=0x1c36f3e0) returned 1 [0290.502] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12740a78, ResultLength=0x1c36f380*=0xf2d8) returned 0x0 [0290.509] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0290.509] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0290.509] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0290.509] CoTaskMemFree (pv=0x1c08aa50) [0290.510] GetForegroundWindow () returned 0x10080 [0290.510] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0290.510] EnumProcesses (in: lpidProcess=0x281b080, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x281b080, lpcbNeeded=0x1c36f3d0) returned 1 [0290.513] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12760aa8, ResultLength=0x1c36f370*=0xf2d8) returned 0x0 [0290.513] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0290.514] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0290.514] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0290.514] CoTaskMemFree (pv=0x1c089df0) [0290.665] GetForegroundWindow () returned 0x10080 [0290.665] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0290.665] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0290.665] CoTaskMemFree (pv=0x1c089df0) [0290.666] GetForegroundWindow () returned 0x10080 [0290.667] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0290.667] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0290.667] CoTaskMemFree (pv=0x1c08a210) [0290.797] GetForegroundWindow () returned 0x10080 [0290.797] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0290.797] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0290.797] CoTaskMemFree (pv=0x1c089190) [0290.798] GetForegroundWindow () returned 0x100d4 [0290.798] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0290.799] EnumProcesses (in: lpidProcess=0x28567e0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28567e0, lpcbNeeded=0x1c36f3d0) returned 1 [0290.807] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x127a0b08, ResultLength=0x1c36f370*=0xf2d8) returned 0x0 [0290.808] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0290.809] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0290.809] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a630, nMaxCount=256 | out: lpString="FolderView") returned 10 [0290.809] CoTaskMemFree (pv=0x1c08a630) [0291.189] GetForegroundWindow () returned 0x10080 [0291.189] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0291.189] EnumProcesses (in: lpidProcess=0x28ae958, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28ae958, lpcbNeeded=0x1c36f3e0) returned 1 [0291.190] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800fb8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12800fb8, ResultLength=0x1c36f380*=0xf2d8) returned 0x0 [0291.191] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0291.191] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0291.191] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0291.191] CoTaskMemFree (pv=0x1c088f80) [0291.192] GetForegroundWindow () returned 0x10080 [0291.193] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0291.193] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0291.193] CoTaskMemFree (pv=0x1c0893a0) [0292.065] WSASend (in: s=0x410, lpBuffers=0x1c36f260*=((len=0xc, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c36f258, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c36f258*=0xc, lpOverlapped=0x27ce1c8) returned 0 [0292.067] GetForegroundWindow () returned 0x10080 [0292.067] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0292.067] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0292.067] CoTaskMemFree (pv=0x1c089df0) [0292.068] GetLastInputInfo (in: plii=0x1c36f500 | out: plii=0x1c36f500*(cbSize=0x8, dwTime=0x22f92)) returned 1 [0292.069] GetForegroundWindow () returned 0x10080 [0292.069] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0292.069] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0292.069] CoTaskMemFree (pv=0x1c08ac60) [0292.393] GetForegroundWindow () returned 0x100d4 [0292.393] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0292.393] EnumProcesses (in: lpidProcess=0x28ea128, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28ea128, lpcbNeeded=0x1c36f3e0) returned 1 [0292.394] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12841018, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12841018, ResultLength=0x1c36f380*=0xf1e8) returned 0x0 [0292.401] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0292.401] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0292.401] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c088f80, nMaxCount=256 | out: lpString="FolderView") returned 10 [0292.401] CoTaskMemFree (pv=0x1c088f80) [0292.402] GetForegroundWindow () returned 0x10080 [0292.402] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0292.402] EnumProcesses (in: lpidProcess=0x2907328, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2907328, lpcbNeeded=0x1c36f3d0) returned 1 [0292.403] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12861048, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12861048, ResultLength=0x1c36f370*=0xf1e8) returned 0x0 [0292.404] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0292.404] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0292.404] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0292.404] CoTaskMemFree (pv=0x1c08ac60) [0292.531] GetForegroundWindow () returned 0x10080 [0292.531] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0292.532] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0292.532] CoTaskMemFree (pv=0x1c08a420) [0292.533] GetForegroundWindow () returned 0x10080 [0292.533] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0292.533] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0292.534] CoTaskMemFree (pv=0x1c089be0) [0292.667] GetForegroundWindow () returned 0x10080 [0292.668] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0292.668] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0292.668] CoTaskMemFree (pv=0x1c0899d0) [0292.669] GetForegroundWindow () returned 0x100d4 [0292.669] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0292.669] EnumProcesses (in: lpidProcess=0x2942728, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2942728, lpcbNeeded=0x1c36f3d0) returned 1 [0292.670] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a10a8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x128a10a8, ResultLength=0x1c36f370*=0xf1e8) returned 0x0 [0292.671] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0292.671] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0292.672] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0292.672] CoTaskMemFree (pv=0x1c08aa50) [0292.800] GetForegroundWindow () returned 0x10080 [0292.800] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0292.800] EnumProcesses (in: lpidProcess=0x2999d18, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2999d18, lpcbNeeded=0x1c36f3e0) returned 1 [0292.804] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129bd8f0, ResultLength=0x1c36f380*=0xf1e8) returned 0x0 [0292.822] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0292.822] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0292.822] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0292.823] CoTaskMemFree (pv=0x1c08aa50) [0292.824] GetForegroundWindow () returned 0x10080 [0292.824] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0292.824] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0292.824] CoTaskMemFree (pv=0x1c08aa50) [0292.953] GetForegroundWindow () returned 0x10080 [0292.953] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0292.953] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0292.953] CoTaskMemFree (pv=0x1c0899d0) [0292.954] GetForegroundWindow () returned 0x10080 [0292.954] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0292.954] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0292.955] CoTaskMemFree (pv=0x1c0893a0) [0293.157] GetForegroundWindow () returned 0x100d4 [0293.158] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0293.158] EnumProcesses (in: lpidProcess=0x2805648, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2805648, lpcbNeeded=0x1c36f3e0) returned 1 [0293.161] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12a1d980, ResultLength=0x1c36f380*=0xf1e8) returned 0x0 [0293.164] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0293.165] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0293.165] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0293.165] CoTaskMemFree (pv=0x1c08aa50) [0293.166] GetForegroundWindow () returned 0x10080 [0293.166] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0293.166] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0293.167] CoTaskMemFree (pv=0x1c088f80) [0293.448] GetForegroundWindow () returned 0x10080 [0293.448] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0293.448] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0293.448] CoTaskMemFree (pv=0x1c0893a0) [0293.450] GetForegroundWindow () returned 0x10080 [0293.450] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0293.450] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0293.450] CoTaskMemFree (pv=0x1c0895b0) [0293.581] GetForegroundWindow () returned 0x10080 [0293.581] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0293.581] EnumProcesses (in: lpidProcess=0x285d918, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x285d918, lpcbNeeded=0x1c36f3e0) returned 1 [0293.583] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7da10, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12a7da10, ResultLength=0x1c36f380*=0xf198) returned 0x0 [0293.586] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0293.586] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0293.586] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0293.587] CoTaskMemFree (pv=0x1c0895b0) [0293.588] GetForegroundWindow () returned 0x100d4 [0293.588] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0293.588] EnumProcesses (in: lpidProcess=0x287aa78, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x287aa78, lpcbNeeded=0x1c36f3d0) returned 1 [0293.607] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x126b6e90, ResultLength=0x1c36f370*=0xf198) returned 0x0 [0293.614] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0293.614] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0293.614] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089df0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0293.615] CoTaskMemFree (pv=0x1c089df0) [0293.734] GetForegroundWindow () returned 0x10080 [0293.734] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0293.734] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0293.735] CoTaskMemFree (pv=0x1c0895b0) [0293.736] GetForegroundWindow () returned 0x10080 [0293.736] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0293.736] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0293.736] CoTaskMemFree (pv=0x1c0899d0) [0293.875] GetForegroundWindow () returned 0x10080 [0293.875] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0293.875] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0293.875] CoTaskMemFree (pv=0x1c08a420) [0293.877] GetForegroundWindow () returned 0x10080 [0293.877] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0293.877] EnumProcesses (in: lpidProcess=0x27fcec8, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27fcec8, lpcbNeeded=0x1c36f3d0) returned 1 [0293.878] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12740a78, ResultLength=0x1c36f370*=0xf198) returned 0x0 [0293.879] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0293.879] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0293.879] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0293.879] CoTaskMemFree (pv=0x1c089190) [0294.000] GetForegroundWindow () returned 0x100d4 [0294.000] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0294.000] EnumProcesses (in: lpidProcess=0x281a588, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x281a588, lpcbNeeded=0x1c36f3e0) returned 1 [0294.001] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12760aa8, ResultLength=0x1c36f380*=0xf148) returned 0x0 [0294.002] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0294.002] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0294.002] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="FolderView") returned 10 [0294.003] CoTaskMemFree (pv=0x1c08ac60) [0294.004] GetForegroundWindow () returned 0x10080 [0294.004] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0294.004] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0294.004] CoTaskMemFree (pv=0x1c08a210) [0294.125] GetForegroundWindow () returned 0x10080 [0294.125] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0294.125] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0294.125] CoTaskMemFree (pv=0x1c08aa50) [0294.126] GetForegroundWindow () returned 0x10080 [0294.126] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0294.126] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0294.127] CoTaskMemFree (pv=0x1c08ac60) [0294.328] GetForegroundWindow () returned 0x10080 [0294.328] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0294.328] EnumProcesses (in: lpidProcess=0x2872648, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2872648, lpcbNeeded=0x1c36f3e0) returned 1 [0294.330] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x127c0b38, ResultLength=0x1c36f380*=0xf148) returned 0x0 [0294.330] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0294.331] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0294.331] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0294.331] CoTaskMemFree (pv=0x1c08aa50) [0294.332] GetForegroundWindow () returned 0x100d4 [0294.332] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0294.332] EnumProcesses (in: lpidProcess=0x288f718, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x288f718, lpcbNeeded=0x1c36f3d0) returned 1 [0294.334] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x127e0b68, ResultLength=0x1c36f370*=0xf148) returned 0x0 [0294.334] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0294.335] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0294.335] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0294.335] CoTaskMemFree (pv=0x1c0893a0) [0294.463] GetForegroundWindow () returned 0x10080 [0294.463] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0294.463] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0294.464] CoTaskMemFree (pv=0x1c08a210) [0294.465] GetForegroundWindow () returned 0x10080 [0294.465] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0294.465] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0294.465] CoTaskMemFree (pv=0x1c08aa50) [0294.594] GetForegroundWindow () returned 0x10080 [0294.594] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0294.594] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0294.594] CoTaskMemFree (pv=0x1c089be0) [0294.595] GetForegroundWindow () returned 0x10080 [0294.595] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0294.596] EnumProcesses (in: lpidProcess=0x28e75f8, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28e75f8, lpcbNeeded=0x1c36f3d0) returned 1 [0294.598] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12841018, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12841018, ResultLength=0x1c36f370*=0xf0f8) returned 0x0 [0294.599] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0294.599] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0294.599] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0294.599] CoTaskMemFree (pv=0x1c089190) [0294.719] GetForegroundWindow () returned 0x100d4 [0294.719] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0294.719] EnumProcesses (in: lpidProcess=0x2904b98, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2904b98, lpcbNeeded=0x1c36f3e0) returned 1 [0294.722] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12861048, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12861048, ResultLength=0x1c36f380*=0xf0f8) returned 0x0 [0294.722] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0294.723] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0294.723] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a210, nMaxCount=256 | out: lpString="FolderView") returned 10 [0294.723] CoTaskMemFree (pv=0x1c08a210) [0294.724] GetForegroundWindow () returned 0x10080 [0294.724] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0294.724] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0294.724] CoTaskMemFree (pv=0x1c0893a0) [0294.844] GetForegroundWindow () returned 0x10080 [0294.844] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0294.844] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0294.844] CoTaskMemFree (pv=0x1c08a420) [0294.845] GetForegroundWindow () returned 0x10080 [0294.846] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0294.846] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0294.846] CoTaskMemFree (pv=0x1c08ac60) [0295.094] GetForegroundWindow () returned 0x10080 [0295.094] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0295.095] EnumProcesses (in: lpidProcess=0x295f2e0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x295f2e0, lpcbNeeded=0x1c36f3e0) returned 1 [0295.096] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c10d8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x128c10d8, ResultLength=0x1c36f380*=0xf008) returned 0x0 [0295.104] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0295.104] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0295.104] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0295.105] CoTaskMemFree (pv=0x1c089be0) [0295.105] GetForegroundWindow () returned 0x100d4 [0295.105] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0295.106] EnumProcesses (in: lpidProcess=0x297c170, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x297c170, lpcbNeeded=0x1c36f3d0) returned 1 [0295.107] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x1299d8c0, ResultLength=0x1c36f370*=0xf008) returned 0x0 [0295.108] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0295.108] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0295.108] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0295.108] CoTaskMemFree (pv=0x1c0893a0) [0295.250] GetForegroundWindow () returned 0x10080 [0295.252] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0295.252] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0295.252] CoTaskMemFree (pv=0x1c08aa50) [0295.261] GetForegroundWindow () returned 0x10080 [0295.261] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0295.261] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0295.262] CoTaskMemFree (pv=0x1c08aa50) [0295.390] GetForegroundWindow () returned 0x10080 [0295.391] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0295.391] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0295.391] CoTaskMemFree (pv=0x1c089df0) [0295.392] GetForegroundWindow () returned 0x10080 [0295.392] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0295.392] EnumProcesses (in: lpidProcess=0x27e71b0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27e71b0, lpcbNeeded=0x1c36f3d0) returned 1 [0295.394] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x129fd950, ResultLength=0x1c36f370*=0xf0a8) returned 0x0 [0295.403] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0295.404] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0295.404] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0295.404] CoTaskMemFree (pv=0x1c089be0) [0295.579] GetForegroundWindow () returned 0x100d4 [0295.580] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0295.580] EnumProcesses (in: lpidProcess=0x28049e0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28049e0, lpcbNeeded=0x1c36f3e0) returned 1 [0295.582] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12a1d980, ResultLength=0x1c36f380*=0xf0a8) returned 0x0 [0295.590] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0295.591] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0295.591] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c088f80, nMaxCount=256 | out: lpString="FolderView") returned 10 [0295.591] CoTaskMemFree (pv=0x1c088f80) [0295.592] GetForegroundWindow () returned 0x10080 [0295.592] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0295.592] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0295.592] CoTaskMemFree (pv=0x1c08a210) [0295.720] GetForegroundWindow () returned 0x10080 [0295.721] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0295.721] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0295.721] CoTaskMemFree (pv=0x1c0899d0) [0295.722] GetForegroundWindow () returned 0x10080 [0295.722] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0295.722] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0295.722] CoTaskMemFree (pv=0x1c088f80) [0295.845] GetForegroundWindow () returned 0x10080 [0295.848] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0295.848] EnumProcesses (in: lpidProcess=0x285c4a0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x285c4a0, lpcbNeeded=0x1c36f3e0) returned 1 [0295.850] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7da10, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12a7da10, ResultLength=0x1c36f380*=0xf1e8) returned 0x0 [0295.853] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0295.853] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0295.853] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0295.854] CoTaskMemFree (pv=0x1c08aa50) [0295.855] GetForegroundWindow () returned 0x100d4 [0295.855] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0295.855] EnumProcesses (in: lpidProcess=0x28794d0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28794d0, lpcbNeeded=0x1c36f3d0) returned 1 [0295.882] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x126b6e90, ResultLength=0x1c36f370*=0xf1e8) returned 0x0 [0295.889] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0295.889] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0295.889] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089be0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0295.889] CoTaskMemFree (pv=0x1c089be0) [0296.032] GetForegroundWindow () returned 0x10080 [0296.033] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0296.033] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0296.033] CoTaskMemFree (pv=0x1c08a420) [0296.034] GetForegroundWindow () returned 0x10080 [0296.034] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0296.034] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0296.035] CoTaskMemFree (pv=0x1c0899d0) [0296.096] GetForegroundWindow () returned 0x10080 [0296.096] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0296.096] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0296.096] CoTaskMemFree (pv=0x1c08ac60) [0296.097] GetForegroundWindow () returned 0x10080 [0296.097] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0296.097] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0296.098] CoTaskMemFree (pv=0x1c089df0) [0296.220] GetForegroundWindow () returned 0x100d4 [0296.220] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0296.220] EnumProcesses (in: lpidProcess=0x27fd308, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27fd308, lpcbNeeded=0x1c36f3e0) returned 1 [0296.222] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12740a78, ResultLength=0x1c36f380*=0xf1e8) returned 0x0 [0296.223] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0296.224] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0296.224] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089be0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0296.224] CoTaskMemFree (pv=0x1c089be0) [0296.225] GetForegroundWindow () returned 0x10080 [0296.225] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0296.225] EnumProcesses (in: lpidProcess=0x281a348, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x281a348, lpcbNeeded=0x1c36f3d0) returned 1 [0296.227] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12760aa8, ResultLength=0x1c36f370*=0xf1e8) returned 0x0 [0296.228] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0296.228] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0296.229] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0296.229] CoTaskMemFree (pv=0x1c088f80) [0296.346] GetForegroundWindow () returned 0x10080 [0296.346] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0296.346] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0296.346] CoTaskMemFree (pv=0x1c089df0) [0296.347] GetForegroundWindow () returned 0x10080 [0296.347] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0296.347] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0296.348] CoTaskMemFree (pv=0x1c08aa50) [0296.475] GetForegroundWindow () returned 0x10080 [0296.475] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0296.475] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0296.475] CoTaskMemFree (pv=0x1c08a000) [0296.479] GetForegroundWindow () returned 0x100d4 [0296.479] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0296.479] EnumProcesses (in: lpidProcess=0x28553c8, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28553c8, lpcbNeeded=0x1c36f3d0) returned 1 [0296.481] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x127a0b08, ResultLength=0x1c36f370*=0xec18) returned 0x0 [0296.492] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0296.492] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0296.492] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a630, nMaxCount=256 | out: lpString="FolderView") returned 10 [0296.492] CoTaskMemFree (pv=0x1c08a630) [0296.610] GetForegroundWindow () returned 0x10080 [0296.610] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0296.611] EnumProcesses (in: lpidProcess=0x28aa780, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28aa780, lpcbNeeded=0x1c36f3e0) returned 1 [0296.611] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800fb8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12800fb8, ResultLength=0x1c36f380*=0xec18) returned 0x0 [0296.612] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0296.612] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0296.612] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0296.612] CoTaskMemFree (pv=0x1c08aa50) [0296.613] GetForegroundWindow () returned 0x10080 [0296.613] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0296.613] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0296.614] CoTaskMemFree (pv=0x1c0893a0) [0296.748] GetForegroundWindow () returned 0x10080 [0296.748] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0296.748] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0296.748] CoTaskMemFree (pv=0x1c089df0) [0296.749] GetForegroundWindow () returned 0x10080 [0296.749] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0296.749] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0296.749] CoTaskMemFree (pv=0x1c08a210) [0296.873] GetForegroundWindow () returned 0x100d4 [0296.873] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0296.873] EnumProcesses (in: lpidProcess=0x28e44c0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28e44c0, lpcbNeeded=0x1c36f3e0) returned 1 [0296.874] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12841018, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12841018, ResultLength=0x1c36f380*=0xec18) returned 0x0 [0296.875] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0296.875] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0296.875] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0296.875] CoTaskMemFree (pv=0x1c0899d0) [0296.876] GetForegroundWindow () returned 0x10080 [0296.877] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0296.877] EnumProcesses (in: lpidProcess=0x2900b58, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2900b58, lpcbNeeded=0x1c36f3d0) returned 1 [0296.877] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12861048, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12861048, ResultLength=0x1c36f370*=0xec18) returned 0x0 [0296.878] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0296.878] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0296.878] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0296.878] CoTaskMemFree (pv=0x1c0899d0) [0297.008] GetForegroundWindow () returned 0x10080 [0297.008] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0297.008] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0297.008] CoTaskMemFree (pv=0x1c08a630) [0297.009] GetForegroundWindow () returned 0x10080 [0297.009] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0297.009] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0297.009] CoTaskMemFree (pv=0x1c0895b0) [0297.124] WSASend (in: s=0x410, lpBuffers=0x1c36f260*=((len=0xc, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c36f258, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c36f258*=0xc, lpOverlapped=0x27ce1c8) returned 0 [0297.126] GetForegroundWindow () returned 0x10080 [0297.126] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0297.126] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0297.126] CoTaskMemFree (pv=0x1c089190) [0297.127] GetForegroundWindow () returned 0x100d4 [0297.127] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0297.128] EnumProcesses (in: lpidProcess=0x293aa50, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x293aa50, lpcbNeeded=0x1c36f3d0) returned 1 [0297.128] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a10a8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x128a10a8, ResultLength=0x1c36f370*=0xec18) returned 0x0 [0297.136] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0297.136] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0297.136] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0297.136] CoTaskMemFree (pv=0x1c0897c0) [0297.263] GetForegroundWindow () returned 0x10080 [0297.264] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0297.264] EnumProcesses (in: lpidProcess=0x298fe08, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x298fe08, lpcbNeeded=0x1c36f3e0) returned 1 [0297.266] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129bd8f0, ResultLength=0x1c36f380*=0xec18) returned 0x0 [0297.281] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0297.281] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0297.281] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0297.281] CoTaskMemFree (pv=0x1c08a420) [0297.282] GetForegroundWindow () returned 0x10080 [0297.282] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0297.282] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0297.283] CoTaskMemFree (pv=0x1c08aa50) [0297.404] GetForegroundWindow () returned 0x10080 [0297.404] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0297.404] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0297.404] CoTaskMemFree (pv=0x1c08a840) [0297.405] GetForegroundWindow () returned 0x10080 [0297.405] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0297.405] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0297.405] CoTaskMemFree (pv=0x1c08aa50) [0297.529] GetForegroundWindow () returned 0x100d4 [0297.529] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0297.530] EnumProcesses (in: lpidProcess=0x27e0348, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27e0348, lpcbNeeded=0x1c36f3e0) returned 1 [0297.531] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129fd950, ResultLength=0x1c36f380*=0xec18) returned 0x0 [0297.533] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0297.534] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0297.534] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0297.534] CoTaskMemFree (pv=0x1c08aa50) [0297.535] GetForegroundWindow () returned 0x10080 [0297.535] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0297.535] EnumProcesses (in: lpidProcess=0x27fc9e0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27fc9e0, lpcbNeeded=0x1c36f3d0) returned 1 [0297.537] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a1d980, ResultLength=0x1c36f370*=0xec18) returned 0x0 [0297.538] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0297.538] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0297.538] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0297.538] CoTaskMemFree (pv=0x1c08a840) [0297.664] GetForegroundWindow () returned 0x10080 [0297.664] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0297.664] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0297.664] CoTaskMemFree (pv=0x1c089be0) [0297.665] GetForegroundWindow () returned 0x10080 [0297.666] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0297.666] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0297.666] CoTaskMemFree (pv=0x1c08a420) [0297.795] GetForegroundWindow () returned 0x10080 [0297.795] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0297.795] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0297.795] CoTaskMemFree (pv=0x1c089190) [0297.796] GetForegroundWindow () returned 0x100d4 [0297.796] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0297.797] EnumProcesses (in: lpidProcess=0x2836710, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2836710, lpcbNeeded=0x1c36f3d0) returned 1 [0297.799] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1c36f370*=0xec18) returned 0x0 [0297.800] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0297.800] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0297.800] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a000, nMaxCount=256 | out: lpString="FolderView") returned 10 [0297.800] CoTaskMemFree (pv=0x1c08a000) [0297.951] GetForegroundWindow () returned 0x10080 [0297.952] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0297.952] EnumProcesses (in: lpidProcess=0x27c1088, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27c1088, lpcbNeeded=0x1c36f3e0) returned 1 [0297.953] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12700a18, ResultLength=0x1c36f380*=0xec18) returned 0x0 [0297.953] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0297.953] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0297.954] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0297.954] CoTaskMemFree (pv=0x1c0893a0) [0297.955] GetForegroundWindow () returned 0x10080 [0297.955] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0297.955] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0297.955] CoTaskMemFree (pv=0x1c089df0) [0298.076] GetForegroundWindow () returned 0x10080 [0298.076] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0298.077] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0298.077] CoTaskMemFree (pv=0x1c0895b0) [0298.078] GetLastInputInfo (in: plii=0x1c36f500 | out: plii=0x1c36f500*(cbSize=0x8, dwTime=0x22f92)) returned 1 [0298.079] GetForegroundWindow () returned 0x10080 [0298.079] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0298.079] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0298.079] CoTaskMemFree (pv=0x1c08a210) [0298.201] GetForegroundWindow () returned 0x100d4 [0298.202] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0298.202] EnumProcesses (in: lpidProcess=0x27fb630, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27fb630, lpcbNeeded=0x1c36f3e0) returned 1 [0298.203] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12740a78, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12740a78, ResultLength=0x1c36f380*=0xec18) returned 0x0 [0298.211] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0298.211] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0298.211] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0298.212] CoTaskMemFree (pv=0x1c08aa50) [0298.213] GetForegroundWindow () returned 0x10080 [0298.213] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0298.213] EnumProcesses (in: lpidProcess=0x2817cc8, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2817cc8, lpcbNeeded=0x1c36f3d0) returned 1 [0298.214] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12760aa8, ResultLength=0x1c36f370*=0xec18) returned 0x0 [0298.215] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0298.215] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0298.215] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0298.215] CoTaskMemFree (pv=0x1c089be0) [0298.342] GetForegroundWindow () returned 0x10080 [0298.342] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0298.342] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0298.343] CoTaskMemFree (pv=0x1c08aa50) [0298.344] GetForegroundWindow () returned 0x10080 [0298.344] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0298.344] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0298.344] CoTaskMemFree (pv=0x1c0897c0) [0298.466] GetForegroundWindow () returned 0x10080 [0298.467] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0298.467] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0298.467] CoTaskMemFree (pv=0x1c08a420) [0298.468] GetForegroundWindow () returned 0x100d4 [0298.468] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0298.468] EnumProcesses (in: lpidProcess=0x28519f8, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28519f8, lpcbNeeded=0x1c36f3d0) returned 1 [0298.469] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x127a0b08, ResultLength=0x1c36f370*=0xec18) returned 0x0 [0298.470] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0298.470] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0298.470] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0298.470] CoTaskMemFree (pv=0x1c0897c0) [0298.591] GetForegroundWindow () returned 0x10080 [0298.610] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0298.610] EnumProcesses (in: lpidProcess=0x28a6db0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28a6db0, lpcbNeeded=0x1c36f3e0) returned 1 [0298.613] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800fb8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12800fb8, ResultLength=0x1c36f380*=0xec18) returned 0x0 [0298.616] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0298.617] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0298.617] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0298.618] CoTaskMemFree (pv=0x1c08a210) [0298.622] GetForegroundWindow () returned 0x10080 [0298.623] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0298.623] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0298.624] CoTaskMemFree (pv=0x1c0893a0) [0298.748] GetForegroundWindow () returned 0x10080 [0298.748] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0298.748] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0298.748] CoTaskMemFree (pv=0x1c08a210) [0298.749] GetForegroundWindow () returned 0x10080 [0298.749] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0298.749] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0298.749] CoTaskMemFree (pv=0x1c08a630) [0298.873] GetForegroundWindow () returned 0x100d4 [0298.873] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0298.873] EnumProcesses (in: lpidProcess=0x28e1168, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28e1168, lpcbNeeded=0x1c36f3e0) returned 1 [0298.874] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12841018, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12841018, ResultLength=0x1c36f380*=0xec18) returned 0x0 [0298.875] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0298.875] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0298.875] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a630, nMaxCount=256 | out: lpString="FolderView") returned 10 [0298.875] CoTaskMemFree (pv=0x1c08a630) [0298.876] GetForegroundWindow () returned 0x10080 [0298.876] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0298.877] EnumProcesses (in: lpidProcess=0x28fd800, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28fd800, lpcbNeeded=0x1c36f3d0) returned 1 [0298.877] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12861048, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12861048, ResultLength=0x1c36f370*=0xec18) returned 0x0 [0298.878] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0298.878] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0298.878] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0298.878] CoTaskMemFree (pv=0x1c08a420) [0298.998] GetForegroundWindow () returned 0x10080 [0298.998] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0298.998] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0298.998] CoTaskMemFree (pv=0x1c08a000) [0298.999] GetForegroundWindow () returned 0x10080 [0299.000] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0299.000] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0299.000] CoTaskMemFree (pv=0x1c08ac60) [0299.123] GetForegroundWindow () returned 0x10080 [0299.123] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0299.123] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0299.123] CoTaskMemFree (pv=0x1c08a420) [0299.124] GetForegroundWindow () returned 0x100d4 [0299.124] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0299.124] EnumProcesses (in: lpidProcess=0x2937530, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2937530, lpcbNeeded=0x1c36f3d0) returned 1 [0299.125] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a10a8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x128a10a8, ResultLength=0x1c36f370*=0xec18) returned 0x0 [0299.126] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0299.126] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0299.126] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c088f80, nMaxCount=256 | out: lpString="FolderView") returned 10 [0299.126] CoTaskMemFree (pv=0x1c088f80) [0299.185] GetForegroundWindow () returned 0x10080 [0299.185] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0299.185] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0299.186] CoTaskMemFree (pv=0x1c08a000) [0299.187] GetForegroundWindow () returned 0x10080 [0299.187] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0299.187] EnumProcesses (in: lpidProcess=0x2953ef0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2953ef0, lpcbNeeded=0x1c36f3d0) returned 1 [0299.188] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c10d8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x128c10d8, ResultLength=0x1c36f370*=0xec18) returned 0x0 [0299.189] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0299.189] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0299.189] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0299.189] CoTaskMemFree (pv=0x1c0893a0) [0299.310] GetForegroundWindow () returned 0x10080 [0299.310] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0299.311] EnumProcesses (in: lpidProcess=0x298cec0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x298cec0, lpcbNeeded=0x1c36f3e0) returned 1 [0299.312] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129bd8f0, ResultLength=0x1c36f380*=0xec18) returned 0x0 [0299.324] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0299.324] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0299.325] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0299.325] CoTaskMemFree (pv=0x1c08a000) [0299.326] GetForegroundWindow () returned 0x10080 [0299.326] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0299.326] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0299.326] CoTaskMemFree (pv=0x1c08aa50) [0299.451] GetForegroundWindow () returned 0x100d4 [0299.451] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0299.451] EnumProcesses (in: lpidProcess=0x27c1088, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27c1088, lpcbNeeded=0x1c36f3e0) returned 1 [0299.453] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129dd920, ResultLength=0x1c36f380*=0xec18) returned 0x0 [0299.457] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0299.458] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0299.458] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0299.458] CoTaskMemFree (pv=0x1c0893a0) [0299.459] GetForegroundWindow () returned 0x10080 [0299.459] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0299.459] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0299.460] CoTaskMemFree (pv=0x1c089df0) [0299.579] GetForegroundWindow () returned 0x10080 [0299.580] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0299.580] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0299.580] CoTaskMemFree (pv=0x1c08a420) [0299.581] GetForegroundWindow () returned 0x10080 [0299.581] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0299.581] EnumProcesses (in: lpidProcess=0x2817148, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2817148, lpcbNeeded=0x1c36f3d0) returned 1 [0299.583] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1c36f370*=0xec18) returned 0x0 [0299.585] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0299.585] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0299.585] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0299.585] CoTaskMemFree (pv=0x1c088f80) [0299.701] GetForegroundWindow () returned 0x10080 [0299.701] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0299.701] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0299.701] CoTaskMemFree (pv=0x1c08a210) [0299.703] GetForegroundWindow () returned 0x100d4 [0299.703] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0299.703] EnumProcesses (in: lpidProcess=0x2833fe0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2833fe0, lpcbNeeded=0x1c36f3d0) returned 1 [0299.705] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1c36f370*=0xec18) returned 0x0 [0299.706] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0299.706] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0299.706] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089df0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0299.706] CoTaskMemFree (pv=0x1c089df0) [0299.826] GetForegroundWindow () returned 0x10080 [0299.826] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0299.826] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0299.826] CoTaskMemFree (pv=0x1c0895b0) [0299.828] GetForegroundWindow () returned 0x10080 [0299.828] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0299.828] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0299.828] CoTaskMemFree (pv=0x1c0893a0) [0299.967] GetForegroundWindow () returned 0x10080 [0299.967] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0299.967] EnumProcesses (in: lpidProcess=0x27c1338, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27c1338, lpcbNeeded=0x1c36f3e0) returned 1 [0299.968] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12700a18, ResultLength=0x1c36f380*=0xec18) returned 0x0 [0299.969] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0299.969] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0299.969] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0299.969] CoTaskMemFree (pv=0x1c089be0) [0299.970] GetForegroundWindow () returned 0x10080 [0299.970] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0299.970] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0299.970] CoTaskMemFree (pv=0x1c08a630) [0300.092] GetForegroundWindow () returned 0x100d4 [0300.092] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0300.092] EnumProcesses (in: lpidProcess=0x27de998, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27de998, lpcbNeeded=0x1c36f3e0) returned 1 [0300.093] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12720a48, ResultLength=0x1c36f380*=0xec18) returned 0x0 [0300.094] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0300.094] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0300.094] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a630, nMaxCount=256 | out: lpString="FolderView") returned 10 [0300.094] CoTaskMemFree (pv=0x1c08a630) [0300.095] GetLastInputInfo (in: plii=0x1c36f500 | out: plii=0x1c36f500*(cbSize=0x8, dwTime=0x22f92)) returned 1 [0300.096] GetForegroundWindow () returned 0x10080 [0300.096] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0300.096] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0300.096] CoTaskMemFree (pv=0x1c08a420) [0300.217] GetForegroundWindow () returned 0x10080 [0300.217] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0300.217] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0300.217] CoTaskMemFree (pv=0x1c08a210) [0300.218] GetForegroundWindow () returned 0x10080 [0300.218] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0300.218] EnumProcesses (in: lpidProcess=0x2834370, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2834370, lpcbNeeded=0x1c36f3d0) returned 1 [0300.219] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12780ad8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12780ad8, ResultLength=0x1c36f370*=0xec18) returned 0x0 [0300.228] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0300.228] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0300.228] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0300.228] CoTaskMemFree (pv=0x1c0897c0) [0300.357] GetForegroundWindow () returned 0x10080 [0300.357] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0300.357] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0300.358] CoTaskMemFree (pv=0x1c08aa50) [0300.359] GetForegroundWindow () returned 0x100d4 [0300.359] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0300.359] EnumProcesses (in: lpidProcess=0x2851208, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2851208, lpcbNeeded=0x1c36f3d0) returned 1 [0300.360] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127a0b08, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x127a0b08, ResultLength=0x1c36f370*=0xec18) returned 0x0 [0300.361] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0300.361] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0300.361] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a420, nMaxCount=256 | out: lpString="FolderView") returned 10 [0300.361] CoTaskMemFree (pv=0x1c08a420) [0300.482] GetForegroundWindow () returned 0x10080 [0300.483] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0300.483] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0300.483] CoTaskMemFree (pv=0x1c08a210) [0300.484] GetForegroundWindow () returned 0x10080 [0300.484] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0300.484] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0300.485] CoTaskMemFree (pv=0x1c08aa50) [0300.611] GetForegroundWindow () returned 0x10080 [0300.611] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0300.611] EnumProcesses (in: lpidProcess=0x28a72f8, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28a72f8, lpcbNeeded=0x1c36f3e0) returned 1 [0300.612] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800fb8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12800fb8, ResultLength=0x1c36f380*=0xec18) returned 0x0 [0300.619] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0300.619] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0300.619] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0300.619] CoTaskMemFree (pv=0x1c0897c0) [0300.622] GetForegroundWindow () returned 0x10080 [0300.622] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0300.622] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0300.622] CoTaskMemFree (pv=0x1c089190) [0300.750] GetForegroundWindow () returned 0x100d4 [0300.752] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0300.752] EnumProcesses (in: lpidProcess=0x28c4190, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28c4190, lpcbNeeded=0x1c36f3e0) returned 1 [0300.752] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820fe8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12820fe8, ResultLength=0x1c36f380*=0xec18) returned 0x0 [0300.753] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0300.753] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0300.753] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0300.753] CoTaskMemFree (pv=0x1c0897c0) [0300.754] GetForegroundWindow () returned 0x10080 [0300.754] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0300.754] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0300.754] CoTaskMemFree (pv=0x1c089be0) [0300.877] GetForegroundWindow () returned 0x10080 [0300.877] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0300.877] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0300.878] CoTaskMemFree (pv=0x1c08a840) [0300.879] GetForegroundWindow () returned 0x10080 [0300.879] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0300.879] EnumProcesses (in: lpidProcess=0x2919aa8, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2919aa8, lpcbNeeded=0x1c36f3d0) returned 1 [0300.880] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12881078, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12881078, ResultLength=0x1c36f370*=0xec18) returned 0x0 [0300.881] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0300.882] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0300.882] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0300.882] CoTaskMemFree (pv=0x1c0893a0) [0300.999] GetForegroundWindow () returned 0x10080 [0301.000] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0301.000] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0301.000] CoTaskMemFree (pv=0x1c08a000) [0301.001] GetForegroundWindow () returned 0x100d4 [0301.001] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0301.001] EnumProcesses (in: lpidProcess=0x2936940, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2936940, lpcbNeeded=0x1c36f3d0) returned 1 [0301.002] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a10a8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x128a10a8, ResultLength=0x1c36f370*=0xec18) returned 0x0 [0301.002] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0301.003] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0301.003] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="FolderView") returned 10 [0301.003] CoTaskMemFree (pv=0x1c08ac60) [0301.124] GetForegroundWindow () returned 0x10080 [0301.125] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0301.125] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0301.125] CoTaskMemFree (pv=0x1c08a630) [0301.126] GetForegroundWindow () returned 0x10080 [0301.126] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0301.126] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0301.126] CoTaskMemFree (pv=0x1c089df0) [0301.210] GetForegroundWindow () returned 0x10080 [0301.210] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0301.210] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0301.210] CoTaskMemFree (pv=0x1c089be0) [0301.211] GetForegroundWindow () returned 0x10080 [0301.211] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0301.211] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0301.212] CoTaskMemFree (pv=0x1c08a000) [0301.327] GetForegroundWindow () returned 0x100d4 [0301.328] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0301.328] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a210, nMaxCount=256 | out: lpString="FolderView") returned 10 [0301.328] CoTaskMemFree (pv=0x1c08a210) [0301.329] GetForegroundWindow () returned 0x10080 [0301.329] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0301.329] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0301.329] CoTaskMemFree (pv=0x1c0893a0) [0301.468] GetForegroundWindow () returned 0x10080 [0301.468] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0301.468] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0301.469] CoTaskMemFree (pv=0x1c08a630) [0301.469] GetForegroundWindow () returned 0x10080 [0301.470] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0301.470] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0301.470] CoTaskMemFree (pv=0x1c08a210) [0301.594] GetForegroundWindow () returned 0x10080 [0301.594] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0301.594] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0301.594] CoTaskMemFree (pv=0x1c089be0) [0301.595] GetForegroundWindow () returned 0x100d4 [0301.595] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0301.595] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c088f80, nMaxCount=256 | out: lpString="FolderView") returned 10 [0301.596] CoTaskMemFree (pv=0x1c088f80) [0301.718] GetForegroundWindow () returned 0x10080 [0301.718] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0301.718] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0301.718] CoTaskMemFree (pv=0x1c08a210) [0301.719] GetForegroundWindow () returned 0x10080 [0301.719] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0301.719] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0301.720] CoTaskMemFree (pv=0x1c08ac60) [0301.844] GetForegroundWindow () returned 0x10080 [0301.844] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0301.844] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0301.844] CoTaskMemFree (pv=0x1c089df0) [0301.846] GetForegroundWindow () returned 0x10080 [0301.846] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0301.846] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0301.846] CoTaskMemFree (pv=0x1c0897c0) [0301.968] GetForegroundWindow () returned 0x100d4 [0301.969] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0301.969] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a210, nMaxCount=256 | out: lpString="FolderView") returned 10 [0301.969] CoTaskMemFree (pv=0x1c08a210) [0301.970] GetForegroundWindow () returned 0x10080 [0301.970] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0301.970] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0301.970] CoTaskMemFree (pv=0x1c0899d0) [0302.097] GetForegroundWindow () returned 0x10080 [0302.097] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0302.097] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0302.098] CoTaskMemFree (pv=0x1c089190) [0302.099] GetLastInputInfo (in: plii=0x1c36f500 | out: plii=0x1c36f500*(cbSize=0x8, dwTime=0x25819)) returned 1 [0302.100] GetForegroundWindow () returned 0x10080 [0302.100] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0302.100] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0302.100] CoTaskMemFree (pv=0x1c089be0) [0302.234] GetForegroundWindow () returned 0x10080 [0302.234] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0302.234] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0302.234] CoTaskMemFree (pv=0x1c08a840) [0302.237] GetForegroundWindow () returned 0x100d4 [0302.238] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0302.238] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0302.238] CoTaskMemFree (pv=0x1c0893a0) [0302.359] GetForegroundWindow () returned 0x10080 [0302.359] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0302.359] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0302.359] CoTaskMemFree (pv=0x1c088f80) [0302.361] GetForegroundWindow () returned 0x10080 [0302.361] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0302.361] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0302.361] CoTaskMemFree (pv=0x1c08a630) [0302.484] GetForegroundWindow () returned 0x10080 [0302.485] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0302.485] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0302.485] CoTaskMemFree (pv=0x1c08a210) [0302.486] GetForegroundWindow () returned 0x10080 [0302.486] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0302.486] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0302.486] CoTaskMemFree (pv=0x1c088f80) [0302.625] GetForegroundWindow () returned 0x100d4 [0302.625] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0302.625] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a210, nMaxCount=256 | out: lpString="FolderView") returned 10 [0302.625] CoTaskMemFree (pv=0x1c08a210) [0302.626] GetForegroundWindow () returned 0x10080 [0302.626] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0302.626] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0302.626] CoTaskMemFree (pv=0x1c0893a0) [0302.749] GetForegroundWindow () returned 0x10080 [0302.749] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0302.750] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0302.750] CoTaskMemFree (pv=0x1c08aa50) [0302.751] GetForegroundWindow () returned 0x10080 [0302.751] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0302.751] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0302.751] CoTaskMemFree (pv=0x1c08a840) [0302.875] GetForegroundWindow () returned 0x10080 [0302.875] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0302.875] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0302.875] CoTaskMemFree (pv=0x1c089190) [0302.876] GetForegroundWindow () returned 0x100d4 [0302.876] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0302.876] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="FolderView") returned 10 [0302.876] CoTaskMemFree (pv=0x1c08aa50) [0302.999] GetForegroundWindow () returned 0x10080 [0303.000] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0303.000] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0303.000] CoTaskMemFree (pv=0x1c0895b0) [0303.001] GetForegroundWindow () returned 0x10080 [0303.001] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0303.001] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0303.001] CoTaskMemFree (pv=0x1c08a630) [0303.125] GetForegroundWindow () returned 0x10080 [0303.125] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0303.125] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0303.125] CoTaskMemFree (pv=0x1c08aa50) [0303.126] GetForegroundWindow () returned 0x10080 [0303.126] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0303.126] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0303.127] CoTaskMemFree (pv=0x1c08a210) [0303.250] GetForegroundWindow () returned 0x100d4 [0303.250] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0303.250] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a000, nMaxCount=256 | out: lpString="FolderView") returned 10 [0303.250] CoTaskMemFree (pv=0x1c08a000) [0303.251] GetForegroundWindow () returned 0x10080 [0303.251] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0303.251] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0303.252] CoTaskMemFree (pv=0x1c08a840) [0303.374] GetForegroundWindow () returned 0x10080 [0303.374] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0303.375] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0303.375] CoTaskMemFree (pv=0x1c08a420) [0303.376] GetForegroundWindow () returned 0x10080 [0303.376] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0303.376] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0303.376] CoTaskMemFree (pv=0x1c089be0) [0303.499] GetForegroundWindow () returned 0x10080 [0303.500] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0303.500] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0303.500] CoTaskMemFree (pv=0x1c08a630) [0303.502] GetForegroundWindow () returned 0x100d4 [0303.502] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0303.502] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0303.502] CoTaskMemFree (pv=0x1c0895b0) [0303.624] GetForegroundWindow () returned 0x10080 [0303.625] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0303.625] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0303.625] CoTaskMemFree (pv=0x1c089df0) [0303.626] GetForegroundWindow () returned 0x10080 [0303.626] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0303.626] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0303.626] CoTaskMemFree (pv=0x1c0899d0) [0303.753] GetForegroundWindow () returned 0x10080 [0303.753] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0303.753] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0303.753] CoTaskMemFree (pv=0x1c0899d0) [0303.755] GetForegroundWindow () returned 0x10080 [0303.755] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0303.755] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0303.755] CoTaskMemFree (pv=0x1c0895b0) [0303.890] GetForegroundWindow () returned 0x100d4 [0303.890] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0303.890] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c088f80, nMaxCount=256 | out: lpString="FolderView") returned 10 [0303.891] CoTaskMemFree (pv=0x1c088f80) [0303.892] GetForegroundWindow () returned 0x10080 [0303.892] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0303.892] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0303.892] CoTaskMemFree (pv=0x1c0899d0) [0304.015] GetForegroundWindow () returned 0x10080 [0304.015] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0304.015] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0304.016] CoTaskMemFree (pv=0x1c08a630) [0304.017] GetForegroundWindow () returned 0x10080 [0304.017] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0304.017] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0304.017] CoTaskMemFree (pv=0x1c089df0) [0304.125] GetLastInputInfo (in: plii=0x1c36f500 | out: plii=0x1c36f500*(cbSize=0x8, dwTime=0x25819)) returned 1 [0304.208] GetForegroundWindow () returned 0x10080 [0304.208] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0304.208] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0304.208] CoTaskMemFree (pv=0x1c0897c0) [0304.209] GetForegroundWindow () returned 0x100d4 [0304.209] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0304.209] EnumProcesses (in: lpidProcess=0x29001b0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x29001b0, lpcbNeeded=0x1c36f3d0) returned 1 [0304.210] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12861048, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12861048, ResultLength=0x1c36f370*=0xebc8) returned 0x0 [0304.220] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0304.220] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0304.220] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0304.220] CoTaskMemFree (pv=0x1c0895b0) [0304.343] GetForegroundWindow () returned 0x10080 [0304.343] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0304.343] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0304.344] CoTaskMemFree (pv=0x1c0897c0) [0304.345] GetForegroundWindow () returned 0x10080 [0304.345] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0304.345] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0304.345] CoTaskMemFree (pv=0x1c08a210) [0304.468] GetForegroundWindow () returned 0x10080 [0304.468] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0304.469] EnumProcesses (in: lpidProcess=0x2955c98, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2955c98, lpcbNeeded=0x1c36f3e0) returned 1 [0304.469] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c10d8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x128c10d8, ResultLength=0x1c36f380*=0xebc8) returned 0x0 [0304.470] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0304.470] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0304.470] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0304.470] CoTaskMemFree (pv=0x1c08aa50) [0304.471] GetForegroundWindow () returned 0x10080 [0304.472] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0304.472] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0304.472] CoTaskMemFree (pv=0x1c08aa50) [0305.250] GetForegroundWindow () returned 0x100d4 [0305.251] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0305.251] EnumProcesses (in: lpidProcess=0x2972a78, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2972a78, lpcbNeeded=0x1c36f3e0) returned 1 [0305.252] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x1299d8c0, ResultLength=0x1c36f380*=0xec18) returned 0x0 [0305.253] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0305.253] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0305.253] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c089be0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0305.253] CoTaskMemFree (pv=0x1c089be0) [0305.255] GetForegroundWindow () returned 0x10080 [0305.255] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0305.255] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0305.255] CoTaskMemFree (pv=0x1c08ac60) [0305.734] GetForegroundWindow () returned 0x10080 [0305.734] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0305.734] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0305.734] CoTaskMemFree (pv=0x1c08aa50) [0305.735] GetForegroundWindow () returned 0x10080 [0305.735] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0305.735] EnumProcesses (in: lpidProcess=0x27dec98, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27dec98, lpcbNeeded=0x1c36f3d0) returned 1 [0305.737] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x129fd950, ResultLength=0x1c36f370*=0xeb28) returned 0x0 [0305.738] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0305.738] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0305.738] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0305.738] CoTaskMemFree (pv=0x1c089df0) [0305.978] GetForegroundWindow () returned 0x10080 [0305.979] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0305.979] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="") returned 0 [0305.979] CoTaskMemFree (pv=0x1c0895b0) [0305.980] GetForegroundWindow () returned 0x100d4 [0305.980] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0305.981] EnumProcesses (in: lpidProcess=0x27fb8e0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27fb8e0, lpcbNeeded=0x1c36f3d0) returned 1 [0305.982] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a1d980, ResultLength=0x1c36f370*=0xedc0) returned 0x0 [0305.991] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0305.991] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0305.991] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0305.991] CoTaskMemFree (pv=0x1c0897c0) [0306.125] GetLastInputInfo (in: plii=0x1c36f500 | out: plii=0x1c36f500*(cbSize=0x8, dwTime=0x25819)) returned 1 [0306.276] GetForegroundWindow () returned 0x10080 [0306.276] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0306.276] EnumProcesses (in: lpidProcess=0x28518b8, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28518b8, lpcbNeeded=0x1c36f3e0) returned 1 [0306.278] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7da10, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12a7da10, ResultLength=0x1c36f380*=0xf040) returned 0x0 [0306.287] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0306.287] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0306.287] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0306.287] CoTaskMemFree (pv=0x1c0893a0) [0306.288] GetForegroundWindow () returned 0x10080 [0306.288] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0306.289] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0306.289] CoTaskMemFree (pv=0x1c08a630) [0306.500] GetForegroundWindow () returned 0x10080 [0306.500] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0306.500] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0306.501] CoTaskMemFree (pv=0x1c08a000) [0306.501] GetForegroundWindow () returned 0x10080 [0306.501] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0306.502] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0306.502] CoTaskMemFree (pv=0x1c0899d0) [0306.699] GetForegroundWindow () returned 0x100d4 [0306.699] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0306.700] EnumProcesses (in: lpidProcess=0x27c1ae0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27c1ae0, lpcbNeeded=0x1c36f3e0) returned 1 [0306.701] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12700a18, ResultLength=0x1c36f380*=0xf130) returned 0x0 [0306.701] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0306.701] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0306.701] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0306.702] CoTaskMemFree (pv=0x1c0895b0) [0306.703] GetForegroundWindow () returned 0x10080 [0306.703] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0306.703] EnumProcesses (in: lpidProcess=0x27df580, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27df580, lpcbNeeded=0x1c36f3d0) returned 1 [0306.705] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12720a48, ResultLength=0x1c36f370*=0xf130) returned 0x0 [0306.706] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0306.706] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0306.706] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0306.706] CoTaskMemFree (pv=0x1c08a420) [0306.947] GetForegroundWindow () returned 0x10080 [0306.947] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0306.947] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0306.947] CoTaskMemFree (pv=0x1c08ac60) [0306.948] GetForegroundWindow () returned 0x10080 [0306.948] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0306.948] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0306.948] CoTaskMemFree (pv=0x1c0899d0) [0307.138] GetForegroundWindow () returned 0x10080 [0307.138] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0307.138] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0307.138] CoTaskMemFree (pv=0x1c088f80) [0307.139] GetForegroundWindow () returned 0x100d4 [0307.140] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0307.140] EnumProcesses (in: lpidProcess=0x281b048, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x281b048, lpcbNeeded=0x1c36f3d0) returned 1 [0307.141] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12760aa8, ResultLength=0x1c36f370*=0xf130) returned 0x0 [0307.141] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0307.141] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0307.142] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0307.142] CoTaskMemFree (pv=0x1c0895b0) [0307.276] WSASend (in: s=0x410, lpBuffers=0x1c36f260*=((len=0xc, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c36f258, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c36f258*=0xc, lpOverlapped=0x27ce1c8) returned 0 [0307.278] GetForegroundWindow () returned 0x10080 [0307.278] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0307.278] EnumProcesses (in: lpidProcess=0x2872860, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2872860, lpcbNeeded=0x1c36f3e0) returned 1 [0307.279] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x127c0b38, ResultLength=0x1c36f380*=0xf130) returned 0x0 [0307.287] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0307.287] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0307.287] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0307.288] CoTaskMemFree (pv=0x1c089190) [0307.289] GetForegroundWindow () returned 0x10080 [0307.289] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0307.289] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0307.289] CoTaskMemFree (pv=0x1c08ac60) [0307.427] GetForegroundWindow () returned 0x10080 [0307.427] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0307.427] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0307.427] CoTaskMemFree (pv=0x1c089190) [0307.428] GetForegroundWindow () returned 0x10080 [0307.428] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0307.428] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0307.429] CoTaskMemFree (pv=0x1c089190) [0307.554] GetForegroundWindow () returned 0x100d4 [0307.554] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0307.555] EnumProcesses (in: lpidProcess=0x28ae0f0, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28ae0f0, lpcbNeeded=0x1c36f3e0) returned 1 [0307.555] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800fb8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12800fb8, ResultLength=0x1c36f380*=0xf418) returned 0x0 [0307.556] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0307.556] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0307.556] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="FolderView") returned 10 [0307.557] CoTaskMemFree (pv=0x1c08ac60) [0307.558] GetForegroundWindow () returned 0x10080 [0307.558] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0307.558] EnumProcesses (in: lpidProcess=0x28cb730, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28cb730, lpcbNeeded=0x1c36f3d0) returned 1 [0307.559] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820fe8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12820fe8, ResultLength=0x1c36f370*=0xf418) returned 0x0 [0307.559] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0307.559] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0307.559] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0307.560] CoTaskMemFree (pv=0x1c0897c0) [0307.720] GetForegroundWindow () returned 0x10080 [0307.720] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0307.720] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0307.721] CoTaskMemFree (pv=0x1c089be0) [0307.722] GetForegroundWindow () returned 0x10080 [0307.722] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0307.722] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0307.722] CoTaskMemFree (pv=0x1c08a840) [0307.856] GetForegroundWindow () returned 0x10080 [0307.857] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0307.857] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="") returned 0 [0307.857] CoTaskMemFree (pv=0x1c0899d0) [0307.859] GetForegroundWindow () returned 0x100d4 [0307.859] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0307.859] EnumProcesses (in: lpidProcess=0x29073b0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x29073b0, lpcbNeeded=0x1c36f3d0) returned 1 [0307.860] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12861048, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12861048, ResultLength=0x1c36f370*=0xf558) returned 0x0 [0307.860] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0307.861] CoTaskMemAlloc (cb=0x204) returned 0x1c0899d0 [0307.861] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0899d0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0307.861] CoTaskMemFree (pv=0x1c0899d0) [0307.977] GetForegroundWindow () returned 0x10080 [0307.977] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0307.977] EnumProcesses (in: lpidProcess=0x295fe40, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x295fe40, lpcbNeeded=0x1c36f3e0) returned 1 [0307.978] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c10d8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x128c10d8, ResultLength=0x1c36f380*=0xf648) returned 0x0 [0307.978] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0307.979] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0307.979] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0307.979] CoTaskMemFree (pv=0x1c089190) [0307.980] GetForegroundWindow () returned 0x10080 [0307.980] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0307.980] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0307.980] CoTaskMemFree (pv=0x1c08a000) [0308.224] GetForegroundWindow () returned 0x10080 [0308.224] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0308.224] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0308.225] CoTaskMemFree (pv=0x1c08a000) [0308.235] GetForegroundWindow () returned 0x10080 [0308.235] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0308.235] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0308.236] CoTaskMemFree (pv=0x1c08aa50) [0308.429] GetForegroundWindow () returned 0x100d4 [0308.429] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0308.430] EnumProcesses (in: lpidProcess=0x299c760, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x299c760, lpcbNeeded=0x1c36f3e0) returned 1 [0308.431] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x129bd8f0, ResultLength=0x1c36f380*=0xf890) returned 0x0 [0308.447] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0308.447] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0308.447] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0308.447] CoTaskMemFree (pv=0x1c0893a0) [0308.448] GetForegroundWindow () returned 0x10080 [0308.448] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0308.448] EnumProcesses (in: lpidProcess=0x27cbd50, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27cbd50, lpcbNeeded=0x1c36f3d0) returned 1 [0308.450] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x129dd920, ResultLength=0x1c36f370*=0xf890) returned 0x0 [0308.459] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0308.459] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0308.459] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0308.459] CoTaskMemFree (pv=0x1c089df0) [0308.664] GetForegroundWindow () returned 0x10080 [0308.664] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0308.664] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0308.664] CoTaskMemFree (pv=0x1c08aa50) [0308.665] GetForegroundWindow () returned 0x10080 [0308.665] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0308.665] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0308.666] CoTaskMemFree (pv=0x1c089df0) [0308.788] GetForegroundWindow () returned 0x10080 [0308.788] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0308.788] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="") returned 0 [0308.789] CoTaskMemFree (pv=0x1c0897c0) [0308.790] GetForegroundWindow () returned 0x100d4 [0308.790] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0308.790] EnumProcesses (in: lpidProcess=0x2809168, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2809168, lpcbNeeded=0x1c36f3d0) returned 1 [0308.792] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12a1d980, ResultLength=0x1c36f370*=0xf9d0) returned 0x0 [0308.793] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0308.793] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0308.793] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a000, nMaxCount=256 | out: lpString="FolderView") returned 10 [0308.794] CoTaskMemFree (pv=0x1c08a000) [0309.054] GetForegroundWindow () returned 0x10080 [0309.054] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0309.054] EnumProcesses (in: lpidProcess=0x2863548, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2863548, lpcbNeeded=0x1c36f3e0) returned 1 [0309.056] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7da10, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12a7da10, ResultLength=0x1c36f380*=0xfac0) returned 0x0 [0309.057] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0309.057] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0309.057] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0309.057] CoTaskMemFree (pv=0x1c08a210) [0309.059] GetForegroundWindow () returned 0x10080 [0309.059] CoTaskMemAlloc (cb=0x204) returned 0x1c089be0 [0309.059] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089be0, nMaxCount=256 | out: lpString="") returned 0 [0309.059] CoTaskMemFree (pv=0x1c089be0) [0309.215] GetForegroundWindow () returned 0x10080 [0309.215] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0309.215] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0309.215] CoTaskMemFree (pv=0x1c08a000) [0309.216] GetForegroundWindow () returned 0x10080 [0309.216] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0309.216] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0309.217] CoTaskMemFree (pv=0x1c089190) [0309.342] GetForegroundWindow () returned 0x100d4 [0309.342] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0309.343] EnumProcesses (in: lpidProcess=0x27c2d28, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x27c2d28, lpcbNeeded=0x1c36f3e0) returned 1 [0309.344] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12700a18, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12700a18, ResultLength=0x1c36f380*=0xfb10) returned 0x0 [0309.344] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0309.344] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0309.345] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c08a420, nMaxCount=256 | out: lpString="FolderView") returned 10 [0309.345] CoTaskMemFree (pv=0x1c08a420) [0309.346] GetForegroundWindow () returned 0x10080 [0309.346] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0309.346] EnumProcesses (in: lpidProcess=0x27e17a0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x27e17a0, lpcbNeeded=0x1c36f3d0) returned 1 [0309.346] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12720a48, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12720a48, ResultLength=0x1c36f370*=0xfb10) returned 0x0 [0309.347] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0309.347] CoTaskMemAlloc (cb=0x204) returned 0x1c088f80 [0309.347] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c088f80, nMaxCount=256 | out: lpString="") returned 0 [0309.347] CoTaskMemFree (pv=0x1c088f80) [0309.476] GetForegroundWindow () returned 0x10080 [0309.476] CoTaskMemAlloc (cb=0x204) returned 0x1c08a630 [0309.476] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a630, nMaxCount=256 | out: lpString="") returned 0 [0309.476] CoTaskMemFree (pv=0x1c08a630) [0309.477] GetForegroundWindow () returned 0x10080 [0309.477] CoTaskMemAlloc (cb=0x204) returned 0x1c089df0 [0309.477] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089df0, nMaxCount=256 | out: lpString="") returned 0 [0309.478] CoTaskMemFree (pv=0x1c089df0) [0309.601] GetForegroundWindow () returned 0x10080 [0309.601] CoTaskMemAlloc (cb=0x204) returned 0x1c089190 [0309.601] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c089190, nMaxCount=256 | out: lpString="") returned 0 [0309.601] CoTaskMemFree (pv=0x1c089190) [0309.603] GetForegroundWindow () returned 0x100d4 [0309.603] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0309.603] EnumProcesses (in: lpidProcess=0x281edd0, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x281edd0, lpcbNeeded=0x1c36f3d0) returned 1 [0309.604] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12760aa8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12760aa8, ResultLength=0x1c36f370*=0xfbb0) returned 0x0 [0309.605] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0309.605] CoTaskMemAlloc (cb=0x204) returned 0x1c0897c0 [0309.605] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0897c0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0309.605] CoTaskMemFree (pv=0x1c0897c0) [0309.726] GetForegroundWindow () returned 0x10080 [0309.726] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x67c [0309.726] EnumProcesses (in: lpidProcess=0x2879990, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x2879990, lpcbNeeded=0x1c36f3e0) returned 1 [0309.727] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127c0b38, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x127c0b38, ResultLength=0x1c36f380*=0xfbb0) returned 0x0 [0309.728] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0309.728] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0309.728] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0309.728] CoTaskMemFree (pv=0x1c08a840) [0309.729] GetForegroundWindow () returned 0x10080 [0309.729] CoTaskMemAlloc (cb=0x204) returned 0x1c08ac60 [0309.729] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08ac60, nMaxCount=256 | out: lpString="") returned 0 [0309.730] CoTaskMemFree (pv=0x1c08ac60) [0309.851] GetForegroundWindow () returned 0x10080 [0309.851] CoTaskMemAlloc (cb=0x204) returned 0x1c08a840 [0309.851] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a840, nMaxCount=256 | out: lpString="") returned 0 [0309.852] CoTaskMemFree (pv=0x1c08a840) [0309.853] GetForegroundWindow () returned 0x10080 [0309.853] CoTaskMemAlloc (cb=0x204) returned 0x1c08a420 [0309.853] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a420, nMaxCount=256 | out: lpString="") returned 0 [0309.853] CoTaskMemFree (pv=0x1c08a420) [0309.976] GetForegroundWindow () returned 0x100d4 [0309.976] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4c0 | out: lpdwProcessId=0x1c36f4c0) returned 0x650 [0309.976] EnumProcesses (in: lpidProcess=0x28b7180, cb=0x400, lpcbNeeded=0x1c36f3e0 | out: lpidProcess=0x28b7180, lpcbNeeded=0x1c36f3e0) returned 1 [0309.977] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800fb8, Length=0x20000, ResultLength=0x1c36f380 | out: SystemInformation=0x12800fb8, ResultLength=0x1c36f380*=0xfbb0) returned 0x0 [0309.978] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0309.978] CoTaskMemAlloc (cb=0x204) returned 0x1c0895b0 [0309.978] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0895b0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0309.978] CoTaskMemFree (pv=0x1c0895b0) [0309.979] GetForegroundWindow () returned 0x10080 [0309.979] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x67c [0309.980] EnumProcesses (in: lpidProcess=0x28d5570, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x28d5570, lpcbNeeded=0x1c36f3d0) returned 1 [0309.980] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820fe8, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12820fe8, ResultLength=0x1c36f370*=0xfbb0) returned 0x0 [0309.981] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0309.981] CoTaskMemAlloc (cb=0x204) returned 0x1c08a210 [0309.981] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a210, nMaxCount=256 | out: lpString="") returned 0 [0309.981] CoTaskMemFree (pv=0x1c08a210) [0310.101] GetForegroundWindow () returned 0x10080 [0310.101] CoTaskMemAlloc (cb=0x204) returned 0x1c08aa50 [0310.101] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08aa50, nMaxCount=256 | out: lpString="") returned 0 [0310.101] CoTaskMemFree (pv=0x1c08aa50) [0310.102] GetForegroundWindow () returned 0x10080 [0310.103] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0310.103] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="") returned 0 [0310.103] CoTaskMemFree (pv=0x1c0893a0) [0310.235] GetForegroundWindow () returned 0x10080 [0310.235] CoTaskMemAlloc (cb=0x204) returned 0x1c08a000 [0310.235] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c08a000, nMaxCount=256 | out: lpString="") returned 0 [0310.235] CoTaskMemFree (pv=0x1c08a000) [0310.236] GetForegroundWindow () returned 0x100d4 [0310.236] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c36f4b0 | out: lpdwProcessId=0x1c36f4b0) returned 0x650 [0310.236] EnumProcesses (in: lpidProcess=0x2912d98, cb=0x400, lpcbNeeded=0x1c36f3d0 | out: lpidProcess=0x2912d98, lpcbNeeded=0x1c36f3d0) returned 1 [0310.237] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12861048, Length=0x20000, ResultLength=0x1c36f370 | out: SystemInformation=0x12861048, ResultLength=0x1c36f370*=0xfbb0) returned 0x0 [0310.238] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0310.239] CoTaskMemAlloc (cb=0x204) returned 0x1c0893a0 [0310.239] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c0893a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0310.239] CoTaskMemFree (pv=0x1c0893a0) Thread: id = 20 os_tid = 0xa7c [0230.311] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0230.317] setsockopt (s=0x410, level=65535, optname=28688, optval=0x0, optlen=0) returned 0 [0230.645] getpeername (in: s=0x410, name=0x2897be0, namelen=0x1c46f238 | out: name=0x2897be0*(sa_family=2, sin_port=0x9828, sin_addr="107.150.23.184"), namelen=0x1c46f238) returned 0 [0230.807] CoTaskMemAlloc (cb=0x204) returned 0x1aeb8530 [0230.807] GetComputerNameW (in: lpBuffer=0x1aeb8530, nSize=0x1c46f1b8 | out: lpBuffer="XC64ZB", nSize=0x1c46f1b8) returned 1 [0230.807] CoTaskMemFree (pv=0x1aeb8530) [0230.808] CoTaskMemAlloc (cb=0x204) returned 0x1aeb8530 [0230.808] GetUserNameW (in: lpBuffer=0x1aeb8530, pcbBuffer=0x1c46f1b8 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x1c46f1b8) returned 1 [0230.808] CoTaskMemFree (pv=0x1aeb8530) [0231.328] WSASend (in: s=0x410, lpBuffers=0x1c46ef70*=((len=0x4c, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c46ef68, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c46ef68*=0x4c, lpOverlapped=0x27ce1c8) returned 0 [0231.351] WSARecv (in: s=0x410, lpBuffers=0x1c46f1b0, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f1ac, lpFlags=0x1c46f1a8*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f1b0*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f1ac*=0x0, lpFlags=0x1c46f1a8*=0x0, lpOverlapped=0x27ce150) returned 0 [0231.802] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f23c*=0x0, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0 [0231.803] WSASend (in: s=0x410, lpBuffers=0x1c46f1b0*=((len=0xc, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c46f1a8, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c46f1a8*=0xc, lpOverlapped=0x27ce1c8) returned 0 [0232.302] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\catalog.dat", nBufferLength=0x105, lpBuffer=0x1c46e7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\catalog.dat", lpFilePart=0x0) returned 0x56 [0232.302] SetErrorMode (uMode=0x1) returned 0x0 [0232.303] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\catalog.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\catalog.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x428 [0232.307] GetFileType (hFile=0x428) returned 0x1 [0232.307] SetErrorMode (uMode=0x0) returned 0x1 [0232.307] GetFileType (hFile=0x428) returned 0x1 [0232.312] WriteFile (in: hFile=0x428, lpBuffer=0x28205e8*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x1c46ec88, lpOverlapped=0x0 | out: lpBuffer=0x28205e8*, lpNumberOfBytesWritten=0x1c46ec88*=0xa0, lpOverlapped=0x0) returned 1 [0232.314] CloseHandle (hObject=0x428) returned 1 [0232.315] WSASend (in: s=0x410, lpBuffers=0x1c46edf0*=((len=0xc, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c46ede8, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c46ede8*=0xc, lpOverlapped=0x27ce1c8) returned 0 [0232.316] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f23c*=0x0, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0 [0233.001] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe", nBufferLength=0x105, lpBuffer=0x1c46e820, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service\\agpsvc.exe", lpFilePart=0x0) returned 0x27 [0233.139] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe", nBufferLength=0x105, lpBuffer=0x1c46e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service\\agpsvc.exe", lpFilePart=0x0) returned 0x27 [0233.169] CoTaskMemAlloc (cb=0x2e) returned 0x1ae8d6f0 [0233.169] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20119, phkResult=0x1c46ef08 | out: phkResult=0x1c46ef08*=0x428) returned 0x0 [0233.169] CoTaskMemFree (pv=0x1ae8d6f0) [0233.170] CoTaskMemAlloc (cb=0xd) returned 0x1ae72fb0 [0233.170] RegQueryValueExA (in: hKey=0x428, lpValueName="ProductName", lpReserved=0x0, lpType=0x1c46eecc, lpData=0x0, lpcbData=0x1c46eec8*=0x0 | out: lpType=0x1c46eecc*=0x1, lpData=0x0, lpcbData=0x1c46eec8*=0xf) returned 0x0 [0233.170] CoTaskMemFree (pv=0x1ae72fb0) [0233.170] CoTaskMemFree (pv=0x0) [0233.170] CoTaskMemAlloc (cb=0xd) returned 0x1ae732b0 [0233.170] CoTaskMemAlloc (cb=0x13) returned 0x1ae73210 [0233.170] RegQueryValueExA (in: hKey=0x428, lpValueName="ProductName", lpReserved=0x0, lpType=0x1c46eecc, lpData=0x1ae73210, lpcbData=0x1c46eec8*=0xf | out: lpType=0x1c46eecc*=0x1, lpData="Windows 10 Pro", lpcbData=0x1c46eec8*=0xf) returned 0x0 [0233.170] CoTaskMemFree (pv=0x1ae732b0) [0233.170] CoTaskMemFree (pv=0x1ae73210) [0233.171] RegCloseKey (hKey=0x428) returned 0x0 [0233.172] GetFullPathNameW (in: lpFileName="C:\\Program Files\\AGP Service\\agpsvc.exe", nBufferLength=0x105, lpBuffer=0x1c46e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\AGP Service\\agpsvc.exe", lpFilePart=0x0) returned 0x27 [0233.178] WSASend (in: s=0x410, lpBuffers=0x1c46ed30*=((len=0x54, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c46ed28, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c46ed28*=0x54, lpOverlapped=0x27ce1c8) returned 0 [0233.178] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f23c*=0x54, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0 [0233.271] VarDecMul (in: pdecLeft=0x1c46ef40, pdecRight=0x1c46ef30, pdecResult=0x1c46efe0 | out: pdecResult=0x1c46efe0) returned 0x0 [0233.272] VarDecCmp (pdecLeft=0x1c46ee20, pdecRight=0x1c46ee10) returned 0x2 [0233.274] VarR4FromDec (in: pdecIn=0x1c46eeb0, pfltOut=0x1c46ee40 | out: pfltOut=0x1c46ee40) returned 0x0 [0233.288] GetSystemTimes (in: lpIdleTime=0x1c46ef40, lpKernelTime=0x1c46ef38, lpUserTime=0x1c46ef30 | out: lpIdleTime=0x1c46ef40, lpKernelTime=0x1c46ef38, lpUserTime=0x1c46ef30) returned 1 [0233.327] GlobalMemoryStatusEx (in: lpBuffer=0x1c46eef0 | out: lpBuffer=0x1c46eef0) returned 1 [0233.339] WSASend (in: s=0x410, lpBuffers=0x1c46ed40*=((len=0x34, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c46ed38, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c46ed38*=0x34, lpOverlapped=0x27ce1c8) returned 0 [0233.505] GetWindowThreadProcessId (in: hWnd=0x5013e, lpdwProcessId=0x1c46ed40 | out: lpdwProcessId=0x1c46ed40) returned 0x860 [0233.506] GetCurrentThreadId () returned 0xa7c [0233.507] GetWindowThreadProcessId (in: hWnd=0x5013e, lpdwProcessId=0x1c46ec40 | out: lpdwProcessId=0x1c46ec40) returned 0x860 [0233.507] GetCurrentThreadId () returned 0xa7c [0233.507] PostMessageW (hWnd=0x5013e, Msg=0xc153, wParam=0x0, lParam=0x0) returned 1 [0233.517] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f23c*=0x24, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0 [0233.517] WSASend (in: s=0x410, lpBuffers=0x1c46f1b0*=((len=0x24, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c46f1a8, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c46f1a8*=0x24, lpOverlapped=0x27ce1c8) returned 0 [0233.518] GetSystemTimes (in: lpIdleTime=0x1c46eda0, lpKernelTime=0x1c46ed98, lpUserTime=0x1c46ed90 | out: lpIdleTime=0x1c46eda0, lpKernelTime=0x1c46ed98, lpUserTime=0x1c46ed90) returned 1 [0233.518] VarDecMul (in: pdecLeft=0x1c46ef40, pdecRight=0x1c46ef30, pdecResult=0x1c46efe0 | out: pdecResult=0x1c46efe0) returned 0x0 [0233.518] VarDecCmp (pdecLeft=0x1c46ee20, pdecRight=0x1c46ee10) returned 0x2 [0233.518] VarR4FromDec (in: pdecIn=0x1c46eeb0, pfltOut=0x1c46ee40 | out: pfltOut=0x1c46ee40) returned 0x0 [0233.519] GetSystemTimes (in: lpIdleTime=0x1c46ef40, lpKernelTime=0x1c46ef38, lpUserTime=0x1c46ef30 | out: lpIdleTime=0x1c46ef40, lpKernelTime=0x1c46ef38, lpUserTime=0x1c46ef30) returned 1 [0233.519] GlobalMemoryStatusEx (in: lpBuffer=0x1c46eef0 | out: lpBuffer=0x1c46eef0) returned 1 [0233.520] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f23c*=0x0, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0 [0233.520] WSASend (in: s=0x410, lpBuffers=0x1c46f1b0*=((len=0x24, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c46f1a8, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c46f1a8*=0x24, lpOverlapped=0x27ce1c8) returned 0 [0233.521] WSASend (in: s=0x410, lpBuffers=0x1c46f1b0*=((len=0x34, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c46f1a8, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c46f1a8*=0x34, lpOverlapped=0x27ce1c8) returned 0 [0233.941] WSASend (in: s=0x410, lpBuffers=0x1c46eb90*=((len=0x24, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c46eb88, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c46eb88*=0x24, lpOverlapped=0x27ce1c8) returned 0 [0233.942] GetWindowThreadProcessId (in: hWnd=0x5013e, lpdwProcessId=0x1c46ec90 | out: lpdwProcessId=0x1c46ec90) returned 0x860 [0233.942] GetCurrentThreadId () returned 0xa7c [0233.942] GetWindowThreadProcessId (in: hWnd=0x5013e, lpdwProcessId=0x1c46eb90 | out: lpdwProcessId=0x1c46eb90) returned 0x860 [0233.942] GetCurrentThreadId () returned 0xa7c [0233.942] PostMessageW (hWnd=0x5013e, Msg=0xc153, wParam=0x0, lParam=0x0) returned 1 [0233.944] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f23c*=0x24, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0 [0233.952] WSASend (in: s=0x410, lpBuffers=0x1c46ebc0*=((len=0x24, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c46ebb8, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c46ebb8*=0x24, lpOverlapped=0x27ce1c8) returned 0 [0233.952] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f23c*=0x0, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0 [0235.256] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f23c*=0x0, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0 [0240.273] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f23c*=0x0, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0 [0241.608] GetSystemTimes (in: lpIdleTime=0x1c46eda0, lpKernelTime=0x1c46ed98, lpUserTime=0x1c46ed90 | out: lpIdleTime=0x1c46eda0, lpKernelTime=0x1c46ed98, lpUserTime=0x1c46ed90) returned 1 [0241.608] VarDecMul (in: pdecLeft=0x1c46ef40, pdecRight=0x1c46ef30, pdecResult=0x1c46efe0 | out: pdecResult=0x1c46efe0) returned 0x0 [0241.608] VarDecCmp (pdecLeft=0x1c46ee20, pdecRight=0x1c46ee10) returned 0x2 [0241.608] VarR4FromDec (in: pdecIn=0x1c46eeb0, pfltOut=0x1c46ee40 | out: pfltOut=0x1c46ee40) returned 0x0 [0241.608] GetSystemTimes (in: lpIdleTime=0x1c46ef40, lpKernelTime=0x1c46ef38, lpUserTime=0x1c46ef30 | out: lpIdleTime=0x1c46ef40, lpKernelTime=0x1c46ef38, lpUserTime=0x1c46ef30) returned 1 [0241.608] GlobalMemoryStatusEx (in: lpBuffer=0x1c46eef0 | out: lpBuffer=0x1c46eef0) returned 1 [0241.609] WSASend (in: s=0x410, lpBuffers=0x1c46ed40*=((len=0x34, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c46ed38, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c46ed38*=0x34, lpOverlapped=0x27ce1c8) returned 0 [0241.610] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f23c*=0x0, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0 [0245.281] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f23c*=0x0, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0 [0249.766] GetSystemTimes (in: lpIdleTime=0x1c46eda0, lpKernelTime=0x1c46ed98, lpUserTime=0x1c46ed90 | out: lpIdleTime=0x1c46eda0, lpKernelTime=0x1c46ed98, lpUserTime=0x1c46ed90) returned 1 [0249.766] VarDecMul (in: pdecLeft=0x1c46ef40, pdecRight=0x1c46ef30, pdecResult=0x1c46efe0 | out: pdecResult=0x1c46efe0) returned 0x0 [0249.766] VarDecCmp (pdecLeft=0x1c46ee20, pdecRight=0x1c46ee10) returned 0x2 [0249.766] VarR4FromDec (in: pdecIn=0x1c46eeb0, pfltOut=0x1c46ee40 | out: pfltOut=0x1c46ee40) returned 0x0 [0249.766] GetSystemTimes (in: lpIdleTime=0x1c46ef40, lpKernelTime=0x1c46ef38, lpUserTime=0x1c46ef30 | out: lpIdleTime=0x1c46ef40, lpKernelTime=0x1c46ef38, lpUserTime=0x1c46ef30) returned 1 [0249.767] GlobalMemoryStatusEx (in: lpBuffer=0x1c46eef0 | out: lpBuffer=0x1c46eef0) returned 1 [0249.768] WSASend (in: s=0x410, lpBuffers=0x1c46ed40*=((len=0x34, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c46ed38, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c46ed38*=0x34, lpOverlapped=0x27ce1c8) returned 0 [0249.769] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f23c*=0x0, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0 [0250.365] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f23c*=0x0, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0 [0255.532] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f23c*=0x0, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0 [0257.919] GetSystemTimes (in: lpIdleTime=0x1c46eda0, lpKernelTime=0x1c46ed98, lpUserTime=0x1c46ed90 | out: lpIdleTime=0x1c46eda0, lpKernelTime=0x1c46ed98, lpUserTime=0x1c46ed90) returned 1 [0257.919] VarDecMul (in: pdecLeft=0x1c46ef40, pdecRight=0x1c46ef30, pdecResult=0x1c46efe0 | out: pdecResult=0x1c46efe0) returned 0x0 [0257.919] VarDecCmp (pdecLeft=0x1c46ee20, pdecRight=0x1c46ee10) returned 0x2 [0257.919] VarR4FromDec (in: pdecIn=0x1c46eeb0, pfltOut=0x1c46ee40 | out: pfltOut=0x1c46ee40) returned 0x0 [0257.920] GetSystemTimes (in: lpIdleTime=0x1c46ef40, lpKernelTime=0x1c46ef38, lpUserTime=0x1c46ef30 | out: lpIdleTime=0x1c46ef40, lpKernelTime=0x1c46ef38, lpUserTime=0x1c46ef30) returned 1 [0257.920] GlobalMemoryStatusEx (in: lpBuffer=0x1c46eef0 | out: lpBuffer=0x1c46eef0) returned 1 [0257.921] WSASend (in: s=0x410, lpBuffers=0x1c46ed40*=((len=0x44, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c46ed38, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c46ed38*=0x44, lpOverlapped=0x27ce1c8) returned 0 [0257.921] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f23c*=0x0, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0 [0260.339] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f23c*=0x0, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0 [0265.370] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f23c*=0x0, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0 [0266.076] GetSystemTimes (in: lpIdleTime=0x1c46eda0, lpKernelTime=0x1c46ed98, lpUserTime=0x1c46ed90 | out: lpIdleTime=0x1c46eda0, lpKernelTime=0x1c46ed98, lpUserTime=0x1c46ed90) returned 1 [0266.076] VarDecMul (in: pdecLeft=0x1c46ef40, pdecRight=0x1c46ef30, pdecResult=0x1c46efe0 | out: pdecResult=0x1c46efe0) returned 0x0 [0266.076] VarDecCmp (pdecLeft=0x1c46ee20, pdecRight=0x1c46ee10) returned 0x2 [0266.076] VarR4FromDec (in: pdecIn=0x1c46eeb0, pfltOut=0x1c46ee40 | out: pfltOut=0x1c46ee40) returned 0x0 [0266.076] GetSystemTimes (in: lpIdleTime=0x1c46ef40, lpKernelTime=0x1c46ef38, lpUserTime=0x1c46ef30 | out: lpIdleTime=0x1c46ef40, lpKernelTime=0x1c46ef38, lpUserTime=0x1c46ef30) returned 1 [0266.076] GlobalMemoryStatusEx (in: lpBuffer=0x1c46eef0 | out: lpBuffer=0x1c46eef0) returned 1 [0266.077] WSASend (in: s=0x410, lpBuffers=0x1c46ed40*=((len=0x34, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c46ed38, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c46ed38*=0x34, lpOverlapped=0x27ce1c8) returned 0 [0266.077] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f23c*=0x0, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0 [0270.388] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f23c*=0x0, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0 [0274.218] GetSystemTimes (in: lpIdleTime=0x1c46eda0, lpKernelTime=0x1c46ed98, lpUserTime=0x1c46ed90 | out: lpIdleTime=0x1c46eda0, lpKernelTime=0x1c46ed98, lpUserTime=0x1c46ed90) returned 1 [0274.218] VarDecMul (in: pdecLeft=0x1c46ef40, pdecRight=0x1c46ef30, pdecResult=0x1c46efe0 | out: pdecResult=0x1c46efe0) returned 0x0 [0274.218] VarDecCmp (pdecLeft=0x1c46ee20, pdecRight=0x1c46ee10) returned 0x2 [0274.218] VarR4FromDec (in: pdecIn=0x1c46eeb0, pfltOut=0x1c46ee40 | out: pfltOut=0x1c46ee40) returned 0x0 [0274.218] GetSystemTimes (in: lpIdleTime=0x1c46ef40, lpKernelTime=0x1c46ef38, lpUserTime=0x1c46ef30 | out: lpIdleTime=0x1c46ef40, lpKernelTime=0x1c46ef38, lpUserTime=0x1c46ef30) returned 1 [0274.218] GlobalMemoryStatusEx (in: lpBuffer=0x1c46eef0 | out: lpBuffer=0x1c46eef0) returned 1 [0274.219] WSASend (in: s=0x410, lpBuffers=0x1c46ed40*=((len=0x34, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c46ed38, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c46ed38*=0x34, lpOverlapped=0x27ce1c8) returned 0 [0274.220] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f23c*=0x0, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0 [0275.415] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f23c*=0x0, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0 [0280.437] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f23c*=0x0, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0 [0282.345] GetSystemTimes (in: lpIdleTime=0x1c46eda0, lpKernelTime=0x1c46ed98, lpUserTime=0x1c46ed90 | out: lpIdleTime=0x1c46eda0, lpKernelTime=0x1c46ed98, lpUserTime=0x1c46ed90) returned 1 [0282.345] VarDecMul (in: pdecLeft=0x1c46ef40, pdecRight=0x1c46ef30, pdecResult=0x1c46efe0 | out: pdecResult=0x1c46efe0) returned 0x0 [0282.345] VarDecCmp (pdecLeft=0x1c46ee20, pdecRight=0x1c46ee10) returned 0x2 [0282.345] VarR4FromDec (in: pdecIn=0x1c46eeb0, pfltOut=0x1c46ee40 | out: pfltOut=0x1c46ee40) returned 0x0 [0282.345] GetSystemTimes (in: lpIdleTime=0x1c46ef40, lpKernelTime=0x1c46ef38, lpUserTime=0x1c46ef30 | out: lpIdleTime=0x1c46ef40, lpKernelTime=0x1c46ef38, lpUserTime=0x1c46ef30) returned 1 [0282.345] GlobalMemoryStatusEx (in: lpBuffer=0x1c46eef0 | out: lpBuffer=0x1c46eef0) returned 1 [0282.346] WSASend (in: s=0x410, lpBuffers=0x1c46ed40*=((len=0x44, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c46ed38, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c46ed38*=0x44, lpOverlapped=0x27ce1c8) returned 0 [0282.347] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f23c*=0x0, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0 [0285.490] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f23c*=0x0, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0 [0290.468] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f23c*=0x0, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0 [0290.803] GetSystemTimes (in: lpIdleTime=0x1c46eda0, lpKernelTime=0x1c46ed98, lpUserTime=0x1c46ed90 | out: lpIdleTime=0x1c46eda0, lpKernelTime=0x1c46ed98, lpUserTime=0x1c46ed90) returned 1 [0290.803] VarDecMul (in: pdecLeft=0x1c46ef40, pdecRight=0x1c46ef30, pdecResult=0x1c46efe0 | out: pdecResult=0x1c46efe0) returned 0x0 [0290.803] VarDecCmp (pdecLeft=0x1c46ee20, pdecRight=0x1c46ee10) returned 0x2 [0290.803] VarR4FromDec (in: pdecIn=0x1c46eeb0, pfltOut=0x1c46ee40 | out: pfltOut=0x1c46ee40) returned 0x0 [0290.804] GetSystemTimes (in: lpIdleTime=0x1c46ef40, lpKernelTime=0x1c46ef38, lpUserTime=0x1c46ef30 | out: lpIdleTime=0x1c46ef40, lpKernelTime=0x1c46ef38, lpUserTime=0x1c46ef30) returned 1 [0290.804] GlobalMemoryStatusEx (in: lpBuffer=0x1c46eef0 | out: lpBuffer=0x1c46eef0) returned 1 [0290.805] WSASend (in: s=0x410, lpBuffers=0x1c46ed40*=((len=0x34, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c46ed38, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c46ed38*=0x34, lpOverlapped=0x27ce1c8) returned 0 [0290.806] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f23c*=0x0, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0 [0295.497] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f23c*=0x0, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0 [0298.670] GetSystemTimes (in: lpIdleTime=0x1c46eda0, lpKernelTime=0x1c46ed98, lpUserTime=0x1c46ed90 | out: lpIdleTime=0x1c46eda0, lpKernelTime=0x1c46ed98, lpUserTime=0x1c46ed90) returned 1 [0298.670] VarDecMul (in: pdecLeft=0x1c46ef40, pdecRight=0x1c46ef30, pdecResult=0x1c46efe0 | out: pdecResult=0x1c46efe0) returned 0x0 [0298.670] VarDecCmp (pdecLeft=0x1c46ee20, pdecRight=0x1c46ee10) returned 0x2 [0298.670] VarR4FromDec (in: pdecIn=0x1c46eeb0, pfltOut=0x1c46ee40 | out: pfltOut=0x1c46ee40) returned 0x0 [0298.670] GetSystemTimes (in: lpIdleTime=0x1c46ef40, lpKernelTime=0x1c46ef38, lpUserTime=0x1c46ef30 | out: lpIdleTime=0x1c46ef40, lpKernelTime=0x1c46ef38, lpUserTime=0x1c46ef30) returned 1 [0298.670] GlobalMemoryStatusEx (in: lpBuffer=0x1c46eef0 | out: lpBuffer=0x1c46eef0) returned 1 [0298.671] WSASend (in: s=0x410, lpBuffers=0x1c46ed40*=((len=0x34, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c46ed38, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c46ed38*=0x34, lpOverlapped=0x27ce1c8) returned 0 [0298.672] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f23c*=0x0, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0 [0300.496] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f23c*=0x0, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0 [0305.644] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00*)), lpNumberOfBytesRecvd=0x1c46f23c*=0x0, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0 [0306.839] GetSystemTimes (in: lpIdleTime=0x1c46eda0, lpKernelTime=0x1c46ed98, lpUserTime=0x1c46ed90 | out: lpIdleTime=0x1c46eda0, lpKernelTime=0x1c46ed98, lpUserTime=0x1c46ed90) returned 1 [0306.839] VarDecMul (in: pdecLeft=0x1c46ef40, pdecRight=0x1c46ef30, pdecResult=0x1c46efe0 | out: pdecResult=0x1c46efe0) returned 0x0 [0306.839] VarDecCmp (pdecLeft=0x1c46ee20, pdecRight=0x1c46ee10) returned 0x2 [0306.839] VarR4FromDec (in: pdecIn=0x1c46eeb0, pfltOut=0x1c46ee40 | out: pfltOut=0x1c46ee40) returned 0x0 [0306.839] GetSystemTimes (in: lpIdleTime=0x1c46ef40, lpKernelTime=0x1c46ef38, lpUserTime=0x1c46ef30 | out: lpIdleTime=0x1c46ef40, lpKernelTime=0x1c46ef38, lpUserTime=0x1c46ef30) returned 1 [0306.840] GlobalMemoryStatusEx (in: lpBuffer=0x1c46eef0 | out: lpBuffer=0x1c46eef0) returned 1 [0306.841] WSASend (in: s=0x410, lpBuffers=0x1c46ed40*=((len=0x34, buf=0x126f09ff*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x1c46ed38, dwFlags=0x0, lpOverlapped=0x27ce1c8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x1c46ed38*=0x34, lpOverlapped=0x27ce1c8) returned 0 [0306.842] WSARecv (in: s=0x410, lpBuffers=0x1c46f240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x1c46f23c, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150, lpCompletionRoutine=0x0 | out: lpBuffers=0x1c46f240*=((len=0xffff, buf=0x126e0a00)), lpNumberOfBytesRecvd=0x1c46f23c*=0x0, lpFlags=0x1c46f238*=0x0, lpOverlapped=0x27ce150) returned 0xffffffff Thread: id = 21 os_tid = 0xa84 Thread: id = 22 os_tid = 0xaa8 Thread: id = 23 os_tid = 0x94c Thread: id = 78 os_tid = 0xae8 [0238.393] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0238.399] GetForegroundWindow () returned 0x10080 [0238.399] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0238.399] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0238.400] CoTaskMemFree (pv=0x1c07b960) [0238.400] GetForegroundWindow () returned 0x10080 [0238.400] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0238.400] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0238.400] CoTaskMemFree (pv=0x1c07b960) [0238.401] GetForegroundWindow () returned 0x10080 [0238.401] CoTaskMemAlloc (cb=0x204) returned 0x1c07c7d0 [0238.401] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c7d0, nMaxCount=256 | out: lpString="") returned 0 [0238.401] CoTaskMemFree (pv=0x1c07c7d0) [0238.401] GetForegroundWindow () returned 0x10080 [0238.401] CoTaskMemAlloc (cb=0x204) returned 0x1c07b540 [0238.401] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b540, nMaxCount=256 | out: lpString="") returned 0 [0238.401] CoTaskMemFree (pv=0x1c07b540) [0238.402] GetForegroundWindow () returned 0x100d4 [0238.402] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c94f3c0 | out: lpdwProcessId=0x1c94f3c0) returned 0x650 [0238.402] EnumProcesses (in: lpidProcess=0x283bcf8, cb=0x400, lpcbNeeded=0x1c94f2e0 | out: lpidProcess=0x283bcf8, lpcbNeeded=0x1c94f2e0) returned 1 [0238.405] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1c94f280 | out: SystemInformation=0x12a1d980, ResultLength=0x1c94f280*=0xf9b8) returned 0x0 [0238.415] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0238.416] CoTaskMemAlloc (cb=0x204) returned 0x1c07c7d0 [0238.416] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07c7d0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0238.416] CoTaskMemFree (pv=0x1c07c7d0) [0238.417] CoGetObjectContext (in: riid=0x1c94e8a8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c94e8a0 | out: ppv=0x1c94e8a0*=0x5e6f98) returned 0x0 [0238.418] IComThreadingInfo:GetCurrentApartmentType (in: This=0x5e6f98, pAptType=0x1c94e8c0 | out: pAptType=0x1c94e8c0*=1) returned 0x0 [0238.418] IUnknown:QueryInterface (in: This=0x5e6f98, riid=0x28353a0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c94e9c8 | out: ppvObject=0x1c94e9c8*=0x0) returned 0x80004002 [0238.418] IUnknown:Release (This=0x5e6f98) returned 0x1 [0238.427] CoGetClassObject (in: rclsid=0x1ae8d278*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7ffb7330d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c94df20 | out: ppv=0x1c94df20*=0x1ae738b0) returned 0x0 [0238.427] WbemDefPath:IUnknown:QueryInterface (in: This=0x1ae738b0, riid=0x7ffb7330d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c94dc30 | out: ppvObject=0x1c94dc30*=0x0) returned 0x80004002 [0238.428] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1ae738b0, pUnkOuter=0x0, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94dc18 | out: ppvObject=0x1c94dc18*=0x1ae729f0) returned 0x0 [0238.428] WbemDefPath:IUnknown:QueryInterface (in: This=0x1ae729f0, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94db20 | out: ppvObject=0x1c94db20*=0x1ae729f0) returned 0x0 [0238.428] WbemDefPath:IUnknown:QueryInterface (in: This=0x1ae729f0, riid=0x7ffb7330d840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c94dba0 | out: ppvObject=0x1c94dba0*=0x0) returned 0x80004002 [0238.429] WbemDefPath:IUnknown:AddRef (This=0x1ae729f0) returned 0x3 [0238.429] CoGetContextToken (in: pToken=0x1c94d7f0 | out: pToken=0x1c94d7f0) returned 0x0 [0238.429] WbemDefPath:IUnknown:QueryInterface (in: This=0x1ae729f0, riid=0x7ffb7330d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94d7b0 | out: ppvObject=0x1c94d7b0*=0x1ae73d50) returned 0x0 [0238.429] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1ae73d50, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c94d7e0 | out: pCid=0x1c94d7e0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0238.429] WbemDefPath:IUnknown:Release (This=0x1ae73d50) returned 0x3 [0238.430] CoGetContextToken (in: pToken=0x1c94d7c0 | out: pToken=0x1c94d7c0) returned 0x0 [0238.430] WbemDefPath:IUnknown:AddRef (This=0x1ae729f0) returned 0x4 [0238.430] WbemDefPath:IUnknown:QueryInterface (in: This=0x1ae729f0, riid=0x7ffb7330d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94d8d8 | out: ppvObject=0x1c94d8d8*=0x0) returned 0x80004002 [0238.430] WbemDefPath:IUnknown:Release (This=0x1ae729f0) returned 0x3 [0238.430] WbemDefPath:IUnknown:Release (This=0x1ae729f0) returned 0x2 [0238.431] WbemDefPath:IUnknown:Release (This=0x1ae738b0) returned 0x0 [0238.431] WbemDefPath:IUnknown:Release (This=0x1ae729f0) returned 0x1 [0238.431] CoGetContextToken (in: pToken=0x1c94e4f0 | out: pToken=0x1c94e4f0) returned 0x0 [0238.431] CoGetContextToken (in: pToken=0x1c94e430 | out: pToken=0x1c94e430) returned 0x0 [0238.431] WbemDefPath:IUnknown:AddRef (This=0x1ae729f0) returned 0x2 [0238.431] WbemDefPath:IUnknown:QueryInterface (in: This=0x1ae729f0, riid=0x1c94e570*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c94e550 | out: ppvObject=0x1c94e550*=0x1ae729f0) returned 0x0 [0238.431] WbemDefPath:IUnknown:Release (This=0x1ae729f0) returned 0x2 [0238.432] WbemDefPath:IUnknown:Release (This=0x1ae729f0) returned 0x1 [0238.432] CoGetContextToken (in: pToken=0x1c94e670 | out: pToken=0x1c94e670) returned 0x0 [0238.432] CoGetContextToken (in: pToken=0x1c94e5b0 | out: pToken=0x1c94e5b0) returned 0x0 [0238.432] WbemDefPath:IUnknown:AddRef (This=0x1ae729f0) returned 0x2 [0238.432] WbemDefPath:IUnknown:QueryInterface (in: This=0x1ae729f0, riid=0x1c94e6f0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c94e6d0 | out: ppvObject=0x1c94e6d0*=0x1ae729f0) returned 0x0 [0238.432] WbemDefPath:IUnknown:Release (This=0x1ae729f0) returned 0x2 [0238.432] WbemDefPath:IUnknown:AddRef (This=0x1ae729f0) returned 0x3 [0238.433] WbemDefPath:IWbemPath:SetText (This=0x1ae729f0, uMode=0x4, pszPath="ROOT\\SecurityCenter2") returned 0x0 [0238.433] WbemDefPath:IUnknown:Release (This=0x1ae729f0) returned 0x2 [0238.503] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1ae729f0, puCount=0x1c94e970 | out: puCount=0x1c94e970*=0x2) returned 0x0 [0238.503] WbemDefPath:IWbemPath:GetText (in: This=0x1ae729f0, lFlags=4, puBuffLength=0x1c94e970*=0x0, pszText=0x0 | out: puBuffLength=0x1c94e970*=0x19, pszText=0x0) returned 0x0 [0238.503] WbemDefPath:IWbemPath:GetText (in: This=0x1ae729f0, lFlags=4, puBuffLength=0x1c94e970*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x1c94e970*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0238.504] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1ae729f0, puCount=0x1c94e970 | out: puCount=0x1c94e970*=0x2) returned 0x0 [0238.504] WbemDefPath:IWbemPath:GetText (in: This=0x1ae729f0, lFlags=4, puBuffLength=0x1c94e970*=0x0, pszText=0x0 | out: puBuffLength=0x1c94e970*=0x19, pszText=0x0) returned 0x0 [0238.504] WbemDefPath:IWbemPath:GetText (in: This=0x1ae729f0, lFlags=4, puBuffLength=0x1c94e970*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x1c94e970*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0238.509] CoGetObjectContext (in: riid=0x1c94e8b8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c94e8b0 | out: ppv=0x1c94e8b0*=0x5e6f98) returned 0x0 [0238.509] IComThreadingInfo:GetCurrentApartmentType (in: This=0x5e6f98, pAptType=0x1c94e8d0 | out: pAptType=0x1c94e8d0*=1) returned 0x0 [0238.509] IUnknown:QueryInterface (in: This=0x5e6f98, riid=0x28353a0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c94e9d8 | out: ppvObject=0x1c94e9d8*=0x0) returned 0x80004002 [0238.509] IUnknown:Release (This=0x5e6f98) returned 0x1 [0238.510] CoGetClassObject (in: rclsid=0x1af42af8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7ffb7330d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c94e550 | out: ppv=0x1c94e550*=0x1aeb7ef0) returned 0x0 [0238.510] WbemLocator:IUnknown:QueryInterface (in: This=0x1aeb7ef0, riid=0x7ffb7330d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c94e260 | out: ppvObject=0x1c94e260*=0x0) returned 0x80004002 [0238.510] WbemLocator:IClassFactory:CreateInstance (in: This=0x1aeb7ef0, pUnkOuter=0x0, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94e248 | out: ppvObject=0x1c94e248*=0x1aeb7fb0) returned 0x0 [0238.510] WbemLocator:IUnknown:QueryInterface (in: This=0x1aeb7fb0, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94e150 | out: ppvObject=0x1c94e150*=0x1aeb7fb0) returned 0x0 [0238.511] WbemLocator:IUnknown:QueryInterface (in: This=0x1aeb7fb0, riid=0x7ffb7330d840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c94e1d0 | out: ppvObject=0x1c94e1d0*=0x0) returned 0x80004002 [0238.511] WbemLocator:IUnknown:AddRef (This=0x1aeb7fb0) returned 0x3 [0238.511] CoGetContextToken (in: pToken=0x1c94de20 | out: pToken=0x1c94de20) returned 0x0 [0238.512] WbemLocator:IUnknown:QueryInterface (in: This=0x1aeb7fb0, riid=0x7ffb7330d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94dde0 | out: ppvObject=0x1c94dde0*=0x0) returned 0x80004002 [0238.512] CoGetContextToken (in: pToken=0x1c94ddf0 | out: pToken=0x1c94ddf0) returned 0x0 [0238.512] WbemLocator:IUnknown:AddRef (This=0x1aeb7fb0) returned 0x4 [0238.512] WbemLocator:IUnknown:QueryInterface (in: This=0x1aeb7fb0, riid=0x7ffb7330d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94df08 | out: ppvObject=0x1c94df08*=0x0) returned 0x80004002 [0238.512] WbemLocator:IUnknown:Release (This=0x1aeb7fb0) returned 0x3 [0238.512] WbemLocator:IUnknown:Release (This=0x1aeb7fb0) returned 0x2 [0238.512] WbemLocator:IUnknown:Release (This=0x1aeb7ef0) returned 0x0 [0238.513] WbemLocator:IUnknown:Release (This=0x1aeb7fb0) returned 0x1 [0238.513] CoGetContextToken (in: pToken=0x1c94e410 | out: pToken=0x1c94e410) returned 0x0 [0238.513] CoGetContextToken (in: pToken=0x1c94e350 | out: pToken=0x1c94e350) returned 0x0 [0238.513] WbemLocator:IUnknown:AddRef (This=0x1aeb7fb0) returned 0x2 [0238.513] WbemLocator:IUnknown:QueryInterface (in: This=0x1aeb7fb0, riid=0x1c94e490*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c94e470 | out: ppvObject=0x1c94e470*=0x1aeb7fb0) returned 0x0 [0238.513] WbemLocator:IUnknown:Release (This=0x1aeb7fb0) returned 0x2 [0238.513] WbemLocator:IUnknown:Release (This=0x1aeb7fb0) returned 0x1 [0238.516] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1ae729f0, puCount=0x1c94e870 | out: puCount=0x1c94e870*=0x2) returned 0x0 [0238.516] WbemDefPath:IWbemPath:GetText (in: This=0x1ae729f0, lFlags=8, puBuffLength=0x1c94e870*=0x0, pszText=0x0 | out: puBuffLength=0x1c94e870*=0x19, pszText=0x0) returned 0x0 [0238.516] WbemDefPath:IWbemPath:GetText (in: This=0x1ae729f0, lFlags=8, puBuffLength=0x1c94e870*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x1c94e870*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0238.518] CoCreateInstance (in: rclsid=0x7ffb853a15a8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ffb853a14d8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x1c94e4e0 | out: ppv=0x1c94e4e0*=0x1aeb7ef0) returned 0x0 [0238.518] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1aeb7ef0, strNetworkResource="\\\\.\\ROOT\\SecurityCenter2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x1c94e770 | out: ppNamespace=0x1c94e770*=0x1c0854e0) returned 0x0 [0238.695] WbemLocator:IUnknown:QueryInterface (in: This=0x1c0854e0, riid=0x7ffb853a1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94e358 | out: ppvObject=0x1c94e358*=0x1ae92ad0) returned 0x0 [0238.695] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x1ae92ad0, pProxy=0x1c0854e0, pAuthnSvc=0x1c94e350, pAuthzSvc=0x1c94e34c, pServerPrincName=0x1c94e378, pAuthnLevel=0x1c94e348, pImpLevel=0x1c94e364, pAuthInfo=0x1c94e388, pCapabilites=0x1c94e360 | out: pAuthnSvc=0x1c94e350*=0xa, pAuthzSvc=0x1c94e34c*=0x0, pServerPrincName=0x1c94e378, pAuthnLevel=0x1c94e348*=0x6, pImpLevel=0x1c94e364*=0x2, pAuthInfo=0x1c94e388, pCapabilites=0x1c94e360*=0x1) returned 0x0 [0238.695] WbemLocator:IUnknown:Release (This=0x1ae92ad0) returned 0x1 [0238.695] WbemLocator:IUnknown:QueryInterface (in: This=0x1c0854e0, riid=0x7ffb853a1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94e2f8 | out: ppvObject=0x1c94e2f8*=0x1ae92b18) returned 0x0 [0238.695] WbemLocator:IUnknown:QueryInterface (in: This=0x1c0854e0, riid=0x7ffb853a1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94e288 | out: ppvObject=0x1c94e288*=0x1ae92ad0) returned 0x0 [0238.696] WbemLocator:IClientSecurity:SetBlanket (This=0x1ae92ad0, pProxy=0x1c0854e0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0238.696] WbemLocator:IUnknown:Release (This=0x1ae92ad0) returned 0x2 [0238.696] WbemLocator:IUnknown:Release (This=0x1ae92b18) returned 0x1 [0238.696] CoTaskMemFree (pv=0x1af514b0) [0238.696] WbemLocator:IUnknown:Release (This=0x1aeb7ef0) returned 0x0 [0238.696] WbemLocator:IUnknown:QueryInterface (in: This=0x1c0854e0, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94df70 | out: ppvObject=0x1c94df70*=0x1ae92b18) returned 0x0 [0238.696] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae92b18, riid=0x7ffb7330d840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c94dff0 | out: ppvObject=0x1c94dff0*=0x0) returned 0x80004002 [0238.715] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae92b18, riid=0x7ffb7330d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c94dd88 | out: ppvObject=0x1c94dd88*=0x0) returned 0x80004002 [0238.719] WbemLocator:IUnknown:AddRef (This=0x1ae92b18) returned 0x3 [0238.719] CoGetContextToken (in: pToken=0x1c94dc40 | out: pToken=0x1c94dc40) returned 0x0 [0238.719] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae92b18, riid=0x7ffb7330d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94dc00 | out: ppvObject=0x1c94dc00*=0x1ae929f8) returned 0x0 [0238.719] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1ae929f8, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c94dc30 | out: pCid=0x1c94dc30*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0238.719] WbemLocator:IUnknown:Release (This=0x1ae929f8) returned 0x3 [0238.720] CoGetContextToken (in: pToken=0x1c94dc10 | out: pToken=0x1c94dc10) returned 0x0 [0238.720] WbemLocator:IUnknown:AddRef (This=0x1ae92b18) returned 0x4 [0238.720] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae92b18, riid=0x7ffb7330d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94dd28 | out: ppvObject=0x1c94dd28*=0x1ae92ae0) returned 0x0 [0238.720] WbemLocator:IUnknown:Release (This=0x1ae92b18) returned 0x4 [0238.720] WbemLocator:IRpcOptions:Query (in: This=0x1ae92ae0, pPrx=0x1ae92b18, dwProperty=2, pdwValue=0x1c94dd98 | out: pdwValue=0x1c94dd98) returned 0x80004002 [0238.720] WbemLocator:IUnknown:Release (This=0x1ae92ae0) returned 0x3 [0238.720] WbemLocator:IUnknown:Release (This=0x1ae92b18) returned 0x2 [0238.720] CoGetContextToken (in: pToken=0x1c94e110 | out: pToken=0x1c94e110) returned 0x0 [0238.720] CoGetContextToken (in: pToken=0x1c94e050 | out: pToken=0x1c94e050) returned 0x0 [0238.720] WbemLocator:IUnknown:AddRef (This=0x1ae92b18) returned 0x3 [0238.720] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae92b18, riid=0x1c94e190*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c94e170 | out: ppvObject=0x1c94e170*=0x1c0854e0) returned 0x0 [0238.721] WbemLocator:IUnknown:Release (This=0x1ae92b18) returned 0x3 [0238.721] WbemLocator:IUnknown:Release (This=0x1c0854e0) returned 0x2 [0238.721] WbemLocator:IUnknown:Release (This=0x1c0854e0) returned 0x1 [0238.721] SysStringLen (param_1=0x0) returned 0x0 [0238.722] CoGetContextToken (in: pToken=0x1c94e790 | out: pToken=0x1c94e790) returned 0x0 [0238.722] WbemLocator:IUnknown:AddRef (This=0x1ae92b18) returned 0x2 [0238.722] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae92b18, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94e360 | out: ppvObject=0x1c94e360*=0x1ae92b18) returned 0x0 [0238.723] WbemLocator:IUnknown:Release (This=0x1ae92b18) returned 0x2 [0238.723] WbemLocator:IUnknown:Release (This=0x1ae92b18) returned 0x1 [0238.723] CoGetContextToken (in: pToken=0x1c94e3b0 | out: pToken=0x1c94e3b0) returned 0x0 [0238.723] CoGetContextToken (in: pToken=0x1c94e2f0 | out: pToken=0x1c94e2f0) returned 0x0 [0238.723] WbemLocator:IUnknown:AddRef (This=0x1ae92b18) returned 0x2 [0238.723] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae92b18, riid=0x1c94e430*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c94e410 | out: ppvObject=0x1c94e410*=0x1c0854e0) returned 0x0 [0238.723] WbemLocator:IUnknown:Release (This=0x1ae92b18) returned 0x2 [0238.724] WbemLocator:IUnknown:AddRef (This=0x1c0854e0) returned 0x3 [0238.724] IWbemServices:ExecQuery (in: This=0x1c0854e0, strQueryLanguage="WQL", strQuery="SELECT DisplayName FROM AntiSpywareProduct", lFlags=16, pCtx=0x0, ppEnum=0x1c94e8a8 | out: ppEnum=0x1c94e8a8*=0x5f9210) returned 0x0 [0238.732] IUnknown:QueryInterface (in: This=0x5f9210, riid=0x7ffb853a1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94e4b8 | out: ppvObject=0x1c94e4b8*=0x5f9218) returned 0x0 [0238.732] IClientSecurity:QueryBlanket (in: This=0x5f9218, pProxy=0x5f9210, pAuthnSvc=0x1c94e4b0, pAuthzSvc=0x1c94e4ac, pServerPrincName=0x1c94e4d8, pAuthnLevel=0x1c94e4a8, pImpLevel=0x1c94e4c4, pAuthInfo=0x1c94e4e8, pCapabilites=0x1c94e4c0 | out: pAuthnSvc=0x1c94e4b0*=0xa, pAuthzSvc=0x1c94e4ac*=0x0, pServerPrincName=0x1c94e4d8, pAuthnLevel=0x1c94e4a8*=0x6, pImpLevel=0x1c94e4c4*=0x2, pAuthInfo=0x1c94e4e8, pCapabilites=0x1c94e4c0*=0x1) returned 0x0 [0238.733] IUnknown:Release (This=0x5f9218) returned 0x1 [0238.733] IUnknown:QueryInterface (in: This=0x5f9210, riid=0x7ffb853a1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94e458 | out: ppvObject=0x1c94e458*=0x1ae92978) returned 0x0 [0238.733] IUnknown:QueryInterface (in: This=0x5f9210, riid=0x7ffb853a1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94e3e8 | out: ppvObject=0x1c94e3e8*=0x5f9218) returned 0x0 [0238.733] IClientSecurity:SetBlanket (This=0x5f9218, pProxy=0x5f9210, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0238.794] IUnknown:Release (This=0x5f9218) returned 0x2 [0238.794] WbemLocator:IUnknown:Release (This=0x1ae92978) returned 0x1 [0238.794] CoTaskMemFree (pv=0x1af514b0) [0238.795] IUnknown:QueryInterface (in: This=0x5f9210, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94e090 | out: ppvObject=0x1c94e090*=0x1ae92978) returned 0x0 [0238.795] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae92978, riid=0x7ffb7330d840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c94e110 | out: ppvObject=0x1c94e110*=0x0) returned 0x80004002 [0238.796] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae92978, riid=0x7ffb7330d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c94dea8 | out: ppvObject=0x1c94dea8*=0x0) returned 0x80004002 [0238.797] WbemLocator:IUnknown:AddRef (This=0x1ae92978) returned 0x3 [0238.797] CoGetContextToken (in: pToken=0x1c94dd60 | out: pToken=0x1c94dd60) returned 0x0 [0238.797] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae92978, riid=0x7ffb7330d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94dd20 | out: ppvObject=0x1c94dd20*=0x1ae92858) returned 0x0 [0238.797] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1ae92858, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c94dd50 | out: pCid=0x1c94dd50*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0238.797] WbemLocator:IUnknown:Release (This=0x1ae92858) returned 0x3 [0238.798] CoGetContextToken (in: pToken=0x1c94dd30 | out: pToken=0x1c94dd30) returned 0x0 [0238.798] WbemLocator:IUnknown:AddRef (This=0x1ae92978) returned 0x4 [0238.798] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae92978, riid=0x7ffb7330d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94de48 | out: ppvObject=0x1c94de48*=0x1ae92940) returned 0x0 [0238.798] WbemLocator:IUnknown:Release (This=0x1ae92978) returned 0x4 [0238.798] WbemLocator:IRpcOptions:Query (in: This=0x1ae92940, pPrx=0x1ae92978, dwProperty=2, pdwValue=0x1c94deb8 | out: pdwValue=0x1c94deb8) returned 0x80004002 [0238.798] WbemLocator:IUnknown:Release (This=0x1ae92940) returned 0x3 [0238.798] WbemLocator:IUnknown:Release (This=0x1ae92978) returned 0x2 [0238.799] CoGetContextToken (in: pToken=0x1c94e230 | out: pToken=0x1c94e230) returned 0x0 [0238.799] CoGetContextToken (in: pToken=0x1c94e170 | out: pToken=0x1c94e170) returned 0x0 [0238.799] WbemLocator:IUnknown:AddRef (This=0x1ae92978) returned 0x3 [0238.799] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae92978, riid=0x1c94e2b0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c94e290 | out: ppvObject=0x1c94e290*=0x5f9210) returned 0x0 [0238.799] WbemLocator:IUnknown:Release (This=0x1ae92978) returned 0x3 [0238.799] IUnknown:Release (This=0x5f9210) returned 0x2 [0238.799] IUnknown:Release (This=0x5f9210) returned 0x1 [0238.799] WbemLocator:IUnknown:Release (This=0x1c0854e0) returned 0x2 [0238.800] SysStringLen (param_1=0x0) returned 0x0 [0238.837] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1ae729f0, puCount=0x1c94e8d0 | out: puCount=0x1c94e8d0*=0x2) returned 0x0 [0238.837] WbemDefPath:IWbemPath:GetText (in: This=0x1ae729f0, lFlags=4, puBuffLength=0x1c94e8d0*=0x0, pszText=0x0 | out: puBuffLength=0x1c94e8d0*=0x19, pszText=0x0) returned 0x0 [0238.837] WbemDefPath:IWbemPath:GetText (in: This=0x1ae729f0, lFlags=4, puBuffLength=0x1c94e8d0*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x1c94e8d0*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0238.837] CoGetContextToken (in: pToken=0x1c94e450 | out: pToken=0x1c94e450) returned 0x0 [0238.837] CoGetContextToken (in: pToken=0x1c94e390 | out: pToken=0x1c94e390) returned 0x0 [0238.838] WbemLocator:IUnknown:AddRef (This=0x1ae92978) returned 0x2 [0238.838] WbemLocator:IUnknown:QueryInterface (in: This=0x1ae92978, riid=0x1c94e4d0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c94e4b0 | out: ppvObject=0x1c94e4b0*=0x5f9210) returned 0x0 [0238.838] WbemLocator:IUnknown:Release (This=0x1ae92978) returned 0x2 [0238.838] IUnknown:AddRef (This=0x5f9210) returned 0x3 [0238.838] IEnumWbemClassObject:Clone (in: This=0x5f9210, ppEnum=0x1c94e910 | out: ppEnum=0x1c94e910*=0x1ae76580) returned 0x0 [0238.842] IUnknown:QueryInterface (in: This=0x1ae76580, riid=0x7ffb853a1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94e568 | out: ppvObject=0x1c94e568*=0x1ae76588) returned 0x0 [0238.842] IClientSecurity:QueryBlanket (in: This=0x1ae76588, pProxy=0x1ae76580, pAuthnSvc=0x1c94e560, pAuthzSvc=0x1c94e55c, pServerPrincName=0x1c94e588, pAuthnLevel=0x1c94e558, pImpLevel=0x1c94e574, pAuthInfo=0x1c94e598, pCapabilites=0x1c94e570 | out: pAuthnSvc=0x1c94e560*=0xa, pAuthzSvc=0x1c94e55c*=0x0, pServerPrincName=0x1c94e588, pAuthnLevel=0x1c94e558*=0x6, pImpLevel=0x1c94e574*=0x2, pAuthInfo=0x1c94e598, pCapabilites=0x1c94e570*=0x1) returned 0x0 [0238.842] IUnknown:Release (This=0x1ae76588) returned 0x1 [0238.842] IUnknown:QueryInterface (in: This=0x1ae76580, riid=0x7ffb853a1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94e508 | out: ppvObject=0x1c94e508*=0x1c089a68) returned 0x0 [0238.842] IUnknown:QueryInterface (in: This=0x1ae76580, riid=0x7ffb853a1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94e498 | out: ppvObject=0x1c94e498*=0x1ae76588) returned 0x0 [0238.842] IClientSecurity:SetBlanket (This=0x1ae76588, pProxy=0x1ae76580, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0238.844] IUnknown:Release (This=0x1ae76588) returned 0x2 [0238.844] WbemLocator:IUnknown:Release (This=0x1c089a68) returned 0x1 [0238.844] CoTaskMemFree (pv=0x1af51750) [0238.844] IUnknown:QueryInterface (in: This=0x1ae76580, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94e130 | out: ppvObject=0x1c94e130*=0x1c089a68) returned 0x0 [0238.845] WbemLocator:IUnknown:QueryInterface (in: This=0x1c089a68, riid=0x7ffb7330d840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c94e1b0 | out: ppvObject=0x1c94e1b0*=0x0) returned 0x80004002 [0238.845] WbemLocator:IUnknown:QueryInterface (in: This=0x1c089a68, riid=0x7ffb7330d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c94df48 | out: ppvObject=0x1c94df48*=0x0) returned 0x80004002 [0238.846] WbemLocator:IUnknown:AddRef (This=0x1c089a68) returned 0x3 [0238.846] CoGetContextToken (in: pToken=0x1c94de00 | out: pToken=0x1c94de00) returned 0x0 [0238.846] WbemLocator:IUnknown:QueryInterface (in: This=0x1c089a68, riid=0x7ffb7330d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94ddc0 | out: ppvObject=0x1c94ddc0*=0x1c089948) returned 0x0 [0238.847] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1c089948, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c94ddf0 | out: pCid=0x1c94ddf0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0238.847] WbemLocator:IUnknown:Release (This=0x1c089948) returned 0x3 [0238.847] CoGetContextToken (in: pToken=0x1c94ddd0 | out: pToken=0x1c94ddd0) returned 0x0 [0238.847] WbemLocator:IUnknown:AddRef (This=0x1c089a68) returned 0x4 [0238.847] WbemLocator:IUnknown:QueryInterface (in: This=0x1c089a68, riid=0x7ffb7330d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94dee8 | out: ppvObject=0x1c94dee8*=0x1c089a30) returned 0x0 [0238.847] WbemLocator:IUnknown:Release (This=0x1c089a68) returned 0x4 [0238.848] WbemLocator:IRpcOptions:Query (in: This=0x1c089a30, pPrx=0x1c089a68, dwProperty=2, pdwValue=0x1c94df58 | out: pdwValue=0x1c94df58) returned 0x80004002 [0238.848] WbemLocator:IUnknown:Release (This=0x1c089a30) returned 0x3 [0238.848] WbemLocator:IUnknown:Release (This=0x1c089a68) returned 0x2 [0238.848] CoGetContextToken (in: pToken=0x1c94e2d0 | out: pToken=0x1c94e2d0) returned 0x0 [0238.848] CoGetContextToken (in: pToken=0x1c94e210 | out: pToken=0x1c94e210) returned 0x0 [0238.848] WbemLocator:IUnknown:AddRef (This=0x1c089a68) returned 0x3 [0238.848] WbemLocator:IUnknown:QueryInterface (in: This=0x1c089a68, riid=0x1c94e350*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c94e330 | out: ppvObject=0x1c94e330*=0x1ae76580) returned 0x0 [0238.848] WbemLocator:IUnknown:Release (This=0x1c089a68) returned 0x3 [0238.848] IUnknown:Release (This=0x1ae76580) returned 0x2 [0238.849] IUnknown:Release (This=0x1ae76580) returned 0x1 [0238.849] IUnknown:Release (This=0x5f9210) returned 0x2 [0238.849] SysStringLen (param_1=0x0) returned 0x0 [0238.886] CoGetContextToken (in: pToken=0x1c94e750 | out: pToken=0x1c94e750) returned 0x0 [0238.886] CoGetContextToken (in: pToken=0x1c94e690 | out: pToken=0x1c94e690) returned 0x0 [0238.886] WbemLocator:IUnknown:AddRef (This=0x1c089a68) returned 0x2 [0238.886] WbemLocator:IUnknown:QueryInterface (in: This=0x1c089a68, riid=0x1c94e7d0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c94e7b0 | out: ppvObject=0x1c94e7b0*=0x1ae76580) returned 0x0 [0238.887] WbemLocator:IUnknown:Release (This=0x1c089a68) returned 0x2 [0238.887] IUnknown:AddRef (This=0x1ae76580) returned 0x3 [0238.887] IEnumWbemClassObject:Reset (This=0x1ae76580) returned 0x0 [0238.888] IUnknown:Release (This=0x1ae76580) returned 0x2 [0238.996] CoTaskMemAlloc (cb=0x8) returned 0x1af2a820 [0238.996] IEnumWbemClassObject:Next (in: This=0x1ae76580, lTimeout=-1, uCount=0x1, apObjects=0x1af2a820, puReturned=0x1c94e9d8 | out: apObjects=0x1af2a820*=0x1af56cb0, puReturned=0x1c94e9d8*=0x1) returned 0x0 [0238.999] IUnknown:QueryInterface (in: This=0x1af56cb0, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94dd00 | out: ppvObject=0x1c94dd00*=0x1af56cb0) returned 0x0 [0239.000] IUnknown:QueryInterface (in: This=0x1af56cb0, riid=0x7ffb7330d840*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c94dd80 | out: ppvObject=0x1c94dd80*=0x0) returned 0x80004002 [0239.000] IUnknown:QueryInterface (in: This=0x1af56cb0, riid=0x7ffb7330d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c94db18 | out: ppvObject=0x1c94db18*=0x0) returned 0x80004002 [0239.000] IUnknown:AddRef (This=0x1af56cb0) returned 0x3 [0239.000] CoGetContextToken (in: pToken=0x1c94d9d0 | out: pToken=0x1c94d9d0) returned 0x0 [0239.000] IUnknown:QueryInterface (in: This=0x1af56cb0, riid=0x7ffb7330d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94d990 | out: ppvObject=0x1c94d990*=0x1af56cb8) returned 0x0 [0239.001] IMarshal:GetUnmarshalClass (in: This=0x1af56cb8, riid=0x7ffb7330d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c94d9c0 | out: pCid=0x1c94d9c0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0239.001] IUnknown:Release (This=0x1af56cb8) returned 0x3 [0239.001] CoGetContextToken (in: pToken=0x1c94d9a0 | out: pToken=0x1c94d9a0) returned 0x0 [0239.001] IUnknown:AddRef (This=0x1af56cb0) returned 0x4 [0239.001] IUnknown:QueryInterface (in: This=0x1af56cb0, riid=0x7ffb7330d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94dab8 | out: ppvObject=0x1c94dab8*=0x0) returned 0x80004002 [0239.001] IUnknown:Release (This=0x1af56cb0) returned 0x3 [0239.002] IUnknown:Release (This=0x1af56cb0) returned 0x2 [0239.002] CoGetContextToken (in: pToken=0x1c94de60 | out: pToken=0x1c94de60) returned 0x0 [0239.002] IIDFromString (in: lpsz="{DC12A681-737F-11CF-884D-00AA004B2E24}", lpiid=0x1c94dee0 | out: lpiid=0x1c94dee0) returned 0x0 [0239.002] CoGetContextToken (in: pToken=0x1c94dda0 | out: pToken=0x1c94dda0) returned 0x0 [0239.002] IUnknown:AddRef (This=0x1af56cb0) returned 0x3 [0239.002] IUnknown:QueryInterface (in: This=0x1af56cb0, riid=0x1c94dee0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c94dec0 | out: ppvObject=0x1c94dec0*=0x1af56cb0) returned 0x0 [0239.002] IUnknown:Release (This=0x1af56cb0) returned 0x3 [0239.003] IUnknown:Release (This=0x1af56cb0) returned 0x2 [0239.003] IUnknown:Release (This=0x1af56cb0) returned 0x1 [0239.003] CoTaskMemFree (pv=0x1af2a820) [0239.003] CoGetContextToken (in: pToken=0x1c94e7e0 | out: pToken=0x1c94e7e0) returned 0x0 [0239.003] IUnknown:AddRef (This=0x1af56cb0) returned 0x2 [0239.125] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\WBEM\\.NET", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c94ca08 | out: phkResult=0x1c94ca08*=0x0) returned 0x2 [0239.125] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\WBEM", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c94ca08 | out: phkResult=0x1c94ca08*=0x524) returned 0x0 [0239.378] IWbemClassObject:Get (in: This=0x1af56cb0, wszName="__GENUS", lFlags=0, pVal=0x1c94e950*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c94e94c*=0, plFlavor=0x1c94e948*=0 | out: pVal=0x1c94e950*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c94e94c*=3, plFlavor=0x1c94e948*=64) returned 0x0 [0239.787] IWbemClassObject:Get (in: This=0x1af56cb0, wszName="__PATH", lFlags=0, pVal=0x1c94e8f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c94e8ec*=0, plFlavor=0x1c94e8e8*=0 | out: pVal=0x1c94e8f0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c94e8ec*=8, plFlavor=0x1c94e8e8*=64) returned 0x0 [0239.796] IWbemClassObject:Get (in: This=0x1af56cb0, wszName="__RELPATH", lFlags=0, pVal=0x1c94e8f0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c94e8ec*=8, plFlavor=0x1c94e8e8*=64 | out: pVal=0x1c94e8f0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c94e8ec*=8, plFlavor=0x1c94e8e8*=64) returned 0x0 [0239.835] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1ae729f0, puCount=0x1c94e920 | out: puCount=0x1c94e920*=0x2) returned 0x0 [0239.835] WbemDefPath:IWbemPath:GetText (in: This=0x1ae729f0, lFlags=4, puBuffLength=0x1c94e920*=0x0, pszText=0x0 | out: puBuffLength=0x1c94e920*=0x19, pszText=0x0) returned 0x0 [0239.835] WbemDefPath:IWbemPath:GetText (in: This=0x1ae729f0, lFlags=4, puBuffLength=0x1c94e920*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x1c94e920*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0240.215] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1ae729f0, puCount=0x1c94e8f0 | out: puCount=0x1c94e8f0*=0x2) returned 0x0 [0240.215] WbemDefPath:IWbemPath:GetText (in: This=0x1ae729f0, lFlags=4, puBuffLength=0x1c94e8f0*=0x0, pszText=0x0 | out: puBuffLength=0x1c94e8f0*=0x19, pszText=0x0) returned 0x0 [0240.215] WbemDefPath:IWbemPath:GetText (in: This=0x1ae729f0, lFlags=4, puBuffLength=0x1c94e8f0*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x1c94e8f0*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0240.346] IWbemClassObject:Get (in: This=0x1af56cb0, wszName="DisplayName", lFlags=0, pVal=0x1c94e910*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c94e90c*=0, plFlavor=0x1c94e908*=0 | out: pVal=0x1c94e910*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Windows Defender", varVal2=0x0), pType=0x1c94e90c*=8, plFlavor=0x1c94e908*=0) returned 0x0 [0240.347] SysStringLen (param_1="Windows Defender") returned 0x10 [0240.347] IWbemClassObject:Get (in: This=0x1af56cb0, wszName="DisplayName", lFlags=0, pVal=0x1c94e960*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c94e95c*=8, plFlavor=0x1c94e958*=0 | out: pVal=0x1c94e960*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Windows Defender", varVal2=0x0), pType=0x1c94e95c*=8, plFlavor=0x1c94e958*=0) returned 0x0 [0240.347] SysStringLen (param_1="Windows Defender") returned 0x10 [0240.487] CoGetContextToken (in: pToken=0x1c94e6e0 | out: pToken=0x1c94e6e0) returned 0x0 [0240.487] WbemLocator:IUnknown:Release (This=0x1c089a68) returned 0x1 [0240.487] IUnknown:Release (This=0x1ae76580) returned 0x0 [0240.739] SetEvent (hEvent=0x4bc) returned 1 [0240.741] GetForegroundWindow () returned 0x10080 [0240.741] CoTaskMemAlloc (cb=0x204) returned 0x1c07c5c0 [0240.741] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c5c0, nMaxCount=256 | out: lpString="") returned 0 [0240.741] CoTaskMemFree (pv=0x1c07c5c0) [0240.743] GetForegroundWindow () returned 0x10080 [0240.743] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0240.743] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="") returned 0 [0240.744] CoTaskMemFree (pv=0x1c07bf90) [0240.744] GetForegroundWindow () returned 0x10080 [0240.744] CoTaskMemAlloc (cb=0x204) returned 0x1c07b960 [0240.744] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b960, nMaxCount=256 | out: lpString="") returned 0 [0240.744] CoTaskMemFree (pv=0x1c07b960) [0240.744] GetForegroundWindow () returned 0x10080 [0240.744] CoTaskMemAlloc (cb=0x204) returned 0x1c07c1a0 [0240.744] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c1a0, nMaxCount=256 | out: lpString="") returned 0 [0240.744] CoTaskMemFree (pv=0x1c07c1a0) [0240.745] GetForegroundWindow () returned 0x100d4 [0240.745] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c94f3c0 | out: lpdwProcessId=0x1c94f3c0) returned 0x650 [0240.745] EnumProcesses (in: lpidProcess=0x289f1d0, cb=0x400, lpcbNeeded=0x1c94f2e0 | out: lpidProcess=0x289f1d0, lpcbNeeded=0x1c94f2e0) returned 1 [0240.746] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x127e0b68, Length=0x20000, ResultLength=0x1c94f280 | out: SystemInformation=0x127e0b68, ResultLength=0x1c94f280*=0xfa08) returned 0x0 [0240.753] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0240.754] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0240.754] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0240.754] CoTaskMemFree (pv=0x1c07cbf0) [0240.754] GetForegroundWindow () returned 0x10080 [0240.754] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0240.754] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="") returned 0 [0240.754] CoTaskMemFree (pv=0x1c07bf90) [0240.755] GetForegroundWindow () returned 0x10080 [0240.757] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c94f3c0 | out: lpdwProcessId=0x1c94f3c0) returned 0x67c [0240.757] EnumProcesses (in: lpidProcess=0x28bd640, cb=0x400, lpcbNeeded=0x1c94f2e0 | out: lpidProcess=0x28bd640, lpcbNeeded=0x1c94f2e0) returned 1 [0240.758] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12800fb8, Length=0x20000, ResultLength=0x1c94f280 | out: SystemInformation=0x12800fb8, ResultLength=0x1c94f280*=0xfa08) returned 0x0 [0240.778] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0240.778] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0240.778] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="") returned 0 [0240.779] CoTaskMemFree (pv=0x1c07bf90) [0240.779] GetForegroundWindow () returned 0x10080 [0240.779] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0240.779] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0240.779] CoTaskMemFree (pv=0x1c07c3b0) [0240.780] GetForegroundWindow () returned 0x10080 [0240.780] CoTaskMemAlloc (cb=0x204) returned 0x1c07b330 [0240.780] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b330, nMaxCount=256 | out: lpString="") returned 0 [0240.780] CoTaskMemFree (pv=0x1c07b330) [0240.780] GetForegroundWindow () returned 0x100d4 [0240.780] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c94f3b0 | out: lpdwProcessId=0x1c94f3b0) returned 0x650 [0240.781] EnumProcesses (in: lpidProcess=0x28dbdc8, cb=0x400, lpcbNeeded=0x1c94f2d0 | out: lpidProcess=0x28dbdc8, lpcbNeeded=0x1c94f2d0) returned 1 [0240.781] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12820fe8, Length=0x20000, ResultLength=0x1c94f270 | out: SystemInformation=0x12820fe8, ResultLength=0x1c94f270*=0xfa08) returned 0x0 [0240.789] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0240.791] CoTaskMemAlloc (cb=0x204) returned 0x1c07c7d0 [0240.791] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07c7d0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0240.792] CoTaskMemFree (pv=0x1c07c7d0) [0240.792] GetForegroundWindow () returned 0x10080 [0240.792] CoTaskMemAlloc (cb=0x204) returned 0x1c07b120 [0240.792] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b120, nMaxCount=256 | out: lpString="") returned 0 [0240.792] CoTaskMemFree (pv=0x1c07b120) [0240.792] GetForegroundWindow () returned 0x10080 [0240.792] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c94f3b0 | out: lpdwProcessId=0x1c94f3b0) returned 0x67c [0240.793] EnumProcesses (in: lpidProcess=0x28fa238, cb=0x400, lpcbNeeded=0x1c94f2d0 | out: lpidProcess=0x28fa238, lpcbNeeded=0x1c94f2d0) returned 1 [0240.793] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12841018, Length=0x20000, ResultLength=0x1c94f270 | out: SystemInformation=0x12841018, ResultLength=0x1c94f270*=0xfa08) returned 0x0 [0240.794] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0240.794] CoTaskMemAlloc (cb=0x204) returned 0x1c07b540 [0240.794] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b540, nMaxCount=256 | out: lpString="") returned 0 [0240.795] CoTaskMemFree (pv=0x1c07b540) [0240.795] GetForegroundWindow () returned 0x10080 [0240.795] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0240.795] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="") returned 0 [0240.795] CoTaskMemFree (pv=0x1c07cbf0) [0240.795] GetForegroundWindow () returned 0x10080 [0240.796] CoTaskMemAlloc (cb=0x204) returned 0x1c07bb70 [0240.796] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bb70, nMaxCount=256 | out: lpString="") returned 0 [0240.796] CoTaskMemFree (pv=0x1c07bb70) [0240.796] GetForegroundWindow () returned 0x100d4 [0240.796] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c94f3c0 | out: lpdwProcessId=0x1c94f3c0) returned 0x650 [0240.796] EnumProcesses (in: lpidProcess=0x2918948, cb=0x400, lpcbNeeded=0x1c94f2e0 | out: lpidProcess=0x2918948, lpcbNeeded=0x1c94f2e0) returned 1 [0240.797] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12861048, Length=0x20000, ResultLength=0x1c94f280 | out: SystemInformation=0x12861048, ResultLength=0x1c94f280*=0xfa08) returned 0x0 [0240.804] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0240.807] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0240.807] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="FolderView") returned 10 [0240.807] CoTaskMemFree (pv=0x1c07bf90) [0240.807] GetForegroundWindow () returned 0x10080 [0240.807] CoTaskMemAlloc (cb=0x204) returned 0x1c07ce00 [0240.807] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07ce00, nMaxCount=256 | out: lpString="") returned 0 [0240.808] CoTaskMemFree (pv=0x1c07ce00) [0240.808] GetForegroundWindow () returned 0x10080 [0240.808] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c94f3c0 | out: lpdwProcessId=0x1c94f3c0) returned 0x67c [0240.808] EnumProcesses (in: lpidProcess=0x2936db8, cb=0x400, lpcbNeeded=0x1c94f2e0 | out: lpidProcess=0x2936db8, lpcbNeeded=0x1c94f2e0) returned 1 [0240.809] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12881078, Length=0x20000, ResultLength=0x1c94f280 | out: SystemInformation=0x12881078, ResultLength=0x1c94f280*=0xfa08) returned 0x0 [0240.809] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0240.810] CoTaskMemAlloc (cb=0x204) returned 0x1c07b120 [0240.810] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b120, nMaxCount=256 | out: lpString="") returned 0 [0240.810] CoTaskMemFree (pv=0x1c07b120) [0240.811] GetForegroundWindow () returned 0x10080 [0240.811] CoTaskMemAlloc (cb=0x204) returned 0x1c07ce00 [0240.811] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07ce00, nMaxCount=256 | out: lpString="") returned 0 [0240.811] CoTaskMemFree (pv=0x1c07ce00) [0240.811] GetForegroundWindow () returned 0x10080 [0240.811] CoTaskMemAlloc (cb=0x204) returned 0x1c07c5c0 [0240.811] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c5c0, nMaxCount=256 | out: lpString="") returned 0 [0240.812] CoTaskMemFree (pv=0x1c07c5c0) [0240.812] GetForegroundWindow () returned 0x100d4 [0240.812] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c94f3b0 | out: lpdwProcessId=0x1c94f3b0) returned 0x650 [0240.812] EnumProcesses (in: lpidProcess=0x29554c8, cb=0x400, lpcbNeeded=0x1c94f2d0 | out: lpidProcess=0x29554c8, lpcbNeeded=0x1c94f2d0) returned 1 [0240.813] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128a10a8, Length=0x20000, ResultLength=0x1c94f270 | out: SystemInformation=0x128a10a8, ResultLength=0x1c94f270*=0xfa08) returned 0x0 [0240.821] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0240.821] CoTaskMemAlloc (cb=0x204) returned 0x1c07bd80 [0240.821] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07bd80, nMaxCount=256 | out: lpString="FolderView") returned 10 [0240.821] CoTaskMemFree (pv=0x1c07bd80) [0240.822] GetForegroundWindow () returned 0x10080 [0240.824] CoTaskMemAlloc (cb=0x204) returned 0x1c07bb70 [0240.824] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bb70, nMaxCount=256 | out: lpString="") returned 0 [0240.825] CoTaskMemFree (pv=0x1c07bb70) [0240.825] GetLastInputInfo (in: plii=0x1c94f400 | out: plii=0x1c94f400*(cbSize=0x8, dwTime=0x16d0d)) returned 1 [0240.825] GetForegroundWindow () returned 0x10080 [0240.825] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c94f3b0 | out: lpdwProcessId=0x1c94f3b0) returned 0x67c [0240.825] EnumProcesses (in: lpidProcess=0x29739f8, cb=0x400, lpcbNeeded=0x1c94f2d0 | out: lpidProcess=0x29739f8, lpcbNeeded=0x1c94f2d0) returned 1 [0240.826] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x128c10d8, Length=0x20000, ResultLength=0x1c94f270 | out: SystemInformation=0x128c10d8, ResultLength=0x1c94f270*=0xfa08) returned 0x0 [0240.834] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0240.837] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0240.837] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="") returned 0 [0240.837] CoTaskMemFree (pv=0x1c07cbf0) [0240.838] GetForegroundWindow () returned 0x10080 [0240.838] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0240.838] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="") returned 0 [0240.838] CoTaskMemFree (pv=0x1c07cbf0) [0240.839] GetForegroundWindow () returned 0x10080 [0240.839] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0240.839] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="") returned 0 [0240.839] CoTaskMemFree (pv=0x1c07cbf0) [0240.839] GetForegroundWindow () returned 0x100d4 [0240.839] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c94f3c0 | out: lpdwProcessId=0x1c94f3c0) returned 0x650 [0240.839] EnumProcesses (in: lpidProcess=0x2992108, cb=0x400, lpcbNeeded=0x1c94f2e0 | out: lpidProcess=0x2992108, lpcbNeeded=0x1c94f2e0) returned 1 [0240.840] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1299d8c0, Length=0x20000, ResultLength=0x1c94f280 | out: SystemInformation=0x1299d8c0, ResultLength=0x1c94f280*=0xfa08) returned 0x0 [0240.868] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0240.868] CoTaskMemAlloc (cb=0x204) returned 0x1c07bb70 [0240.868] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07bb70, nMaxCount=256 | out: lpString="FolderView") returned 10 [0240.868] CoTaskMemFree (pv=0x1c07bb70) [0240.869] GetForegroundWindow () returned 0x10080 [0240.869] CoTaskMemAlloc (cb=0x204) returned 0x1c07bd80 [0240.869] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bd80, nMaxCount=256 | out: lpString="") returned 0 [0240.869] CoTaskMemFree (pv=0x1c07bd80) [0240.869] GetForegroundWindow () returned 0x10080 [0240.869] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c94f3c0 | out: lpdwProcessId=0x1c94f3c0) returned 0x67c [0240.869] EnumProcesses (in: lpidProcess=0x27c8468, cb=0x400, lpcbNeeded=0x1c94f2e0 | out: lpidProcess=0x27c8468, lpcbNeeded=0x1c94f2e0) returned 1 [0240.871] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129bd8f0, Length=0x20000, ResultLength=0x1c94f280 | out: SystemInformation=0x129bd8f0, ResultLength=0x1c94f280*=0xfa08) returned 0x0 [0240.883] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0240.886] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0240.886] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0240.886] CoTaskMemFree (pv=0x1c07c3b0) [0240.886] GetForegroundWindow () returned 0x10080 [0240.886] CoTaskMemAlloc (cb=0x204) returned 0x1c07c7d0 [0240.886] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c7d0, nMaxCount=256 | out: lpString="") returned 0 [0240.887] CoTaskMemFree (pv=0x1c07c7d0) [0240.887] GetForegroundWindow () returned 0x10080 [0240.887] CoTaskMemAlloc (cb=0x204) returned 0x1c07bf90 [0240.887] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bf90, nMaxCount=256 | out: lpString="") returned 0 [0240.887] CoTaskMemFree (pv=0x1c07bf90) [0240.887] GetForegroundWindow () returned 0x100d4 [0240.887] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c94f3b0 | out: lpdwProcessId=0x1c94f3b0) returned 0x650 [0240.888] EnumProcesses (in: lpidProcess=0x27e7310, cb=0x400, lpcbNeeded=0x1c94f2d0 | out: lpidProcess=0x27e7310, lpcbNeeded=0x1c94f2d0) returned 1 [0240.890] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129dd920, Length=0x20000, ResultLength=0x1c94f270 | out: SystemInformation=0x129dd920, ResultLength=0x1c94f270*=0xfa08) returned 0x0 [0240.899] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0240.901] CoTaskMemAlloc (cb=0x204) returned 0x1c07c1a0 [0240.901] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07c1a0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0240.902] CoTaskMemFree (pv=0x1c07c1a0) [0240.902] GetForegroundWindow () returned 0x10080 [0240.902] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0240.902] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0240.902] CoTaskMemFree (pv=0x1c07c3b0) [0240.903] GetForegroundWindow () returned 0x10080 [0240.903] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c94f3b0 | out: lpdwProcessId=0x1c94f3b0) returned 0x67c [0240.903] EnumProcesses (in: lpidProcess=0x2805780, cb=0x400, lpcbNeeded=0x1c94f2d0 | out: lpidProcess=0x2805780, lpcbNeeded=0x1c94f2d0) returned 1 [0240.905] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x129fd950, Length=0x20000, ResultLength=0x1c94f270 | out: SystemInformation=0x129fd950, ResultLength=0x1c94f270*=0xfa08) returned 0x0 [0240.915] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0240.915] CoTaskMemAlloc (cb=0x204) returned 0x1c07c5c0 [0240.915] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c5c0, nMaxCount=256 | out: lpString="") returned 0 [0240.915] CoTaskMemFree (pv=0x1c07c5c0) [0240.916] GetForegroundWindow () returned 0x10080 [0240.916] CoTaskMemAlloc (cb=0x204) returned 0x1c07b330 [0240.916] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b330, nMaxCount=256 | out: lpString="") returned 0 [0240.918] CoTaskMemFree (pv=0x1c07b330) [0240.918] GetForegroundWindow () returned 0x10080 [0240.918] CoTaskMemAlloc (cb=0x204) returned 0x1c07bb70 [0240.919] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07bb70, nMaxCount=256 | out: lpString="") returned 0 [0240.919] CoTaskMemFree (pv=0x1c07bb70) [0240.919] GetForegroundWindow () returned 0x100d4 [0240.919] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c94f3c0 | out: lpdwProcessId=0x1c94f3c0) returned 0x650 [0240.919] EnumProcesses (in: lpidProcess=0x2823e90, cb=0x400, lpcbNeeded=0x1c94f2e0 | out: lpidProcess=0x2823e90, lpcbNeeded=0x1c94f2e0) returned 1 [0240.921] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a1d980, Length=0x20000, ResultLength=0x1c94f280 | out: SystemInformation=0x12a1d980, ResultLength=0x1c94f280*=0xfa08) returned 0x0 [0240.931] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0240.933] CoTaskMemAlloc (cb=0x204) returned 0x1c07c5c0 [0240.933] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07c5c0, nMaxCount=256 | out: lpString="FolderView") returned 10 [0240.933] CoTaskMemFree (pv=0x1c07c5c0) [0240.934] GetForegroundWindow () returned 0x10080 [0240.934] CoTaskMemAlloc (cb=0x204) returned 0x1c07b330 [0240.934] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b330, nMaxCount=256 | out: lpString="") returned 0 [0240.934] CoTaskMemFree (pv=0x1c07b330) [0240.935] GetForegroundWindow () returned 0x10080 [0240.935] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c94f3c0 | out: lpdwProcessId=0x1c94f3c0) returned 0x67c [0240.935] EnumProcesses (in: lpidProcess=0x2842300, cb=0x400, lpcbNeeded=0x1c94f2e0 | out: lpidProcess=0x2842300, lpcbNeeded=0x1c94f2e0) returned 1 [0240.937] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a3d9b0, Length=0x20000, ResultLength=0x1c94f280 | out: SystemInformation=0x12a3d9b0, ResultLength=0x1c94f280*=0xfa08) returned 0x0 [0240.948] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0240.948] CoTaskMemAlloc (cb=0x204) returned 0x1c07ce00 [0240.948] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07ce00, nMaxCount=256 | out: lpString="") returned 0 [0240.948] CoTaskMemFree (pv=0x1c07ce00) [0240.949] GetForegroundWindow () returned 0x10080 [0240.949] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0240.949] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0240.971] CoTaskMemFree (pv=0x1c07c3b0) [0240.971] GetForegroundWindow () returned 0x10080 [0240.972] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0240.972] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="") returned 0 [0240.972] CoTaskMemFree (pv=0x1c07cbf0) [0240.972] GetForegroundWindow () returned 0x100d4 [0240.972] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c94f3b0 | out: lpdwProcessId=0x1c94f3b0) returned 0x650 [0240.972] EnumProcesses (in: lpidProcess=0x2861280, cb=0x400, lpcbNeeded=0x1c94f2d0 | out: lpidProcess=0x2861280, lpcbNeeded=0x1c94f2d0) returned 1 [0240.974] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a5d9e0, Length=0x20000, ResultLength=0x1c94f270 | out: SystemInformation=0x12a5d9e0, ResultLength=0x1c94f270*=0xfa08) returned 0x0 [0240.986] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0240.986] CoTaskMemAlloc (cb=0x204) returned 0x1c07ce00 [0240.986] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07ce00, nMaxCount=256 | out: lpString="FolderView") returned 10 [0240.986] CoTaskMemFree (pv=0x1c07ce00) [0240.987] GetForegroundWindow () returned 0x10080 [0240.987] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0240.987] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="") returned 0 [0240.987] CoTaskMemFree (pv=0x1c07cbf0) [0240.987] GetForegroundWindow () returned 0x10080 [0240.987] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1c94f3b0 | out: lpdwProcessId=0x1c94f3b0) returned 0x67c [0240.987] EnumProcesses (in: lpidProcess=0x287f6f0, cb=0x400, lpcbNeeded=0x1c94f2d0 | out: lpidProcess=0x287f6f0, lpcbNeeded=0x1c94f2d0) returned 1 [0240.989] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7da10, Length=0x20000, ResultLength=0x1c94f270 | out: SystemInformation=0x12a7da10, ResultLength=0x1c94f270*=0xfa08) returned 0x0 [0241.001] GetKeyboardLayout (idThread=0x67c) returned 0x4090409 [0241.001] CoTaskMemAlloc (cb=0x204) returned 0x1c07b540 [0241.001] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b540, nMaxCount=256 | out: lpString="") returned 0 [0241.001] CoTaskMemFree (pv=0x1c07b540) [0241.002] GetForegroundWindow () returned 0x10080 [0241.002] CoTaskMemAlloc (cb=0x204) returned 0x1c07c3b0 [0241.002] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07c3b0, nMaxCount=256 | out: lpString="") returned 0 [0241.002] CoTaskMemFree (pv=0x1c07c3b0) [0241.002] GetForegroundWindow () returned 0x10080 [0241.002] CoTaskMemAlloc (cb=0x204) returned 0x1c07cbf0 [0241.002] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07cbf0, nMaxCount=256 | out: lpString="") returned 0 [0241.003] CoTaskMemFree (pv=0x1c07cbf0) [0241.003] GetForegroundWindow () returned 0x100d4 [0241.003] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x1c94f3c0 | out: lpdwProcessId=0x1c94f3c0) returned 0x650 [0241.003] EnumProcesses (in: lpidProcess=0x289de00, cb=0x400, lpcbNeeded=0x1c94f2e0 | out: lpidProcess=0x289de00, lpcbNeeded=0x1c94f2e0) returned 1 [0241.329] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126b6e90, Length=0x20000, ResultLength=0x1c94f280 | out: SystemInformation=0x126b6e90, ResultLength=0x1c94f280*=0xfa08) returned 0x0 [0241.336] GetKeyboardLayout (idThread=0x650) returned 0x4090409 [0241.338] CoTaskMemAlloc (cb=0x204) returned 0x1c07bd80 [0241.338] GetWindowTextW (in: hWnd=0x100d4, lpString=0x1c07bd80, nMaxCount=256 | out: lpString="FolderView") returned 10 [0241.338] CoTaskMemFree (pv=0x1c07bd80) [0241.438] GetForegroundWindow () returned 0x10080 [0241.438] CoTaskMemAlloc (cb=0x204) returned 0x1c07b330 [0241.438] GetWindowTextW (in: hWnd=0x10080, lpString=0x1c07b330, nMaxCount=256 | out: lpString="") returned 0 [0241.439] CoTaskMemFree (pv=0x1c07b330) [0251.489] CoUninitialize () [0251.491] CoGetContextToken (in: pToken=0x1c94f9f0 | out: pToken=0x1c94f9f0) returned 0x0 [0251.492] IUnknown:QueryInterface (in: This=0x5e6f80, riid=0x7ffb7330d270*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94fa48 | out: ppvObject=0x1c94fa48*=0x5e6f98) returned 0x0 [0251.492] IComThreadingInfo:GetCurrentThreadType (in: This=0x5e6f98, pThreadType=0x1c94fae0 | out: pThreadType=0x1c94fae0*=0) returned 0x0 [0251.492] IUnknown:Release (This=0x5e6f98) returned 0x1 [0251.492] CoGetContextToken (in: pToken=0x1c94f900 | out: pToken=0x1c94f900) returned 0x0 [0251.492] IUnknown:QueryInterface (in: This=0x5e6f80, riid=0x7ffb7330d270*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c94f958 | out: ppvObject=0x1c94f958*=0x5e6f98) returned 0x0 [0251.493] IComThreadingInfo:GetCurrentThreadType (in: This=0x5e6f98, pThreadType=0x1c94f9f0 | out: pThreadType=0x1c94f9f0*=0) returned 0x0 [0251.493] IUnknown:Release (This=0x5e6f98) returned 0x1 Thread: id = 100 os_tid = 0x72c Process: id = "3" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x74d4a000" os_pid = "0x364" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x210" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b258" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 2458 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2459 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 2460 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2461 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2462 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 2463 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 2464 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 2465 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2466 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2467 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2468 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2469 start_va = 0x1f0000 end_va = 0x1f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 2470 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2471 start_va = 0x400000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2472 start_va = 0x500000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 2473 start_va = 0x580000 end_va = 0x580fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 2474 start_va = 0x590000 end_va = 0x591fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 2475 start_va = 0x5a0000 end_va = 0x5a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vsstrace.dll.mui" filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui") Region: id = 2476 start_va = 0x5b0000 end_va = 0x5b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2477 start_va = 0x5c0000 end_va = 0x5c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2478 start_va = 0x5d0000 end_va = 0x5dcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui") Region: id = 2479 start_va = 0x5e0000 end_va = 0x5e6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 2480 start_va = 0x5f0000 end_va = 0x5f3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2481 start_va = 0x600000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 2482 start_va = 0x700000 end_va = 0x887fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000700000" filename = "" Region: id = 2483 start_va = 0x890000 end_va = 0xa10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 2484 start_va = 0xa20000 end_va = 0xadffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a20000" filename = "" Region: id = 2485 start_va = 0xae0000 end_va = 0xb24fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db") Region: id = 2486 start_va = 0xb30000 end_va = 0xb33fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2487 start_va = 0xb40000 end_va = 0xb46fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b40000" filename = "" Region: id = 2488 start_va = 0xb50000 end_va = 0xb60fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 2489 start_va = 0xb70000 end_va = 0xb71fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b70000" filename = "" Region: id = 2490 start_va = 0xb80000 end_va = 0xb8cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2491 start_va = 0xb90000 end_va = 0xb91fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b90000" filename = "" Region: id = 2492 start_va = 0xba0000 end_va = 0xba6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ba0000" filename = "" Region: id = 2493 start_va = 0xbb0000 end_va = 0xbb1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "activeds.dll.mui" filename = "\\Windows\\System32\\en-US\\activeds.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\activeds.dll.mui") Region: id = 2494 start_va = 0xbc0000 end_va = 0xbc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bc0000" filename = "" Region: id = 2495 start_va = 0xbd0000 end_va = 0xbd4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 2496 start_va = 0xbe0000 end_va = 0xbeffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 2497 start_va = 0xbf0000 end_va = 0xbf2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui") Region: id = 2498 start_va = 0xc00000 end_va = 0xcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c00000" filename = "" Region: id = 2499 start_va = 0xd00000 end_va = 0xd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 2500 start_va = 0xd80000 end_va = 0xe7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d80000" filename = "" Region: id = 2501 start_va = 0xe90000 end_va = 0xe99fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\System32\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\crypt32.dll.mui") Region: id = 2502 start_va = 0xea0000 end_va = 0xeb0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1256.nls" filename = "\\Windows\\System32\\C_1256.NLS" (normalized: "c:\\windows\\system32\\c_1256.nls") Region: id = 2503 start_va = 0xec0000 end_va = 0xec6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ec0000" filename = "" Region: id = 2504 start_va = 0xed0000 end_va = 0xee0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1251.nls" filename = "\\Windows\\System32\\C_1251.NLS" (normalized: "c:\\windows\\system32\\c_1251.nls") Region: id = 2505 start_va = 0xf00000 end_va = 0xffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f00000" filename = "" Region: id = 2506 start_va = 0x1000000 end_va = 0x1336fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2507 start_va = 0x1340000 end_va = 0x143ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001340000" filename = "" Region: id = 2508 start_va = 0x1440000 end_va = 0x153ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001440000" filename = "" Region: id = 2509 start_va = 0x1540000 end_va = 0x15bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001540000" filename = "" Region: id = 2510 start_va = 0x15c0000 end_va = 0x15d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1254.nls" filename = "\\Windows\\System32\\C_1254.NLS" (normalized: "c:\\windows\\system32\\c_1254.nls") Region: id = 2511 start_va = 0x15e0000 end_va = 0x15f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1250.nls" filename = "\\Windows\\System32\\C_1250.NLS" (normalized: "c:\\windows\\system32\\c_1250.nls") Region: id = 2512 start_va = 0x1600000 end_va = 0x16fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001600000" filename = "" Region: id = 2513 start_va = 0x1700000 end_va = 0x17fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001700000" filename = "" Region: id = 2514 start_va = 0x1800000 end_va = 0x188dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 2515 start_va = 0x1890000 end_va = 0x18a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1253.nls" filename = "\\Windows\\System32\\C_1253.NLS" (normalized: "c:\\windows\\system32\\c_1253.nls") Region: id = 2516 start_va = 0x18b0000 end_va = 0x18c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1257.nls" filename = "\\Windows\\System32\\C_1257.NLS" (normalized: "c:\\windows\\system32\\c_1257.nls") Region: id = 2517 start_va = 0x18d0000 end_va = 0x18e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1255.nls" filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls") Region: id = 2518 start_va = 0x18f0000 end_va = 0x18f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000018f0000" filename = "" Region: id = 2519 start_va = 0x1900000 end_va = 0x19fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001900000" filename = "" Region: id = 2520 start_va = 0x1a00000 end_va = 0x1afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a00000" filename = "" Region: id = 2521 start_va = 0x1b00000 end_va = 0x1b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b00000" filename = "" Region: id = 2522 start_va = 0x1b80000 end_va = 0x1bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b80000" filename = "" Region: id = 2523 start_va = 0x1c00000 end_va = 0x1cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c00000" filename = "" Region: id = 2524 start_va = 0x1d00000 end_va = 0x1dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d00000" filename = "" Region: id = 2525 start_va = 0x1e00000 end_va = 0x1efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e00000" filename = "" Region: id = 2526 start_va = 0x1f00000 end_va = 0x1f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f00000" filename = "" Region: id = 2527 start_va = 0x1f80000 end_va = 0x1ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f80000" filename = "" Region: id = 2528 start_va = 0x2000000 end_va = 0x20fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 2529 start_va = 0x2100000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 2530 start_va = 0x2200000 end_va = 0x22fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 2531 start_va = 0x2300000 end_va = 0x23fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 2532 start_va = 0x2400000 end_va = 0x24fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 2533 start_va = 0x2500000 end_va = 0x25fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Region: id = 2534 start_va = 0x2600000 end_va = 0x26fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002600000" filename = "" Region: id = 2535 start_va = 0x2700000 end_va = 0x27fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002700000" filename = "" Region: id = 2536 start_va = 0x2800000 end_va = 0x28fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 2537 start_va = 0x2900000 end_va = 0x29dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 2538 start_va = 0x29e0000 end_va = 0x2a5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029e0000" filename = "" Region: id = 2539 start_va = 0x2a60000 end_va = 0x2adffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a60000" filename = "" Region: id = 2540 start_va = 0x2ae0000 end_va = 0x2b5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ae0000" filename = "" Region: id = 2541 start_va = 0x2b60000 end_va = 0x2bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b60000" filename = "" Region: id = 2542 start_va = 0x2be0000 end_va = 0x2c5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002be0000" filename = "" Region: id = 2543 start_va = 0x2c60000 end_va = 0x2d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c60000" filename = "" Region: id = 2544 start_va = 0x2d60000 end_va = 0x2e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d60000" filename = "" Region: id = 2545 start_va = 0x2e60000 end_va = 0x2f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e60000" filename = "" Region: id = 2546 start_va = 0x2f60000 end_va = 0x2fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f60000" filename = "" Region: id = 2547 start_va = 0x2ff0000 end_va = 0x2ff6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ff0000" filename = "" Region: id = 2548 start_va = 0x3000000 end_va = 0x3027fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_932.nls" filename = "\\Windows\\System32\\C_932.NLS" (normalized: "c:\\windows\\system32\\c_932.nls") Region: id = 2549 start_va = 0x3030000 end_va = 0x3060fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_949.nls" filename = "\\Windows\\System32\\C_949.NLS" (normalized: "c:\\windows\\system32\\c_949.nls") Region: id = 2550 start_va = 0x3070000 end_va = 0x3080fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_874.nls" filename = "\\Windows\\System32\\C_874.NLS" (normalized: "c:\\windows\\system32\\c_874.nls") Region: id = 2551 start_va = 0x3090000 end_va = 0x30a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1258.nls" filename = "\\Windows\\System32\\C_1258.NLS" (normalized: "c:\\windows\\system32\\c_1258.nls") Region: id = 2552 start_va = 0x30b0000 end_va = 0x30e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_936.nls" filename = "\\Windows\\System32\\C_936.NLS" (normalized: "c:\\windows\\system32\\c_936.nls") Region: id = 2553 start_va = 0x30f0000 end_va = 0x3120fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_950.nls" filename = "\\Windows\\System32\\C_950.NLS" (normalized: "c:\\windows\\system32\\c_950.nls") Region: id = 2554 start_va = 0x3160000 end_va = 0x325ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003160000" filename = "" Region: id = 2555 start_va = 0x3260000 end_va = 0x32dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003260000" filename = "" Region: id = 2556 start_va = 0x3320000 end_va = 0x3326fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003320000" filename = "" Region: id = 2557 start_va = 0x3330000 end_va = 0x342ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003330000" filename = "" Region: id = 2558 start_va = 0x3430000 end_va = 0x34affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003430000" filename = "" Region: id = 2559 start_va = 0x3500000 end_va = 0x3506fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003500000" filename = "" Region: id = 2560 start_va = 0x3510000 end_va = 0x358ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003510000" filename = "" Region: id = 2561 start_va = 0x3590000 end_va = 0x360ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003590000" filename = "" Region: id = 2562 start_va = 0x3610000 end_va = 0x368ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 2563 start_va = 0x3700000 end_va = 0x37fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003700000" filename = "" Region: id = 2564 start_va = 0x3800000 end_va = 0x387ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003800000" filename = "" Region: id = 2565 start_va = 0x3880000 end_va = 0x397ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003880000" filename = "" Region: id = 2566 start_va = 0x3980000 end_va = 0x3a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003980000" filename = "" Region: id = 2567 start_va = 0x3b80000 end_va = 0x3c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b80000" filename = "" Region: id = 2568 start_va = 0x3c80000 end_va = 0x3d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c80000" filename = "" Region: id = 2569 start_va = 0x3d80000 end_va = 0x3dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d80000" filename = "" Region: id = 2570 start_va = 0x3e00000 end_va = 0x3efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e00000" filename = "" Region: id = 2571 start_va = 0x3f00000 end_va = 0x3f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 2572 start_va = 0x3f80000 end_va = 0x407ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f80000" filename = "" Region: id = 2573 start_va = 0x4080000 end_va = 0x417ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 2574 start_va = 0x4200000 end_va = 0x42fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004200000" filename = "" Region: id = 2575 start_va = 0x4300000 end_va = 0x43fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004300000" filename = "" Region: id = 2576 start_va = 0x4400000 end_va = 0x44fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004400000" filename = "" Region: id = 2577 start_va = 0x4500000 end_va = 0x45fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004500000" filename = "" Region: id = 2578 start_va = 0x4600000 end_va = 0x46fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004600000" filename = "" Region: id = 2579 start_va = 0x4700000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004700000" filename = "" Region: id = 2580 start_va = 0x4800000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2581 start_va = 0x4900000 end_va = 0x49fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004900000" filename = "" Region: id = 2582 start_va = 0x4a00000 end_va = 0x4afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 2583 start_va = 0x4b00000 end_va = 0x4bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b00000" filename = "" Region: id = 2584 start_va = 0x4c00000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c00000" filename = "" Region: id = 2585 start_va = 0x4d00000 end_va = 0x4dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 2586 start_va = 0x4e00000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 2587 start_va = 0x4f00000 end_va = 0x4ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f00000" filename = "" Region: id = 2588 start_va = 0x5000000 end_va = 0x50fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005000000" filename = "" Region: id = 2589 start_va = 0x5100000 end_va = 0x51fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005100000" filename = "" Region: id = 2590 start_va = 0x5200000 end_va = 0x52fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005200000" filename = "" Region: id = 2591 start_va = 0x5300000 end_va = 0x53fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005300000" filename = "" Region: id = 2592 start_va = 0x5400000 end_va = 0x54fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005400000" filename = "" Region: id = 2593 start_va = 0x5500000 end_va = 0x55fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005500000" filename = "" Region: id = 2594 start_va = 0x5600000 end_va = 0x56fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005600000" filename = "" Region: id = 2595 start_va = 0x5700000 end_va = 0x57fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005700000" filename = "" Region: id = 2596 start_va = 0x5800000 end_va = 0x58fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005800000" filename = "" Region: id = 2597 start_va = 0x5900000 end_va = 0x59fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005900000" filename = "" Region: id = 2598 start_va = 0x5a00000 end_va = 0x5afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a00000" filename = "" Region: id = 2599 start_va = 0x5b00000 end_va = 0x5bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b00000" filename = "" Region: id = 2600 start_va = 0x5c00000 end_va = 0x5cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005c00000" filename = "" Region: id = 2601 start_va = 0x5d00000 end_va = 0x5dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d00000" filename = "" Region: id = 2602 start_va = 0x5e00000 end_va = 0x5efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e00000" filename = "" Region: id = 2603 start_va = 0x5f00000 end_va = 0x5ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005f00000" filename = "" Region: id = 2604 start_va = 0x6000000 end_va = 0x60fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006000000" filename = "" Region: id = 2605 start_va = 0x6100000 end_va = 0x61fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006100000" filename = "" Region: id = 2606 start_va = 0x6200000 end_va = 0x62fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006200000" filename = "" Region: id = 2607 start_va = 0x6300000 end_va = 0x63fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006300000" filename = "" Region: id = 2608 start_va = 0x6400000 end_va = 0x64fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006400000" filename = "" Region: id = 2609 start_va = 0x6500000 end_va = 0x65fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006500000" filename = "" Region: id = 2610 start_va = 0x6600000 end_va = 0x66fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006600000" filename = "" Region: id = 2611 start_va = 0x6700000 end_va = 0x67fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006700000" filename = "" Region: id = 2612 start_va = 0x6800000 end_va = 0x68fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006800000" filename = "" Region: id = 2613 start_va = 0x6900000 end_va = 0x69fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006900000" filename = "" Region: id = 2614 start_va = 0x6a00000 end_va = 0x6afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006a00000" filename = "" Region: id = 2615 start_va = 0x6b00000 end_va = 0x6bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006b00000" filename = "" Region: id = 2616 start_va = 0x6c00000 end_va = 0x6cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006c00000" filename = "" Region: id = 2617 start_va = 0x6f00000 end_va = 0x6ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006f00000" filename = "" Region: id = 2618 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2619 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 2620 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 2621 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 2622 start_va = 0x7ff771ac0000 end_va = 0x7ff771accfff monitored = 0 entry_point = 0x7ff771ac3980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 2623 start_va = 0x7ffb74ca0000 end_va = 0x7ffb74d1ffff monitored = 0 entry_point = 0x7ffb74ccd280 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 2624 start_va = 0x7ffb74d20000 end_va = 0x7ffb74d55fff monitored = 0 entry_point = 0x7ffb74d227f0 region_type = mapped_file name = "windows.networking.hostname.dll" filename = "\\Windows\\System32\\Windows.Networking.HostName.dll" (normalized: "c:\\windows\\system32\\windows.networking.hostname.dll") Region: id = 2625 start_va = 0x7ffb74d60000 end_va = 0x7ffb74d70fff monitored = 0 entry_point = 0x7ffb74d67480 region_type = mapped_file name = "tetheringclient.dll" filename = "\\Windows\\System32\\tetheringclient.dll" (normalized: "c:\\windows\\system32\\tetheringclient.dll") Region: id = 2626 start_va = 0x7ffb74d80000 end_va = 0x7ffb74e03fff monitored = 0 entry_point = 0x7ffb74d98d50 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 2627 start_va = 0x7ffb74e10000 end_va = 0x7ffb74e4efff monitored = 0 entry_point = 0x7ffb74e382d0 region_type = mapped_file name = "tcpipcfg.dll" filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll") Region: id = 2628 start_va = 0x7ffb74e50000 end_va = 0x7ffb74e65fff monitored = 0 entry_point = 0x7ffb74e555e0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 2629 start_va = 0x7ffb74e70000 end_va = 0x7ffb74f45fff monitored = 0 entry_point = 0x7ffb74e9a800 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 2630 start_va = 0x7ffb75050000 end_va = 0x7ffb750b3fff monitored = 0 entry_point = 0x7ffb7506bed0 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 2631 start_va = 0x7ffb750c0000 end_va = 0x7ffb750e4fff monitored = 0 entry_point = 0x7ffb750c9900 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 2632 start_va = 0x7ffb750f0000 end_va = 0x7ffb75103fff monitored = 0 entry_point = 0x7ffb750f1800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 2633 start_va = 0x7ffb75110000 end_va = 0x7ffb75205fff monitored = 0 entry_point = 0x7ffb75149590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 2634 start_va = 0x7ffb75210000 end_va = 0x7ffb75283fff monitored = 0 entry_point = 0x7ffb75225eb0 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 2635 start_va = 0x7ffb75290000 end_va = 0x7ffb753c6fff monitored = 0 entry_point = 0x7ffb752d0480 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 2636 start_va = 0x7ffb753d0000 end_va = 0x7ffb753e5fff monitored = 0 entry_point = 0x7ffb753d1d50 region_type = mapped_file name = "wwapi.dll" filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll") Region: id = 2637 start_va = 0x7ffb753f0000 end_va = 0x7ffb75405fff monitored = 0 entry_point = 0x7ffb753f1af0 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 2638 start_va = 0x7ffb75410000 end_va = 0x7ffb75429fff monitored = 0 entry_point = 0x7ffb75412330 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 2639 start_va = 0x7ffb75450000 end_va = 0x7ffb7545cfff monitored = 0 entry_point = 0x7ffb75451420 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 2640 start_va = 0x7ffb75500000 end_va = 0x7ffb75510fff monitored = 0 entry_point = 0x7ffb75502fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 2641 start_va = 0x7ffb75520000 end_va = 0x7ffb7553dfff monitored = 0 entry_point = 0x7ffb75523a40 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 2642 start_va = 0x7ffb75540000 end_va = 0x7ffb755c1fff monitored = 0 entry_point = 0x7ffb75542a10 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 2643 start_va = 0x7ffb75610000 end_va = 0x7ffb7561efff monitored = 0 entry_point = 0x7ffb75614960 region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 2644 start_va = 0x7ffb75a00000 end_va = 0x7ffb75a0bfff monitored = 0 entry_point = 0x7ffb75a035c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 2645 start_va = 0x7ffb75a10000 end_va = 0x7ffb75a55fff monitored = 0 entry_point = 0x7ffb75a179a0 region_type = mapped_file name = "adsldp.dll" filename = "\\Windows\\System32\\adsldp.dll" (normalized: "c:\\windows\\system32\\adsldp.dll") Region: id = 2646 start_va = 0x7ffb75a60000 end_va = 0x7ffb75a9ffff monitored = 0 entry_point = 0x7ffb75a6cbe0 region_type = mapped_file name = "adsldpc.dll" filename = "\\Windows\\System32\\adsldpc.dll" (normalized: "c:\\windows\\system32\\adsldpc.dll") Region: id = 2647 start_va = 0x7ffb75aa0000 end_va = 0x7ffb75ae6fff monitored = 0 entry_point = 0x7ffb75aa1d10 region_type = mapped_file name = "activeds.dll" filename = "\\Windows\\System32\\activeds.dll" (normalized: "c:\\windows\\system32\\activeds.dll") Region: id = 2648 start_va = 0x7ffb75af0000 end_va = 0x7ffb75b03fff monitored = 0 entry_point = 0x7ffb75af3710 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 2649 start_va = 0x7ffb75ba0000 end_va = 0x7ffb75bbdfff monitored = 0 entry_point = 0x7ffb75baef80 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 2650 start_va = 0x7ffb75be0000 end_va = 0x7ffb75c21fff monitored = 0 entry_point = 0x7ffb75be3670 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 2651 start_va = 0x7ffb75ed0000 end_va = 0x7ffb75ee7fff monitored = 0 entry_point = 0x7ffb75ed2000 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 2652 start_va = 0x7ffb75ef0000 end_va = 0x7ffb76071fff monitored = 0 entry_point = 0x7ffb75f082a0 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 2653 start_va = 0x7ffb76080000 end_va = 0x7ffb7609efff monitored = 0 entry_point = 0x7ffb760837e0 region_type = mapped_file name = "netsetupapi.dll" filename = "\\Windows\\System32\\NetSetupApi.dll" (normalized: "c:\\windows\\system32\\netsetupapi.dll") Region: id = 2654 start_va = 0x7ffb760a0000 end_va = 0x7ffb76118fff monitored = 0 entry_point = 0x7ffb760a76a0 region_type = mapped_file name = "netsetupshim.dll" filename = "\\Windows\\System32\\NetSetupShim.dll" (normalized: "c:\\windows\\system32\\netsetupshim.dll") Region: id = 2655 start_va = 0x7ffb761f0000 end_va = 0x7ffb76207fff monitored = 0 entry_point = 0x7ffb761f4e10 region_type = mapped_file name = "adhsvc.dll" filename = "\\Windows\\System32\\adhsvc.dll" (normalized: "c:\\windows\\system32\\adhsvc.dll") Region: id = 2656 start_va = 0x7ffb76210000 end_va = 0x7ffb76234fff monitored = 0 entry_point = 0x7ffb76215ca0 region_type = mapped_file name = "httpprxm.dll" filename = "\\Windows\\System32\\httpprxm.dll" (normalized: "c:\\windows\\system32\\httpprxm.dll") Region: id = 2657 start_va = 0x7ffb76250000 end_va = 0x7ffb76290fff monitored = 0 entry_point = 0x7ffb76253750 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 2658 start_va = 0x7ffb762a0000 end_va = 0x7ffb76392fff monitored = 0 entry_point = 0x7ffb762c5d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2659 start_va = 0x7ffb763d0000 end_va = 0x7ffb76472fff monitored = 0 entry_point = 0x7ffb763d2c10 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 2660 start_va = 0x7ffb76480000 end_va = 0x7ffb764d1fff monitored = 0 entry_point = 0x7ffb76485770 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 2661 start_va = 0x7ffb76500000 end_va = 0x7ffb7652dfff monitored = 1 entry_point = 0x7ffb76502300 region_type = mapped_file name = "wmidcom.dll" filename = "\\Windows\\System32\\wmidcom.dll" (normalized: "c:\\windows\\system32\\wmidcom.dll") Region: id = 2662 start_va = 0x7ffb76530000 end_va = 0x7ffb7658dfff monitored = 0 entry_point = 0x7ffb76535080 region_type = mapped_file name = "miutils.dll" filename = "\\Windows\\System32\\miutils.dll" (normalized: "c:\\windows\\system32\\miutils.dll") Region: id = 2663 start_va = 0x7ffb76590000 end_va = 0x7ffb765affff monitored = 0 entry_point = 0x7ffb76591f50 region_type = mapped_file name = "mi.dll" filename = "\\Windows\\System32\\mi.dll" (normalized: "c:\\windows\\system32\\mi.dll") Region: id = 2664 start_va = 0x7ffb765b0000 end_va = 0x7ffb765b8fff monitored = 0 entry_point = 0x7ffb765b18f0 region_type = mapped_file name = "sscoreext.dll" filename = "\\Windows\\System32\\sscoreext.dll" (normalized: "c:\\windows\\system32\\sscoreext.dll") Region: id = 2665 start_va = 0x7ffb765c0000 end_va = 0x7ffb765d0fff monitored = 0 entry_point = 0x7ffb765c1d30 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 2666 start_va = 0x7ffb766f0000 end_va = 0x7ffb7673bfff monitored = 0 entry_point = 0x7ffb76705310 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 2667 start_va = 0x7ffb76740000 end_va = 0x7ffb767befff monitored = 0 entry_point = 0x7ffb76757110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 2668 start_va = 0x7ffb767c0000 end_va = 0x7ffb767fbfff monitored = 0 entry_point = 0x7ffb767c6aa0 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 2669 start_va = 0x7ffb768f0000 end_va = 0x7ffb76924fff monitored = 0 entry_point = 0x7ffb768fa270 region_type = mapped_file name = "fwpolicyiomgr.dll" filename = "\\Windows\\System32\\fwpolicyiomgr.dll" (normalized: "c:\\windows\\system32\\fwpolicyiomgr.dll") Region: id = 2670 start_va = 0x7ffb7b0a0000 end_va = 0x7ffb7b0b3fff monitored = 0 entry_point = 0x7ffb7b0a5080 region_type = mapped_file name = "windows.staterepositorybroker.dll" filename = "\\Windows\\System32\\Windows.StateRepositoryBroker.dll" (normalized: "c:\\windows\\system32\\windows.staterepositorybroker.dll") Region: id = 2671 start_va = 0x7ffb7bdd0000 end_va = 0x7ffb7be0ffff monitored = 0 entry_point = 0x7ffb7bde6c60 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 2672 start_va = 0x7ffb7be10000 end_va = 0x7ffb7be18fff monitored = 0 entry_point = 0x7ffb7be121d0 region_type = mapped_file name = "httpprxc.dll" filename = "\\Windows\\System32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll") Region: id = 2673 start_va = 0x7ffb7c1f0000 end_va = 0x7ffb7c283fff monitored = 0 entry_point = 0x7ffb7c229210 region_type = mapped_file name = "staterepository.core.dll" filename = "\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll") Region: id = 2674 start_va = 0x7ffb7c290000 end_va = 0x7ffb7c532fff monitored = 0 entry_point = 0x7ffb7c2b6190 region_type = mapped_file name = "windows.staterepository.dll" filename = "\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll") Region: id = 2675 start_va = 0x7ffb7e480000 end_va = 0x7ffb7e4c3fff monitored = 0 entry_point = 0x7ffb7e48c010 region_type = mapped_file name = "execmodelclient.dll" filename = "\\Windows\\System32\\ExecModelClient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll") Region: id = 2676 start_va = 0x7ffb7e9b0000 end_va = 0x7ffb7e9c1fff monitored = 0 entry_point = 0x7ffb7e9b3580 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 2677 start_va = 0x7ffb7ea60000 end_va = 0x7ffb7ea70fff monitored = 0 entry_point = 0x7ffb7ea628d0 region_type = mapped_file name = "credentialmigrationhandler.dll" filename = "\\Windows\\System32\\CredentialMigrationHandler.dll" (normalized: "c:\\windows\\system32\\credentialmigrationhandler.dll") Region: id = 2678 start_va = 0x7ffb7ea80000 end_va = 0x7ffb7eb1afff monitored = 0 entry_point = 0x7ffb7ea87220 region_type = mapped_file name = "settingsync.dll" filename = "\\Windows\\System32\\SettingSync.dll" (normalized: "c:\\windows\\system32\\settingsync.dll") Region: id = 2679 start_va = 0x7ffb7ef80000 end_va = 0x7ffb7ef89fff monitored = 0 entry_point = 0x7ffb7ef814c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 2680 start_va = 0x7ffb7f030000 end_va = 0x7ffb7f03dfff monitored = 0 entry_point = 0x7ffb7f031460 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 2681 start_va = 0x7ffb7f0e0000 end_va = 0x7ffb7f0effff monitored = 0 entry_point = 0x7ffb7f0e1700 region_type = mapped_file name = "proximityservicepal.dll" filename = "\\Windows\\System32\\ProximityServicePal.dll" (normalized: "c:\\windows\\system32\\proximityservicepal.dll") Region: id = 2682 start_va = 0x7ffb7f0f0000 end_va = 0x7ffb7f0f8fff monitored = 0 entry_point = 0x7ffb7f0f1ed0 region_type = mapped_file name = "proximitycommonpal.dll" filename = "\\Windows\\System32\\ProximityCommonPal.dll" (normalized: "c:\\windows\\system32\\proximitycommonpal.dll") Region: id = 2683 start_va = 0x7ffb7f100000 end_va = 0x7ffb7f12cfff monitored = 0 entry_point = 0x7ffb7f102290 region_type = mapped_file name = "proximitycommon.dll" filename = "\\Windows\\System32\\ProximityCommon.dll" (normalized: "c:\\windows\\system32\\proximitycommon.dll") Region: id = 2684 start_va = 0x7ffb7f130000 end_va = 0x7ffb7f181fff monitored = 0 entry_point = 0x7ffb7f1338e0 region_type = mapped_file name = "proximityservice.dll" filename = "\\Windows\\System32\\ProximityService.dll" (normalized: "c:\\windows\\system32\\proximityservice.dll") Region: id = 2685 start_va = 0x7ffb7f190000 end_va = 0x7ffb7f24ffff monitored = 0 entry_point = 0x7ffb7f1bfd20 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 2686 start_va = 0x7ffb7f250000 end_va = 0x7ffb7f264fff monitored = 0 entry_point = 0x7ffb7f252dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 2687 start_va = 0x7ffb7f400000 end_va = 0x7ffb7f413fff monitored = 0 entry_point = 0x7ffb7f402d50 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 2688 start_va = 0x7ffb7f8b0000 end_va = 0x7ffb7f8c8fff monitored = 0 entry_point = 0x7ffb7f8b4520 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 2689 start_va = 0x7ffb7fad0000 end_va = 0x7ffb7fb69fff monitored = 0 entry_point = 0x7ffb7faeada0 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 2690 start_va = 0x7ffb7fb80000 end_va = 0x7ffb7fbe6fff monitored = 0 entry_point = 0x7ffb7fb863e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2691 start_va = 0x7ffb7fc40000 end_va = 0x7ffb7fc4afff monitored = 0 entry_point = 0x7ffb7fc41d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 2692 start_va = 0x7ffb7fca0000 end_va = 0x7ffb7fcb9fff monitored = 0 entry_point = 0x7ffb7fca2430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 2693 start_va = 0x7ffb7fcc0000 end_va = 0x7ffb7fcd5fff monitored = 0 entry_point = 0x7ffb7fcc19f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 2694 start_va = 0x7ffb7fd30000 end_va = 0x7ffb7fd67fff monitored = 0 entry_point = 0x7ffb7fd48cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 2695 start_va = 0x7ffb7ff80000 end_va = 0x7ffb7ffc0fff monitored = 0 entry_point = 0x7ffb7ff84840 region_type = mapped_file name = "usermgrproxy.dll" filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll") Region: id = 2696 start_va = 0x7ffb80370000 end_va = 0x7ffb8041dfff monitored = 0 entry_point = 0x7ffb803880c0 region_type = mapped_file name = "windows.networking.connectivity.dll" filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll") Region: id = 2697 start_va = 0x7ffb80420000 end_va = 0x7ffb80431fff monitored = 0 entry_point = 0x7ffb80429260 region_type = mapped_file name = "rilproxy.dll" filename = "\\Windows\\System32\\rilproxy.dll" (normalized: "c:\\windows\\system32\\rilproxy.dll") Region: id = 2698 start_va = 0x7ffb80440000 end_va = 0x7ffb804f0fff monitored = 0 entry_point = 0x7ffb804b88b0 region_type = mapped_file name = "cellularapi.dll" filename = "\\Windows\\System32\\CellularAPI.dll" (normalized: "c:\\windows\\system32\\cellularapi.dll") Region: id = 2699 start_va = 0x7ffb80500000 end_va = 0x7ffb80524fff monitored = 0 entry_point = 0x7ffb80512f20 region_type = mapped_file name = "wificonnapi.dll" filename = "\\Windows\\System32\\wificonnapi.dll" (normalized: "c:\\windows\\system32\\wificonnapi.dll") Region: id = 2700 start_va = 0x7ffb80530000 end_va = 0x7ffb80540fff monitored = 0 entry_point = 0x7ffb80537ea0 region_type = mapped_file name = "dcpapi.dll" filename = "\\Windows\\System32\\dcpapi.dll" (normalized: "c:\\windows\\system32\\dcpapi.dll") Region: id = 2701 start_va = 0x7ffb80550000 end_va = 0x7ffb8055bfff monitored = 0 entry_point = 0x7ffb80552830 region_type = mapped_file name = "bi.dll" filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll") Region: id = 2702 start_va = 0x7ffb80560000 end_va = 0x7ffb80579fff monitored = 0 entry_point = 0x7ffb80562cf0 region_type = mapped_file name = "locationpelegacywinlocation.dll" filename = "\\Windows\\System32\\LocationPeLegacyWinLocation.dll" (normalized: "c:\\windows\\system32\\locationpelegacywinlocation.dll") Region: id = 2703 start_va = 0x7ffb80580000 end_va = 0x7ffb80596fff monitored = 0 entry_point = 0x7ffb80585630 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 2704 start_va = 0x7ffb805a0000 end_va = 0x7ffb805abfff monitored = 0 entry_point = 0x7ffb805a14d0 region_type = mapped_file name = "locationframeworkps.dll" filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll") Region: id = 2705 start_va = 0x7ffb805b0000 end_va = 0x7ffb80604fff monitored = 0 entry_point = 0x7ffb805b3fb0 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 2706 start_va = 0x7ffb80610000 end_va = 0x7ffb80646fff monitored = 0 entry_point = 0x7ffb80616020 region_type = mapped_file name = "gnssadapter.dll" filename = "\\Windows\\System32\\GnssAdapter.dll" (normalized: "c:\\windows\\system32\\gnssadapter.dll") Region: id = 2707 start_va = 0x7ffb80650000 end_va = 0x7ffb8066ffff monitored = 0 entry_point = 0x7ffb806539a0 region_type = mapped_file name = "locationwinpalmisc.dll" filename = "\\Windows\\System32\\LocationWinPalMisc.dll" (normalized: "c:\\windows\\system32\\locationwinpalmisc.dll") Region: id = 2708 start_va = 0x7ffb80670000 end_va = 0x7ffb80755fff monitored = 0 entry_point = 0x7ffb8068cf10 region_type = mapped_file name = "usermgr.dll" filename = "\\Windows\\System32\\usermgr.dll" (normalized: "c:\\windows\\system32\\usermgr.dll") Region: id = 2709 start_va = 0x7ffb807f0000 end_va = 0x7ffb808b7fff monitored = 0 entry_point = 0x7ffb808313f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 2710 start_va = 0x7ffb808c0000 end_va = 0x7ffb80920fff monitored = 0 entry_point = 0x7ffb808c4b50 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 2711 start_va = 0x7ffb80930000 end_va = 0x7ffb80aabfff monitored = 0 entry_point = 0x7ffb80981650 region_type = mapped_file name = "locationframework.dll" filename = "\\Windows\\System32\\LocationFramework.dll" (normalized: "c:\\windows\\system32\\locationframework.dll") Region: id = 2712 start_va = 0x7ffb80ab0000 end_va = 0x7ffb80abafff monitored = 0 entry_point = 0x7ffb80ab1770 region_type = mapped_file name = "lfsvc.dll" filename = "\\Windows\\System32\\lfsvc.dll" (normalized: "c:\\windows\\system32\\lfsvc.dll") Region: id = 2713 start_va = 0x7ffb81070000 end_va = 0x7ffb813f1fff monitored = 0 entry_point = 0x7ffb810c1220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 2714 start_va = 0x7ffb81400000 end_va = 0x7ffb81535fff monitored = 0 entry_point = 0x7ffb8142f350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 2715 start_va = 0x7ffb82580000 end_va = 0x7ffb82628fff monitored = 0 entry_point = 0x7ffb825a9010 region_type = mapped_file name = "windows.ui.dll" filename = "\\Windows\\System32\\Windows.UI.dll" (normalized: "c:\\windows\\system32\\windows.ui.dll") Region: id = 2716 start_va = 0x7ffb82630000 end_va = 0x7ffb8273dfff monitored = 0 entry_point = 0x7ffb8267eaa0 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll") Region: id = 2717 start_va = 0x7ffb82a40000 end_va = 0x7ffb82ab9fff monitored = 0 entry_point = 0x7ffb82a67630 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 2718 start_va = 0x7ffb82ac0000 end_va = 0x7ffb82ad2fff monitored = 0 entry_point = 0x7ffb82ac57f0 region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 2719 start_va = 0x7ffb82ae0000 end_va = 0x7ffb82b0dfff monitored = 0 entry_point = 0x7ffb82ae7550 region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 2720 start_va = 0x7ffb82b10000 end_va = 0x7ffb82b4dfff monitored = 0 entry_point = 0x7ffb82b1a050 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 2721 start_va = 0x7ffb82b50000 end_va = 0x7ffb82b76fff monitored = 0 entry_point = 0x7ffb82b53bf0 region_type = mapped_file name = "profsvcext.dll" filename = "\\Windows\\System32\\profsvcext.dll" (normalized: "c:\\windows\\system32\\profsvcext.dll") Region: id = 2722 start_va = 0x7ffb82b80000 end_va = 0x7ffb82b95fff monitored = 0 entry_point = 0x7ffb82b81b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 2723 start_va = 0x7ffb82ba0000 end_va = 0x7ffb82c03fff monitored = 0 entry_point = 0x7ffb82bb5ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 2724 start_va = 0x7ffb82c10000 end_va = 0x7ffb82c64fff monitored = 0 entry_point = 0x7ffb82c1fc00 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 2725 start_va = 0x7ffb82ec0000 end_va = 0x7ffb82f51fff monitored = 0 entry_point = 0x7ffb82f0a780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 2726 start_va = 0x7ffb83000000 end_va = 0x7ffb8300cfff monitored = 0 entry_point = 0x7ffb83002ca0 region_type = mapped_file name = "csystemeventsbrokerclient.dll" filename = "\\Windows\\System32\\CSystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\csystemeventsbrokerclient.dll") Region: id = 2727 start_va = 0x7ffb83010000 end_va = 0x7ffb8303efff monitored = 0 entry_point = 0x7ffb83018910 region_type = mapped_file name = "wptaskscheduler.dll" filename = "\\Windows\\System32\\WPTaskScheduler.dll" (normalized: "c:\\windows\\system32\\wptaskscheduler.dll") Region: id = 2728 start_va = 0x7ffb83040000 end_va = 0x7ffb8304ffff monitored = 0 entry_point = 0x7ffb83042c60 region_type = mapped_file name = "usermgrcli.dll" filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll") Region: id = 2729 start_va = 0x7ffb83050000 end_va = 0x7ffb83091fff monitored = 0 entry_point = 0x7ffb830527d0 region_type = mapped_file name = "mstask.dll" filename = "\\Windows\\System32\\mstask.dll" (normalized: "c:\\windows\\system32\\mstask.dll") Region: id = 2730 start_va = 0x7ffb830a0000 end_va = 0x7ffb8310dfff monitored = 0 entry_point = 0x7ffb830a7f60 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 2731 start_va = 0x7ffb83110000 end_va = 0x7ffb83120fff monitored = 0 entry_point = 0x7ffb83113320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 2732 start_va = 0x7ffb83130000 end_va = 0x7ffb83170fff monitored = 0 entry_point = 0x7ffb83147eb0 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 2733 start_va = 0x7ffb83180000 end_va = 0x7ffb8327bfff monitored = 0 entry_point = 0x7ffb831b6df0 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 2734 start_va = 0x7ffb83280000 end_va = 0x7ffb8333efff monitored = 0 entry_point = 0x7ffb832a1c50 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 2735 start_va = 0x7ffb83370000 end_va = 0x7ffb833a5fff monitored = 0 entry_point = 0x7ffb83380070 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 2736 start_va = 0x7ffb83c50000 end_va = 0x7ffb83c59fff monitored = 0 entry_point = 0x7ffb83c51660 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 2737 start_va = 0x7ffb83c60000 end_va = 0x7ffb83c77fff monitored = 0 entry_point = 0x7ffb83c65910 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 2738 start_va = 0x7ffb83c80000 end_va = 0x7ffb83dccfff monitored = 0 entry_point = 0x7ffb83cc3da0 region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 2739 start_va = 0x7ffb83fe0000 end_va = 0x7ffb83fe7fff monitored = 0 entry_point = 0x7ffb83fe13e0 region_type = mapped_file name = "dabapi.dll" filename = "\\Windows\\System32\\dabapi.dll" (normalized: "c:\\windows\\system32\\dabapi.dll") Region: id = 2740 start_va = 0x7ffb843d0000 end_va = 0x7ffb8448dfff monitored = 0 entry_point = 0x7ffb84412d40 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll") Region: id = 2741 start_va = 0x7ffb84880000 end_va = 0x7ffb848bffff monitored = 0 entry_point = 0x7ffb84891960 region_type = mapped_file name = "brokerlib.dll" filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll") Region: id = 2742 start_va = 0x7ffb84b60000 end_va = 0x7ffb84ff2fff monitored = 0 entry_point = 0x7ffb84b6f760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 2743 start_va = 0x7ffb85000000 end_va = 0x7ffb85066fff monitored = 0 entry_point = 0x7ffb8501e710 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll") Region: id = 2744 start_va = 0x7ffb850c0000 end_va = 0x7ffb85245fff monitored = 0 entry_point = 0x7ffb8510d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 2745 start_va = 0x7ffb85250000 end_va = 0x7ffb8526bfff monitored = 0 entry_point = 0x7ffb852537a0 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 2746 start_va = 0x7ffb85270000 end_va = 0x7ffb852a1fff monitored = 0 entry_point = 0x7ffb8527b0c0 region_type = mapped_file name = "shacct.dll" filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll") Region: id = 2747 start_va = 0x7ffb852b0000 end_va = 0x7ffb852c2fff monitored = 0 entry_point = 0x7ffb852b2760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 2748 start_va = 0x7ffb854e0000 end_va = 0x7ffb85506fff monitored = 0 entry_point = 0x7ffb854e7940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2749 start_va = 0x7ffb85530000 end_va = 0x7ffb855d9fff monitored = 0 entry_point = 0x7ffb85557910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 2750 start_va = 0x7ffb855e0000 end_va = 0x7ffb856dffff monitored = 0 entry_point = 0x7ffb85620f80 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 2751 start_va = 0x7ffb85770000 end_va = 0x7ffb8577bfff monitored = 0 entry_point = 0x7ffb85772480 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 2752 start_va = 0x7ffb85840000 end_va = 0x7ffb85871fff monitored = 0 entry_point = 0x7ffb85852340 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 2753 start_va = 0x7ffb85ab0000 end_va = 0x7ffb85abbfff monitored = 0 entry_point = 0x7ffb85ab2790 region_type = mapped_file name = "hid.dll" filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll") Region: id = 2754 start_va = 0x7ffb85ac0000 end_va = 0x7ffb85ae3fff monitored = 0 entry_point = 0x7ffb85ac3260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 2755 start_va = 0x7ffb85c60000 end_va = 0x7ffb85d53fff monitored = 0 entry_point = 0x7ffb85c6a960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 2756 start_va = 0x7ffb85d60000 end_va = 0x7ffb85da8fff monitored = 0 entry_point = 0x7ffb85d6a090 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 2757 start_va = 0x7ffb85e30000 end_va = 0x7ffb85e85fff monitored = 0 entry_point = 0x7ffb85e40bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2758 start_va = 0x7ffb85f30000 end_va = 0x7ffb85f3bfff monitored = 0 entry_point = 0x7ffb85f327e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 2759 start_va = 0x7ffb86010000 end_va = 0x7ffb86040fff monitored = 0 entry_point = 0x7ffb86017d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2760 start_va = 0x7ffb86070000 end_va = 0x7ffb860e9fff monitored = 0 entry_point = 0x7ffb86091a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 2761 start_va = 0x7ffb86130000 end_va = 0x7ffb86163fff monitored = 0 entry_point = 0x7ffb8614ae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2762 start_va = 0x7ffb86170000 end_va = 0x7ffb86179fff monitored = 0 entry_point = 0x7ffb86171830 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 2763 start_va = 0x7ffb86280000 end_va = 0x7ffb8629efff monitored = 0 entry_point = 0x7ffb86285d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 2764 start_va = 0x7ffb863f0000 end_va = 0x7ffb8644bfff monitored = 0 entry_point = 0x7ffb86406f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 2765 start_va = 0x7ffb864a0000 end_va = 0x7ffb864b6fff monitored = 0 entry_point = 0x7ffb864a79d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2766 start_va = 0x7ffb865c0000 end_va = 0x7ffb865cafff monitored = 0 entry_point = 0x7ffb865c19a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2767 start_va = 0x7ffb86600000 end_va = 0x7ffb86620fff monitored = 0 entry_point = 0x7ffb86610250 region_type = mapped_file name = "joinutil.dll" filename = "\\Windows\\System32\\joinutil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll") Region: id = 2768 start_va = 0x7ffb86650000 end_va = 0x7ffb86689fff monitored = 0 entry_point = 0x7ffb86658d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 2769 start_va = 0x7ffb86690000 end_va = 0x7ffb866b6fff monitored = 0 entry_point = 0x7ffb866a0aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 2770 start_va = 0x7ffb867a0000 end_va = 0x7ffb867ccfff monitored = 0 entry_point = 0x7ffb867b9d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2771 start_va = 0x7ffb86930000 end_va = 0x7ffb86948fff monitored = 0 entry_point = 0x7ffb86935e10 region_type = mapped_file name = "eventaggregation.dll" filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll") Region: id = 2772 start_va = 0x7ffb86950000 end_va = 0x7ffb86978fff monitored = 0 entry_point = 0x7ffb86964530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2773 start_va = 0x7ffb86980000 end_va = 0x7ffb86a18fff monitored = 0 entry_point = 0x7ffb869af4e0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 2774 start_va = 0x7ffb86ac0000 end_va = 0x7ffb86ad3fff monitored = 0 entry_point = 0x7ffb86ac52e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2775 start_va = 0x7ffb86ae0000 end_va = 0x7ffb86b2afff monitored = 0 entry_point = 0x7ffb86ae35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2776 start_va = 0x7ffb86b30000 end_va = 0x7ffb86b3efff monitored = 0 entry_point = 0x7ffb86b33210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 2777 start_va = 0x7ffb86b40000 end_va = 0x7ffb86b4ffff monitored = 0 entry_point = 0x7ffb86b456e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2778 start_va = 0x7ffb86b50000 end_va = 0x7ffb86b66fff monitored = 0 entry_point = 0x7ffb86b51390 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 2779 start_va = 0x7ffb86b70000 end_va = 0x7ffb871b3fff monitored = 0 entry_point = 0x7ffb86d364b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 2780 start_va = 0x7ffb871c0000 end_va = 0x7ffb87202fff monitored = 0 entry_point = 0x7ffb871d4b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2781 start_va = 0x7ffb87210000 end_va = 0x7ffb873f7fff monitored = 0 entry_point = 0x7ffb8723ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2782 start_va = 0x7ffb87400000 end_va = 0x7ffb87485fff monitored = 0 entry_point = 0x7ffb8740d8f0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 2783 start_va = 0x7ffb87490000 end_va = 0x7ffb87544fff monitored = 0 entry_point = 0x7ffb874d22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 2784 start_va = 0x7ffb87600000 end_va = 0x7ffb87654fff monitored = 0 entry_point = 0x7ffb87617970 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 2785 start_va = 0x7ffb87660000 end_va = 0x7ffb876c9fff monitored = 0 entry_point = 0x7ffb87696d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2786 start_va = 0x7ffb876d0000 end_va = 0x7ffb87896fff monitored = 0 entry_point = 0x7ffb8772db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2787 start_va = 0x7ffb878a0000 end_va = 0x7ffb87cc8fff monitored = 0 entry_point = 0x7ffb878c8740 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 2788 start_va = 0x7ffb87cf0000 end_va = 0x7ffb87d96fff monitored = 0 entry_point = 0x7ffb87cfb4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2789 start_va = 0x7ffb87f60000 end_va = 0x7ffb881dcfff monitored = 0 entry_point = 0x7ffb88034970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 2790 start_va = 0x7ffb88240000 end_va = 0x7ffb88382fff monitored = 0 entry_point = 0x7ffb88268210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2791 start_va = 0x7ffb88390000 end_va = 0x7ffb883fafff monitored = 0 entry_point = 0x7ffb883a90c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2792 start_va = 0x7ffb88410000 end_va = 0x7ffb88417fff monitored = 0 entry_point = 0x7ffb88411ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2793 start_va = 0x7ffb88420000 end_va = 0x7ffb885a5fff monitored = 0 entry_point = 0x7ffb8846ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2794 start_va = 0x7ffb885b0000 end_va = 0x7ffb88601fff monitored = 0 entry_point = 0x7ffb885bf530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2795 start_va = 0x7ffb88650000 end_va = 0x7ffb886ecfff monitored = 0 entry_point = 0x7ffb886578a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2796 start_va = 0x7ffb88760000 end_va = 0x7ffb88806fff monitored = 0 entry_point = 0x7ffb887758d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2797 start_va = 0x7ffb88810000 end_va = 0x7ffb88965fff monitored = 0 entry_point = 0x7ffb8881a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2798 start_va = 0x7ffb88970000 end_va = 0x7ffb88a8bfff monitored = 0 entry_point = 0x7ffb889b02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2799 start_va = 0x7ffb88bf0000 end_va = 0x7ffb8a14efff monitored = 0 entry_point = 0x7ffb88d511f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2800 start_va = 0x7ffb8a150000 end_va = 0x7ffb8a1abfff monitored = 0 entry_point = 0x7ffb8a16b720 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 2801 start_va = 0x7ffb8a1b0000 end_va = 0x7ffb8a25cfff monitored = 0 entry_point = 0x7ffb8a1c81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2802 start_va = 0x7ffb8a370000 end_va = 0x7ffb8a3cafff monitored = 0 entry_point = 0x7ffb8a3838b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2803 start_va = 0x7ffb8a3d0000 end_va = 0x7ffb8a490fff monitored = 0 entry_point = 0x7ffb8a3f0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2804 start_va = 0x7ffb8a4a0000 end_va = 0x7ffb8a660fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2808 start_va = 0x7100000 end_va = 0x71fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007100000" filename = "" Region: id = 2809 start_va = 0x7200000 end_va = 0x72fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007200000" filename = "" Region: id = 2842 start_va = 0x7300000 end_va = 0x73fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007300000" filename = "" Region: id = 2843 start_va = 0x7400000 end_va = 0x74fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007400000" filename = "" Region: id = 2844 start_va = 0x7500000 end_va = 0x75fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007500000" filename = "" Region: id = 2845 start_va = 0x500000 end_va = 0x500fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 2846 start_va = 0x7600000 end_va = 0x76fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007600000" filename = "" Region: id = 2847 start_va = 0x7700000 end_va = 0x77fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007700000" filename = "" Region: id = 2848 start_va = 0x7800000 end_va = 0x78fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007800000" filename = "" Region: id = 2849 start_va = 0x7900000 end_va = 0x79fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007900000" filename = "" Region: id = 2853 start_va = 0x7ffb74030000 end_va = 0x7ffb7414cfff monitored = 0 entry_point = 0x7ffb7405fe60 region_type = mapped_file name = "qmgr.dll" filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll") Region: id = 2854 start_va = 0x7a00000 end_va = 0x7afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007a00000" filename = "" Region: id = 2855 start_va = 0x3a80000 end_va = 0x3afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a80000" filename = "" Region: id = 2856 start_va = 0x7ffb85390000 end_va = 0x7ffb8539afff monitored = 0 entry_point = 0x7ffb85391de0 region_type = mapped_file name = "bitsperf.dll" filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll") Region: id = 2857 start_va = 0x6d00000 end_va = 0x6dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006d00000" filename = "" Region: id = 2858 start_va = 0x7000000 end_va = 0x71a6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007000000" filename = "" Region: id = 2859 start_va = 0x7b00000 end_va = 0x7cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007b00000" filename = "" Region: id = 2860 start_va = 0x7b00000 end_va = 0x7bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007b00000" filename = "" Region: id = 2861 start_va = 0x510000 end_va = 0x510fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 2862 start_va = 0x6e00000 end_va = 0x6efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006e00000" filename = "" Region: id = 2863 start_va = 0x7000000 end_va = 0x70fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007000000" filename = "" Region: id = 2864 start_va = 0x71a0000 end_va = 0x71a6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000071a0000" filename = "" Region: id = 2865 start_va = 0x7ffb84b40000 end_va = 0x7ffb84b53fff monitored = 0 entry_point = 0x7ffb84b42a00 region_type = mapped_file name = "bitsigd.dll" filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll") Region: id = 2866 start_va = 0x71b0000 end_va = 0x72affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000071b0000" filename = "" Region: id = 2867 start_va = 0x7ffb84b20000 end_va = 0x7ffb84b3efff monitored = 0 entry_point = 0x7ffb84b24960 region_type = mapped_file name = "ncprov.dll" filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll") Region: id = 2868 start_va = 0x7ffb7f5c0000 end_va = 0x7ffb7f626fff monitored = 0 entry_point = 0x7ffb7f5cb160 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 2869 start_va = 0x7ffb7f9e0000 end_va = 0x7ffb7f9f4fff monitored = 0 entry_point = 0x7ffb7f9e3460 region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 2870 start_va = 0x7c00000 end_va = 0x7cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c00000" filename = "" Region: id = 2871 start_va = 0x7d00000 end_va = 0x7dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007d00000" filename = "" Region: id = 2872 start_va = 0x7e00000 end_va = 0x7efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e00000" filename = "" Region: id = 2873 start_va = 0x520000 end_va = 0x530fff monitored = 0 entry_point = 0x52b160 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 2874 start_va = 0x540000 end_va = 0x544fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb") Region: id = 2875 start_va = 0x520000 end_va = 0x530fff monitored = 0 entry_point = 0x52b160 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 2876 start_va = 0x3b00000 end_va = 0x3b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b00000" filename = "" Region: id = 2877 start_va = 0x6b00000 end_va = 0x6bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006b00000" filename = "" Region: id = 2878 start_va = 0x6c00000 end_va = 0x6cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006c00000" filename = "" Region: id = 2879 start_va = 0x7ffb84b00000 end_va = 0x7ffb84b11fff monitored = 0 entry_point = 0x7ffb84b01a80 region_type = mapped_file name = "bitsproxy.dll" filename = "\\Windows\\System32\\BitsProxy.dll" (normalized: "c:\\windows\\system32\\bitsproxy.dll") Region: id = 2880 start_va = 0x7ffb7f250000 end_va = 0x7ffb7f264fff monitored = 0 entry_point = 0x7ffb7f252dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 2881 start_va = 0x520000 end_va = 0x521fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 2882 start_va = 0x7ffb7ea40000 end_va = 0x7ffb7ea5afff monitored = 0 entry_point = 0x7ffb7ea41040 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 2884 start_va = 0x7f00000 end_va = 0x7ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f00000" filename = "" Region: id = 2885 start_va = 0x8000000 end_va = 0x80fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008000000" filename = "" Region: id = 2886 start_va = 0x8100000 end_va = 0x81fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008100000" filename = "" Region: id = 3251 start_va = 0x520000 end_va = 0x520fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 3252 start_va = 0x8200000 end_va = 0x82fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008200000" filename = "" Region: id = 3253 start_va = 0x7ffb712c0000 end_va = 0x7ffb713cefff monitored = 0 entry_point = 0x7ffb712fc010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 3254 start_va = 0x7ffb7f700000 end_va = 0x7ffb7f792fff monitored = 0 entry_point = 0x7ffb7f709680 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll") Region: id = 3255 start_va = 0x7ffb75bc0000 end_va = 0x7ffb75bc9fff monitored = 0 entry_point = 0x7ffb75bc1350 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 3256 start_va = 0x520000 end_va = 0x521fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 3257 start_va = 0x8300000 end_va = 0x83fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008300000" filename = "" Region: id = 3258 start_va = 0x8400000 end_va = 0x84fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008400000" filename = "" Region: id = 3259 start_va = 0x8500000 end_va = 0x85fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008500000" filename = "" Region: id = 3260 start_va = 0x8600000 end_va = 0x86fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008600000" filename = "" Region: id = 3261 start_va = 0x8700000 end_va = 0x87fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008700000" filename = "" Region: id = 3262 start_va = 0x8800000 end_va = 0x88fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008800000" filename = "" Region: id = 3263 start_va = 0x530000 end_va = 0x53bfff monitored = 0 entry_point = 0x532a10 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 3264 start_va = 0x540000 end_va = 0x544fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb") Region: id = 3265 start_va = 0x8900000 end_va = 0x89fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008900000" filename = "" Region: id = 3266 start_va = 0x8a00000 end_va = 0x8afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008a00000" filename = "" Region: id = 3267 start_va = 0x530000 end_va = 0x540fff monitored = 0 entry_point = 0x53b160 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 3268 start_va = 0x4180000 end_va = 0x41fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004180000" filename = "" Region: id = 3269 start_va = 0x6b00000 end_va = 0x6bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006b00000" filename = "" Region: id = 3270 start_va = 0x6d00000 end_va = 0x6dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006d00000" filename = "" Region: id = 3271 start_va = 0x7000000 end_va = 0x70fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007000000" filename = "" Thread: id = 24 os_tid = 0xa44 Thread: id = 25 os_tid = 0xa28 Thread: id = 26 os_tid = 0x9f8 Thread: id = 27 os_tid = 0x9f4 Thread: id = 28 os_tid = 0x9f0 Thread: id = 29 os_tid = 0x9ec Thread: id = 30 os_tid = 0x9ac Thread: id = 31 os_tid = 0x99c Thread: id = 32 os_tid = 0x980 Thread: id = 33 os_tid = 0x974 Thread: id = 34 os_tid = 0x970 Thread: id = 35 os_tid = 0x958 Thread: id = 36 os_tid = 0x950 Thread: id = 37 os_tid = 0x934 Thread: id = 38 os_tid = 0x92c Thread: id = 39 os_tid = 0x91c Thread: id = 40 os_tid = 0x914 Thread: id = 41 os_tid = 0x910 Thread: id = 42 os_tid = 0x90c Thread: id = 43 os_tid = 0x904 Thread: id = 44 os_tid = 0x900 Thread: id = 45 os_tid = 0x8f8 Thread: id = 46 os_tid = 0x8f4 Thread: id = 47 os_tid = 0x8f0 Thread: id = 48 os_tid = 0x8ec Thread: id = 49 os_tid = 0x8e8 Thread: id = 50 os_tid = 0x898 Thread: id = 51 os_tid = 0x844 Thread: id = 52 os_tid = 0x82c Thread: id = 53 os_tid = 0x5e8 Thread: id = 54 os_tid = 0x65c Thread: id = 55 os_tid = 0x474 Thread: id = 56 os_tid = 0x5bc Thread: id = 57 os_tid = 0x538 Thread: id = 58 os_tid = 0x4a4 Thread: id = 59 os_tid = 0x4a0 Thread: id = 60 os_tid = 0x458 Thread: id = 61 os_tid = 0x448 Thread: id = 62 os_tid = 0x3ac Thread: id = 63 os_tid = 0x280 Thread: id = 64 os_tid = 0x258 Thread: id = 65 os_tid = 0x174 Thread: id = 66 os_tid = 0x14c Thread: id = 67 os_tid = 0x144 Thread: id = 68 os_tid = 0x148 Thread: id = 69 os_tid = 0x128 Thread: id = 70 os_tid = 0x124 Thread: id = 71 os_tid = 0x3f8 Thread: id = 72 os_tid = 0x3f4 Thread: id = 73 os_tid = 0x3e8 Thread: id = 74 os_tid = 0x3e0 Thread: id = 75 os_tid = 0x3d4 Thread: id = 76 os_tid = 0x37c Thread: id = 77 os_tid = 0x368 Thread: id = 79 os_tid = 0xb08 Thread: id = 80 os_tid = 0x30c Thread: id = 81 os_tid = 0x31c Thread: id = 82 os_tid = 0x2f4 Thread: id = 83 os_tid = 0x300 Thread: id = 84 os_tid = 0x314 Thread: id = 85 os_tid = 0x320 Thread: id = 86 os_tid = 0x318 Thread: id = 87 os_tid = 0x410 Thread: id = 88 os_tid = 0x564 Thread: id = 89 os_tid = 0x33c Thread: id = 90 os_tid = 0x2f8 Thread: id = 91 os_tid = 0x518 Thread: id = 92 os_tid = 0x2f0 Thread: id = 93 os_tid = 0xb1c Thread: id = 94 os_tid = 0x9c8 Thread: id = 95 os_tid = 0x580 Thread: id = 96 os_tid = 0x77c Thread: id = 97 os_tid = 0x9d4 Thread: id = 98 os_tid = 0x97c Thread: id = 99 os_tid = 0x9cc Thread: id = 101 os_tid = 0xaf4 Thread: id = 102 os_tid = 0xa34 Thread: id = 103 os_tid = 0xbdc Thread: id = 104 os_tid = 0x854 Thread: id = 105 os_tid = 0xa3c Thread: id = 106 os_tid = 0xaf0 Thread: id = 107 os_tid = 0x79c Thread: id = 108 os_tid = 0xb14 Thread: id = 109 os_tid = 0x180 Thread: id = 110 os_tid = 0x1c8 Thread: id = 111 os_tid = 0xbd8 Thread: id = 112 os_tid = 0x9dc Thread: id = 113 os_tid = 0x394 Thread: id = 114 os_tid = 0x740 Thread: id = 115 os_tid = 0x6e8 Thread: id = 116 os_tid = 0x678 Thread: id = 117 os_tid = 0x614