# Flog Txt Version 1
# Analyzer Version: 4.6.0
# Analyzer Build Date: Jul 8 2022 06:26:21
# Log Creation Date: 25.07.2022 10:21:53.561
Process:
id = "1"
image_name = "89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe"
filename = "c:\\users\\keecfmwgj\\desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe"
page_root = "0x44c41000"
os_pid = "0x9d0"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "analysis_target"
parent_id = "0"
os_parent_pid = "0x788"
cmd_line = "\"C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe\" "
cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f2de" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 114
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 115
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 116
start_va = 0x40000
end_va = 0x40fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 117
start_va = 0x50000
end_va = 0x53fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 118
start_va = 0x100000
end_va = 0x13ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 119
start_va = 0x190000
end_va = 0x28ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000190000"
filename = ""
Region:
id = 120
start_va = 0x2c0000
end_va = 0x37ffff
monitored = 1
entry_point = 0x37990e
region_type = mapped_file
name = "89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe"
filename = "\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe")
Region:
id = 121
start_va = 0x76f70000
end_va = 0x77118fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 122
start_va = 0x77150000
end_va = 0x772cffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 123
start_va = 0x7efb0000
end_va = 0x7efd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efb0000"
filename = ""
Region:
id = 124
start_va = 0x7efdb000
end_va = 0x7efddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdb000"
filename = ""
Region:
id = 125
start_va = 0x7efde000
end_va = 0x7efdefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efde000"
filename = ""
Region:
id = 126
start_va = 0x7efdf000
end_va = 0x7efdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdf000"
filename = ""
Region:
id = 127
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 128
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 129
start_va = 0x7fff0000
end_va = 0x7fffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 269
start_va = 0x380000
end_va = 0x55ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 270
start_va = 0x74a40000
end_va = 0x74a7efff
monitored = 0
entry_point = 0x74a6e088
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 271
start_va = 0x749e0000
end_va = 0x74a3bfff
monitored = 0
entry_point = 0x74a1f9f4
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 272
start_va = 0x749d0000
end_va = 0x749d7fff
monitored = 0
entry_point = 0x749d20f8
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 273
start_va = 0x76e50000
end_va = 0x76f6efff
monitored = 0
entry_point = 0x76e65340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 274
start_va = 0x75620000
end_va = 0x7572ffff
monitored = 0
entry_point = 0x75633283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 275
start_va = 0x76e50000
end_va = 0x76f6efff
monitored = 0
entry_point = 0x76e65340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 276
start_va = 0x76e50000
end_va = 0x76f6efff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076e50000"
filename = ""
Region:
id = 277
start_va = 0x76d50000
end_va = 0x76e49fff
monitored = 0
entry_point = 0x76d6a2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 278
start_va = 0x76d50000
end_va = 0x76e49fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076d50000"
filename = ""
Region:
id = 279
start_va = 0x560000
end_va = 0x7bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000560000"
filename = ""
Region:
id = 280
start_va = 0x74b40000
end_va = 0x74b89fff
monitored = 1
entry_point = 0x74b42e54
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll")
Region:
id = 281
start_va = 0x75620000
end_va = 0x7572ffff
monitored = 0
entry_point = 0x75633283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 282
start_va = 0x74dc0000
end_va = 0x74e06fff
monitored = 0
entry_point = 0x74dc74c1
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 283
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 284
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 285
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 286
start_va = 0x60000
end_va = 0xc6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 287
start_va = 0x380000
end_va = 0x46ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 288
start_va = 0x4e0000
end_va = 0x55ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004e0000"
filename = ""
Region:
id = 289
start_va = 0x380000
end_va = 0x3effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 290
start_va = 0x460000
end_va = 0x46ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000460000"
filename = ""
Region:
id = 291
start_va = 0x767e0000
end_va = 0x7687ffff
monitored = 0
entry_point = 0x767f49e5
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 292
start_va = 0x752c0000
end_va = 0x7536bfff
monitored = 0
entry_point = 0x752ca472
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 293
start_va = 0x74e10000
end_va = 0x74e28fff
monitored = 0
entry_point = 0x74e14975
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 294
start_va = 0x76450000
end_va = 0x7653ffff
monitored = 0
entry_point = 0x76460569
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 295
start_va = 0x74ca0000
end_va = 0x74cfffff
monitored = 0
entry_point = 0x74cba3b3
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 296
start_va = 0x74c90000
end_va = 0x74c9bfff
monitored = 0
entry_point = 0x74c910e1
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 297
start_va = 0x560000
end_va = 0x61ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000560000"
filename = ""
Region:
id = 298
start_va = 0x6c0000
end_va = 0x7bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006c0000"
filename = ""
Region:
id = 299
start_va = 0x74ab0000
end_va = 0x74b3cfff
monitored = 1
entry_point = 0x74ac2860
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")
Region:
id = 300
start_va = 0x72d00000
end_va = 0x72d02fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-synch-l1-2-0.dll"
filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")
Region:
id = 301
start_va = 0x76540000
end_va = 0x76596fff
monitored = 0
entry_point = 0x76559ba6
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 302
start_va = 0x76ae0000
end_va = 0x76b6ffff
monitored = 0
entry_point = 0x76af6343
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 303
start_va = 0x74f70000
end_va = 0x7506ffff
monitored = 0
entry_point = 0x74f8b6ed
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 304
start_va = 0x77120000
end_va = 0x77129fff
monitored = 0
entry_point = 0x771236a0
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")
Region:
id = 305
start_va = 0x76740000
end_va = 0x767dcfff
monitored = 0
entry_point = 0x76773fd7
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")
Region:
id = 306
start_va = 0x20000
end_va = 0x3dfff
monitored = 0
entry_point = 0x3158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 307
start_va = 0x7c0000
end_va = 0x947fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007c0000"
filename = ""
Region:
id = 308
start_va = 0x20000
end_va = 0x3dfff
monitored = 0
entry_point = 0x3158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 309
start_va = 0x769f0000
end_va = 0x76a4ffff
monitored = 0
entry_point = 0x76a0158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 310
start_va = 0x76380000
end_va = 0x7644bfff
monitored = 0
entry_point = 0x7638168b
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 311
start_va = 0x20000
end_va = 0x20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 312
start_va = 0x30000
end_va = 0x30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 313
start_va = 0x950000
end_va = 0xad0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000950000"
filename = ""
Region:
id = 314
start_va = 0xae0000
end_va = 0x1edffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000ae0000"
filename = ""
Region:
id = 315
start_va = 0x1ee0000
end_va = 0x1f9afff
monitored = 1
entry_point = 0x1f9990e
region_type = mapped_file
name = "89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe"
filename = "\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe")
Region:
id = 316
start_va = 0x1ee0000
end_va = 0x1f9afff
monitored = 1
entry_point = 0x1f9990e
region_type = mapped_file
name = "89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe"
filename = "\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe")
Region:
id = 317
start_va = 0x73ca0000
end_va = 0x73ca8fff
monitored = 0
entry_point = 0x73ca1220
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 318
start_va = 0x71ca0000
end_va = 0x7244efff
monitored = 1
entry_point = 0x71cbd0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 319
start_va = 0x714f0000
end_va = 0x71c9efff
monitored = 1
entry_point = 0x7150d0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 320
start_va = 0x71ca0000
end_va = 0x7244efff
monitored = 1
entry_point = 0x71cbd0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 321
start_va = 0x74a90000
end_va = 0x74aa3fff
monitored = 0
entry_point = 0x74a9ac00
region_type = mapped_file
name = "vcruntime140_clr0400.dll"
filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")
Region:
id = 322
start_va = 0x71bf0000
end_va = 0x71c9afff
monitored = 0
entry_point = 0x71c85f20
region_type = mapped_file
name = "ucrtbase_clr0400.dll"
filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")
Region:
id = 323
start_va = 0xd0000
end_va = 0xd0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 324
start_va = 0xe0000
end_va = 0xeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 325
start_va = 0xf0000
end_va = 0xfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 326
start_va = 0x140000
end_va = 0x14ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000140000"
filename = ""
Region:
id = 327
start_va = 0x150000
end_va = 0x15ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000150000"
filename = ""
Region:
id = 328
start_va = 0x160000
end_va = 0x16ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 329
start_va = 0x170000
end_va = 0x17ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000170000"
filename = ""
Region:
id = 330
start_va = 0x180000
end_va = 0x180fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000180000"
filename = ""
Region:
id = 331
start_va = 0x290000
end_va = 0x290fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000290000"
filename = ""
Region:
id = 332
start_va = 0x1ee0000
end_va = 0x207ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ee0000"
filename = ""
Region:
id = 333
start_va = 0x2080000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002080000"
filename = ""
Region:
id = 334
start_va = 0x670000
end_va = 0x6affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000670000"
filename = ""
Region:
id = 335
start_va = 0x20a0000
end_va = 0x219ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000020a0000"
filename = ""
Region:
id = 336
start_va = 0x2270000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002270000"
filename = ""
Region:
id = 337
start_va = 0x7efd8000
end_va = 0x7efdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd8000"
filename = ""
Region:
id = 338
start_va = 0x2a0000
end_va = 0x2affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002a0000"
filename = ""
Region:
id = 339
start_va = 0x22b0000
end_va = 0x42affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022b0000"
filename = ""
Region:
id = 340
start_va = 0x560000
end_va = 0x5fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000560000"
filename = ""
Region:
id = 341
start_va = 0x610000
end_va = 0x61ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000610000"
filename = ""
Region:
id = 342
start_va = 0x480000
end_va = 0x4bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000480000"
filename = ""
Region:
id = 343
start_va = 0x1ef0000
end_va = 0x1feffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ef0000"
filename = ""
Region:
id = 344
start_va = 0x2040000
end_va = 0x207ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002040000"
filename = ""
Region:
id = 345
start_va = 0x7efd5000
end_va = 0x7efd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd5000"
filename = ""
Region:
id = 346
start_va = 0x21f0000
end_va = 0x222ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021f0000"
filename = ""
Region:
id = 347
start_va = 0x4360000
end_va = 0x445ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004360000"
filename = ""
Region:
id = 348
start_va = 0x7efad000
end_va = 0x7efaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efad000"
filename = ""
Region:
id = 349
start_va = 0x4460000
end_va = 0x472efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 350
start_va = 0x6fe30000
end_va = 0x7123afff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")
Region:
id = 351
start_va = 0x75370000
end_va = 0x754cbfff
monitored = 0
entry_point = 0x753bba3d
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 352
start_va = 0x73bb0000
end_va = 0x73c2ffff
monitored = 0
entry_point = 0x73bc37c9
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 353
start_va = 0x4730000
end_va = 0x484ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004730000"
filename = ""
Region:
id = 354
start_va = 0x4730000
end_va = 0x480efff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004730000"
filename = ""
Region:
id = 355
start_va = 0x4810000
end_va = 0x484ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004810000"
filename = ""
Region:
id = 356
start_va = 0x2a0000
end_va = 0x2affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002a0000"
filename = ""
Region:
id = 357
start_va = 0x2b0000
end_va = 0x2bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002b0000"
filename = ""
Region:
id = 358
start_va = 0x74a80000
end_va = 0x74a82fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-xstate-l2-1-0.dll"
filename = "\\Windows\\SysWOW64\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")
Region:
id = 359
start_va = 0x71b60000
end_va = 0x71be8fff
monitored = 1
entry_point = 0x71b61130
region_type = mapped_file
name = "clrjit.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")
Region:
id = 360
start_va = 0x76a50000
end_va = 0x76adefff
monitored = 0
entry_point = 0x76a53fb1
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 361
start_va = 0x380000
end_va = 0x38ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 362
start_va = 0x3b0000
end_va = 0x3effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003b0000"
filename = ""
Region:
id = 363
start_va = 0x6f3d0000
end_va = 0x6fe24fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")
Region:
id = 364
start_va = 0x719b0000
end_va = 0x71b52fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.drawing.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")
Region:
id = 365
start_va = 0x6e560000
end_va = 0x6f3c5fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.windows.forms.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")
Region:
id = 366
start_va = 0x71400000
end_va = 0x719a3fff
monitored = 1
entry_point = 0x7198b692
region_type = mapped_file
name = "system.windows.forms.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.windows.forms\\v4.0_4.0.0.0__b77a5c561934e089\\system.windows.forms.dll")
Region:
id = 367
start_va = 0x390000
end_va = 0x391fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000390000"
filename = ""
Region:
id = 368
start_va = 0x71990000
end_va = 0x719a2fff
monitored = 1
entry_point = 0x7199d900
region_type = mapped_file
name = "nlssorting.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")
Region:
id = 369
start_va = 0x4850000
end_va = 0x4b21fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nlp"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp")
Region:
id = 370
start_va = 0x3a0000
end_va = 0x3affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003a0000"
filename = ""
Region:
id = 371
start_va = 0x3f0000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 372
start_va = 0x400000
end_va = 0x40ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 373
start_va = 0x410000
end_va = 0x41ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000410000"
filename = ""
Region:
id = 374
start_va = 0x420000
end_va = 0x42ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000420000"
filename = ""
Region:
id = 375
start_va = 0x430000
end_va = 0x43ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000430000"
filename = ""
Region:
id = 376
start_va = 0x440000
end_va = 0x44ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000440000"
filename = ""
Region:
id = 377
start_va = 0x450000
end_va = 0x45ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000450000"
filename = ""
Region:
id = 378
start_va = 0x470000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000470000"
filename = ""
Region:
id = 379
start_va = 0x4c0000
end_va = 0x4cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004c0000"
filename = ""
Region:
id = 380
start_va = 0x4d0000
end_va = 0x4dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004d0000"
filename = ""
Region:
id = 381
start_va = 0x600000
end_va = 0x60ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 382
start_va = 0x620000
end_va = 0x62ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000620000"
filename = ""
Region:
id = 383
start_va = 0x630000
end_va = 0x63ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000630000"
filename = ""
Region:
id = 384
start_va = 0x640000
end_va = 0x64ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 385
start_va = 0x650000
end_va = 0x65ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000650000"
filename = ""
Region:
id = 386
start_va = 0x660000
end_va = 0x66ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000660000"
filename = ""
Region:
id = 387
start_va = 0x6dd40000
end_va = 0x6e557fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.core.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")
Region:
id = 388
start_va = 0x71880000
end_va = 0x71984fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.configuration.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")
Region:
id = 389
start_va = 0x6d5c0000
end_va = 0x6dd33fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.xml.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")
Region:
id = 390
start_va = 0x75730000
end_va = 0x76379fff
monitored = 0
entry_point = 0x757b1601
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 391
start_va = 0x3a0000
end_va = 0x3a0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003a0000"
filename = ""
Region:
id = 392
start_va = 0x73d60000
end_va = 0x73d6afff
monitored = 0
entry_point = 0x73d61992
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")
Region:
id = 393
start_va = 0x3f0000
end_va = 0x45ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 394
start_va = 0x71860000
end_va = 0x71876fff
monitored = 0
entry_point = 0x718635fa
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")
Region:
id = 395
start_va = 0x73a70000
end_va = 0x73a86fff
monitored = 0
entry_point = 0x73a73573
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")
Region:
id = 396
start_va = 0x620000
end_va = 0x65bfff
monitored = 0
entry_point = 0x62128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 397
start_va = 0x620000
end_va = 0x65bfff
monitored = 0
entry_point = 0x62128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 398
start_va = 0x620000
end_va = 0x65bfff
monitored = 0
entry_point = 0x62128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 399
start_va = 0x620000
end_va = 0x65bfff
monitored = 0
entry_point = 0x62128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 400
start_va = 0x620000
end_va = 0x65bfff
monitored = 0
entry_point = 0x62128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 401
start_va = 0x73a30000
end_va = 0x73a6afff
monitored = 0
entry_point = 0x73a3128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 402
start_va = 0x42b0000
end_va = 0x4331fff
monitored = 0
entry_point = 0x42b19a9
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 403
start_va = 0x42b0000
end_va = 0x4331fff
monitored = 0
entry_point = 0x42b19a9
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 404
start_va = 0x717d0000
end_va = 0x71853fff
monitored = 0
entry_point = 0x717d19a9
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 405
start_va = 0x4b30000
end_va = 0x4c1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b30000"
filename = ""
Region:
id = 406
start_va = 0x3f0000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 407
start_va = 0x420000
end_va = 0x45ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000420000"
filename = ""
Region:
id = 408
start_va = 0x400000
end_va = 0x40ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 409
start_va = 0x410000
end_va = 0x41ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000410000"
filename = ""
Region:
id = 410
start_va = 0x470000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000470000"
filename = ""
Region:
id = 411
start_va = 0x71640000
end_va = 0x717cffff
monitored = 0
entry_point = 0x716dd026
region_type = mapped_file
name = "gdiplus.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")
Region:
id = 412
start_va = 0x42b0000
end_va = 0x432ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000042b0000"
filename = ""
Region:
id = 413
start_va = 0x4b70000
end_va = 0x4baffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b70000"
filename = ""
Region:
id = 414
start_va = 0x4c10000
end_va = 0x4c1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c10000"
filename = ""
Region:
id = 415
start_va = 0x4d50000
end_va = 0x4e4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d50000"
filename = ""
Region:
id = 416
start_va = 0x71630000
end_va = 0x71634fff
monitored = 0
entry_point = 0x716311d0
region_type = mapped_file
name = "shfolder.dll"
filename = "\\Windows\\SysWOW64\\shfolder.dll" (normalized: "c:\\windows\\syswow64\\shfolder.dll")
Region:
id = 417
start_va = 0x7efaa000
end_va = 0x7efacfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efaa000"
filename = ""
Region:
id = 418
start_va = 0x3f0000
end_va = 0x3f2fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "gdipfontcachev1.dat"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\gdipfontcachev1.dat")
Region:
id = 419
start_va = 0x400000
end_va = 0x406fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "marlett.ttf"
filename = "\\Windows\\Fonts\\marlett.ttf" (normalized: "c:\\windows\\fonts\\marlett.ttf")
Region:
id = 420
start_va = 0x400000
end_va = 0x406fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "marlett.ttf"
filename = "\\Windows\\Fonts\\marlett.ttf" (normalized: "c:\\windows\\fonts\\marlett.ttf")
Region:
id = 421
start_va = 0x4c20000
end_va = 0x4cdcfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arial.ttf"
filename = "\\Windows\\Fonts\\arial.ttf" (normalized: "c:\\windows\\fonts\\arial.ttf")
Region:
id = 422
start_va = 0x4c20000
end_va = 0x4cdcfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arial.ttf"
filename = "\\Windows\\Fonts\\arial.ttf" (normalized: "c:\\windows\\fonts\\arial.ttf")
Region:
id = 423
start_va = 0x4e50000
end_va = 0x4f4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e50000"
filename = ""
Region:
id = 424
start_va = 0x4c20000
end_va = 0x4ca7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ariali.ttf"
filename = "\\Windows\\Fonts\\ariali.ttf" (normalized: "c:\\windows\\fonts\\ariali.ttf")
Region:
id = 425
start_va = 0x4c20000
end_va = 0x4ca7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ariali.ttf"
filename = "\\Windows\\Fonts\\ariali.ttf" (normalized: "c:\\windows\\fonts\\ariali.ttf")
Region:
id = 426
start_va = 0x4c20000
end_va = 0x4cd6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialbd.ttf"
filename = "\\Windows\\Fonts\\arialbd.ttf" (normalized: "c:\\windows\\fonts\\arialbd.ttf")
Region:
id = 427
start_va = 0x4c20000
end_va = 0x4cd6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialbd.ttf"
filename = "\\Windows\\Fonts\\arialbd.ttf" (normalized: "c:\\windows\\fonts\\arialbd.ttf")
Region:
id = 428
start_va = 0x4c20000
end_va = 0x4ca9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialbi.ttf"
filename = "\\Windows\\Fonts\\arialbi.ttf" (normalized: "c:\\windows\\fonts\\arialbi.ttf")
Region:
id = 429
start_va = 0x4c20000
end_va = 0x4ca9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialbi.ttf"
filename = "\\Windows\\Fonts\\arialbi.ttf" (normalized: "c:\\windows\\fonts\\arialbi.ttf")
Region:
id = 430
start_va = 0x4f50000
end_va = 0x5ed2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "batang.ttc"
filename = "\\Windows\\Fonts\\batang.ttc" (normalized: "c:\\windows\\fonts\\batang.ttc")
Region:
id = 431
start_va = 0x4f50000
end_va = 0x5ed2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "batang.ttc"
filename = "\\Windows\\Fonts\\batang.ttc" (normalized: "c:\\windows\\fonts\\batang.ttc")
Region:
id = 432
start_va = 0x4f50000
end_va = 0x5ed2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "batang.ttc"
filename = "\\Windows\\Fonts\\batang.ttc" (normalized: "c:\\windows\\fonts\\batang.ttc")
Region:
id = 433
start_va = 0x5ee0000
end_va = 0x60dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005ee0000"
filename = ""
Region:
id = 434
start_va = 0x4f50000
end_va = 0x5ed2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "batang.ttc"
filename = "\\Windows\\Fonts\\batang.ttc" (normalized: "c:\\windows\\fonts\\batang.ttc")
Region:
id = 435
start_va = 0x4f50000
end_va = 0x5ed2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "batang.ttc"
filename = "\\Windows\\Fonts\\batang.ttc" (normalized: "c:\\windows\\fonts\\batang.ttc")
Region:
id = 436
start_va = 0x4c20000
end_va = 0x4ccdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cour.ttf"
filename = "\\Windows\\Fonts\\cour.ttf" (normalized: "c:\\windows\\fonts\\cour.ttf")
Region:
id = 437
start_va = 0x4c20000
end_va = 0x4ccdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cour.ttf"
filename = "\\Windows\\Fonts\\cour.ttf" (normalized: "c:\\windows\\fonts\\cour.ttf")
Region:
id = 438
start_va = 0x4c20000
end_va = 0x4cb6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "couri.ttf"
filename = "\\Windows\\Fonts\\couri.ttf" (normalized: "c:\\windows\\fonts\\couri.ttf")
Region:
id = 439
start_va = 0x4c20000
end_va = 0x4cb6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "couri.ttf"
filename = "\\Windows\\Fonts\\couri.ttf" (normalized: "c:\\windows\\fonts\\couri.ttf")
Region:
id = 440
start_va = 0x4c20000
end_va = 0x4ccdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "courbd.ttf"
filename = "\\Windows\\Fonts\\courbd.ttf" (normalized: "c:\\windows\\fonts\\courbd.ttf")
Region:
id = 441
start_va = 0x4c20000
end_va = 0x4ccdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "courbd.ttf"
filename = "\\Windows\\Fonts\\courbd.ttf" (normalized: "c:\\windows\\fonts\\courbd.ttf")
Region:
id = 442
start_va = 0x4c20000
end_va = 0x4ca1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "courbi.ttf"
filename = "\\Windows\\Fonts\\courbi.ttf" (normalized: "c:\\windows\\fonts\\courbi.ttf")
Region:
id = 443
start_va = 0x4c20000
end_va = 0x4ca1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "courbi.ttf"
filename = "\\Windows\\Fonts\\courbi.ttf" (normalized: "c:\\windows\\fonts\\courbi.ttf")
Region:
id = 444
start_va = 0x620000
end_va = 0x64efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "daunpenh.ttf"
filename = "\\Windows\\Fonts\\daunpenh.ttf" (normalized: "c:\\windows\\fonts\\daunpenh.ttf")
Region:
id = 445
start_va = 0x620000
end_va = 0x64efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "daunpenh.ttf"
filename = "\\Windows\\Fonts\\daunpenh.ttf" (normalized: "c:\\windows\\fonts\\daunpenh.ttf")
Region:
id = 446
start_va = 0x620000
end_va = 0x644fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "dokchamp.ttf"
filename = "\\Windows\\Fonts\\dokchamp.ttf" (normalized: "c:\\windows\\fonts\\dokchamp.ttf")
Region:
id = 447
start_va = 0x620000
end_va = 0x644fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "dokchamp.ttf"
filename = "\\Windows\\Fonts\\dokchamp.ttf" (normalized: "c:\\windows\\fonts\\dokchamp.ttf")
Region:
id = 448
start_va = 0x400000
end_va = 0x41afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "estre.ttf"
filename = "\\Windows\\Fonts\\estre.ttf" (normalized: "c:\\windows\\fonts\\estre.ttf")
Region:
id = 449
start_va = 0x400000
end_va = 0x41afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "estre.ttf"
filename = "\\Windows\\Fonts\\estre.ttf" (normalized: "c:\\windows\\fonts\\estre.ttf")
Region:
id = 450
start_va = 0x620000
end_va = 0x64afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "euphemia.ttf"
filename = "\\Windows\\Fonts\\euphemia.ttf" (normalized: "c:\\windows\\fonts\\euphemia.ttf")
Region:
id = 451
start_va = 0x620000
end_va = 0x64afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "euphemia.ttf"
filename = "\\Windows\\Fonts\\euphemia.ttf" (normalized: "c:\\windows\\fonts\\euphemia.ttf")
Region:
id = 452
start_va = 0x620000
end_va = 0x65efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gautami.ttf"
filename = "\\Windows\\Fonts\\gautami.ttf" (normalized: "c:\\windows\\fonts\\gautami.ttf")
Region:
id = 453
start_va = 0x620000
end_va = 0x65efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gautami.ttf"
filename = "\\Windows\\Fonts\\gautami.ttf" (normalized: "c:\\windows\\fonts\\gautami.ttf")
Region:
id = 454
start_va = 0x620000
end_va = 0x656fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gautamib.ttf"
filename = "\\Windows\\Fonts\\gautamib.ttf" (normalized: "c:\\windows\\fonts\\gautamib.ttf")
Region:
id = 455
start_va = 0x620000
end_va = 0x656fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gautamib.ttf"
filename = "\\Windows\\Fonts\\gautamib.ttf" (normalized: "c:\\windows\\fonts\\gautamib.ttf")
Region:
id = 456
start_va = 0x42b0000
end_va = 0x430efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vani.ttf"
filename = "\\Windows\\Fonts\\Vani.ttf" (normalized: "c:\\windows\\fonts\\vani.ttf")
Region:
id = 457
start_va = 0x4320000
end_va = 0x432ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004320000"
filename = ""
Region:
id = 458
start_va = 0x42b0000
end_va = 0x430efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vani.ttf"
filename = "\\Windows\\Fonts\\Vani.ttf" (normalized: "c:\\windows\\fonts\\vani.ttf")
Region:
id = 459
start_va = 0x42b0000
end_va = 0x430afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vanib.ttf"
filename = "\\Windows\\Fonts\\Vanib.ttf" (normalized: "c:\\windows\\fonts\\vanib.ttf")
Region:
id = 460
start_va = 0x42b0000
end_va = 0x430afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vanib.ttf"
filename = "\\Windows\\Fonts\\Vanib.ttf" (normalized: "c:\\windows\\fonts\\vanib.ttf")
Region:
id = 461
start_va = 0x4f50000
end_va = 0x5c35fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gulim.ttc"
filename = "\\Windows\\Fonts\\gulim.ttc" (normalized: "c:\\windows\\fonts\\gulim.ttc")
Region:
id = 462
start_va = 0x4f50000
end_va = 0x5c35fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gulim.ttc"
filename = "\\Windows\\Fonts\\gulim.ttc" (normalized: "c:\\windows\\fonts\\gulim.ttc")
Region:
id = 463
start_va = 0x4f50000
end_va = 0x5c35fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gulim.ttc"
filename = "\\Windows\\Fonts\\gulim.ttc" (normalized: "c:\\windows\\fonts\\gulim.ttc")
Region:
id = 464
start_va = 0x4f50000
end_va = 0x5c35fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gulim.ttc"
filename = "\\Windows\\Fonts\\gulim.ttc" (normalized: "c:\\windows\\fonts\\gulim.ttc")
Region:
id = 465
start_va = 0x60e0000
end_va = 0x64dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000060e0000"
filename = ""
Region:
id = 466
start_va = 0x4f50000
end_va = 0x5c35fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gulim.ttc"
filename = "\\Windows\\Fonts\\gulim.ttc" (normalized: "c:\\windows\\fonts\\gulim.ttc")
Region:
id = 467
start_va = 0x620000
end_va = 0x641fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "impact.ttf"
filename = "\\Windows\\Fonts\\impact.ttf" (normalized: "c:\\windows\\fonts\\impact.ttf")
Region:
id = 468
start_va = 0x620000
end_va = 0x641fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "impact.ttf"
filename = "\\Windows\\Fonts\\impact.ttf" (normalized: "c:\\windows\\fonts\\impact.ttf")
Region:
id = 469
start_va = 0x4c20000
end_va = 0x4ca5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iskpota.ttf"
filename = "\\Windows\\Fonts\\iskpota.ttf" (normalized: "c:\\windows\\fonts\\iskpota.ttf")
Region:
id = 470
start_va = 0x4c20000
end_va = 0x4ca5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iskpota.ttf"
filename = "\\Windows\\Fonts\\iskpota.ttf" (normalized: "c:\\windows\\fonts\\iskpota.ttf")
Region:
id = 471
start_va = 0x42b0000
end_va = 0x430afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iskpotab.ttf"
filename = "\\Windows\\Fonts\\iskpotab.ttf" (normalized: "c:\\windows\\fonts\\iskpotab.ttf")
Region:
id = 472
start_va = 0x42b0000
end_va = 0x430afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iskpotab.ttf"
filename = "\\Windows\\Fonts\\iskpotab.ttf" (normalized: "c:\\windows\\fonts\\iskpotab.ttf")
Region:
id = 473
start_va = 0x620000
end_va = 0x653fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kalinga.ttf"
filename = "\\Windows\\Fonts\\kalinga.ttf" (normalized: "c:\\windows\\fonts\\kalinga.ttf")
Region:
id = 474
start_va = 0x620000
end_va = 0x653fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kalinga.ttf"
filename = "\\Windows\\Fonts\\kalinga.ttf" (normalized: "c:\\windows\\fonts\\kalinga.ttf")
Region:
id = 475
start_va = 0x620000
end_va = 0x652fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kalingab.ttf"
filename = "\\Windows\\Fonts\\kalingab.ttf" (normalized: "c:\\windows\\fonts\\kalingab.ttf")
Region:
id = 476
start_va = 0x620000
end_va = 0x652fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kalingab.ttf"
filename = "\\Windows\\Fonts\\kalingab.ttf" (normalized: "c:\\windows\\fonts\\kalingab.ttf")
Region:
id = 477
start_va = 0x620000
end_va = 0x640fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kartika.ttf"
filename = "\\Windows\\Fonts\\kartika.ttf" (normalized: "c:\\windows\\fonts\\kartika.ttf")
Region:
id = 478
start_va = 0x620000
end_va = 0x640fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kartika.ttf"
filename = "\\Windows\\Fonts\\kartika.ttf" (normalized: "c:\\windows\\fonts\\kartika.ttf")
Region:
id = 479
start_va = 0x400000
end_va = 0x41efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kartikab.ttf"
filename = "\\Windows\\Fonts\\kartikab.ttf" (normalized: "c:\\windows\\fonts\\kartikab.ttf")
Region:
id = 480
start_va = 0x400000
end_va = 0x41efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kartikab.ttf"
filename = "\\Windows\\Fonts\\kartikab.ttf" (normalized: "c:\\windows\\fonts\\kartikab.ttf")
Region:
id = 481
start_va = 0x42b0000
end_va = 0x4300fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "khmerui.ttf"
filename = "\\Windows\\Fonts\\KhmerUI.ttf" (normalized: "c:\\windows\\fonts\\khmerui.ttf")
Region:
id = 482
start_va = 0x42b0000
end_va = 0x4300fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "khmerui.ttf"
filename = "\\Windows\\Fonts\\KhmerUI.ttf" (normalized: "c:\\windows\\fonts\\khmerui.ttf")
Region:
id = 483
start_va = 0x620000
end_va = 0x660fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "khmeruib.ttf"
filename = "\\Windows\\Fonts\\KhmerUIb.ttf" (normalized: "c:\\windows\\fonts\\khmeruib.ttf")
Region:
id = 484
start_va = 0x620000
end_va = 0x660fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "khmeruib.ttf"
filename = "\\Windows\\Fonts\\KhmerUIb.ttf" (normalized: "c:\\windows\\fonts\\khmeruib.ttf")
Region:
id = 485
start_va = 0x400000
end_va = 0x417fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "laoui.ttf"
filename = "\\Windows\\Fonts\\LaoUI.ttf" (normalized: "c:\\windows\\fonts\\laoui.ttf")
Region:
id = 486
start_va = 0x400000
end_va = 0x417fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "laoui.ttf"
filename = "\\Windows\\Fonts\\LaoUI.ttf" (normalized: "c:\\windows\\fonts\\laoui.ttf")
Region:
id = 487
start_va = 0x400000
end_va = 0x415fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "laouib.ttf"
filename = "\\Windows\\Fonts\\LaoUIb.ttf" (normalized: "c:\\windows\\fonts\\laouib.ttf")
Region:
id = 488
start_va = 0x400000
end_va = 0x415fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "laouib.ttf"
filename = "\\Windows\\Fonts\\LaoUIb.ttf" (normalized: "c:\\windows\\fonts\\laouib.ttf")
Region:
id = 489
start_va = 0x400000
end_va = 0x41dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "latha.ttf"
filename = "\\Windows\\Fonts\\latha.ttf" (normalized: "c:\\windows\\fonts\\latha.ttf")
Region:
id = 490
start_va = 0x400000
end_va = 0x41dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "latha.ttf"
filename = "\\Windows\\Fonts\\latha.ttf" (normalized: "c:\\windows\\fonts\\latha.ttf")
Region:
id = 491
start_va = 0x400000
end_va = 0x41dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lathab.ttf"
filename = "\\Windows\\Fonts\\lathab.ttf" (normalized: "c:\\windows\\fonts\\lathab.ttf")
Region:
id = 492
start_va = 0x400000
end_va = 0x41dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lathab.ttf"
filename = "\\Windows\\Fonts\\lathab.ttf" (normalized: "c:\\windows\\fonts\\lathab.ttf")
Region:
id = 493
start_va = 0x400000
end_va = 0x41cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lucon.ttf"
filename = "\\Windows\\Fonts\\lucon.ttf" (normalized: "c:\\windows\\fonts\\lucon.ttf")
Region:
id = 494
start_va = 0x400000
end_va = 0x41cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lucon.ttf"
filename = "\\Windows\\Fonts\\lucon.ttf" (normalized: "c:\\windows\\fonts\\lucon.ttf")
Region:
id = 495
start_va = 0x4f50000
end_va = 0x5372fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "malgun.ttf"
filename = "\\Windows\\Fonts\\malgun.ttf" (normalized: "c:\\windows\\fonts\\malgun.ttf")
Region:
id = 496
start_va = 0x4f50000
end_va = 0x5372fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "malgun.ttf"
filename = "\\Windows\\Fonts\\malgun.ttf" (normalized: "c:\\windows\\fonts\\malgun.ttf")
Region:
id = 497
start_va = 0x4f50000
end_va = 0x539efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "malgunbd.ttf"
filename = "\\Windows\\Fonts\\malgunbd.ttf" (normalized: "c:\\windows\\fonts\\malgunbd.ttf")
Region:
id = 498
start_va = 0x4f50000
end_va = 0x539efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "malgunbd.ttf"
filename = "\\Windows\\Fonts\\malgunbd.ttf" (normalized: "c:\\windows\\fonts\\malgunbd.ttf")
Region:
id = 499
start_va = 0x620000
end_va = 0x652fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mangal.ttf"
filename = "\\Windows\\Fonts\\mangal.ttf" (normalized: "c:\\windows\\fonts\\mangal.ttf")
Region:
id = 500
start_va = 0x620000
end_va = 0x652fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mangal.ttf"
filename = "\\Windows\\Fonts\\mangal.ttf" (normalized: "c:\\windows\\fonts\\mangal.ttf")
Region:
id = 501
start_va = 0x620000
end_va = 0x64efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mangalb.ttf"
filename = "\\Windows\\Fonts\\mangalb.ttf" (normalized: "c:\\windows\\fonts\\mangalb.ttf")
Region:
id = 502
start_va = 0x620000
end_va = 0x64efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mangalb.ttf"
filename = "\\Windows\\Fonts\\mangalb.ttf" (normalized: "c:\\windows\\fonts\\mangalb.ttf")
Region:
id = 503
start_va = 0x4f50000
end_va = 0x5867fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "meiryo.ttc"
filename = "\\Windows\\Fonts\\meiryo.ttc" (normalized: "c:\\windows\\fonts\\meiryo.ttc")
Region:
id = 504
start_va = 0x4f50000
end_va = 0x5867fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "meiryo.ttc"
filename = "\\Windows\\Fonts\\meiryo.ttc" (normalized: "c:\\windows\\fonts\\meiryo.ttc")
Region:
id = 505
start_va = 0x4f50000
end_va = 0x5867fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "meiryo.ttc"
filename = "\\Windows\\Fonts\\meiryo.ttc" (normalized: "c:\\windows\\fonts\\meiryo.ttc")
Region:
id = 506
start_va = 0x4f50000
end_va = 0x5867fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "meiryo.ttc"
filename = "\\Windows\\Fonts\\meiryo.ttc" (normalized: "c:\\windows\\fonts\\meiryo.ttc")
Region:
id = 507
start_va = 0x4f50000
end_va = 0x5867fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "meiryo.ttc"
filename = "\\Windows\\Fonts\\meiryo.ttc" (normalized: "c:\\windows\\fonts\\meiryo.ttc")
Region:
id = 508
start_va = 0x4f50000
end_va = 0x589cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "meiryob.ttc"
filename = "\\Windows\\Fonts\\meiryob.ttc" (normalized: "c:\\windows\\fonts\\meiryob.ttc")
Region:
id = 509
start_va = 0x4f50000
end_va = 0x589cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "meiryob.ttc"
filename = "\\Windows\\Fonts\\meiryob.ttc" (normalized: "c:\\windows\\fonts\\meiryob.ttc")
Region:
id = 510
start_va = 0x4f50000
end_va = 0x589cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "meiryob.ttc"
filename = "\\Windows\\Fonts\\meiryob.ttc" (normalized: "c:\\windows\\fonts\\meiryob.ttc")
Region:
id = 511
start_va = 0x4f50000
end_va = 0x589cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "meiryob.ttc"
filename = "\\Windows\\Fonts\\meiryob.ttc" (normalized: "c:\\windows\\fonts\\meiryob.ttc")
Region:
id = 512
start_va = 0x4f50000
end_va = 0x589cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "meiryob.ttc"
filename = "\\Windows\\Fonts\\meiryob.ttc" (normalized: "c:\\windows\\fonts\\meiryob.ttc")
Region:
id = 513
start_va = 0x64e0000
end_va = 0x6cdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000064e0000"
filename = ""
Region:
id = 514
start_va = 0x4c20000
end_va = 0x4cb4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "himalaya.ttf"
filename = "\\Windows\\Fonts\\himalaya.ttf" (normalized: "c:\\windows\\fonts\\himalaya.ttf")
Region:
id = 515
start_va = 0x4c20000
end_va = 0x4cb4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "himalaya.ttf"
filename = "\\Windows\\Fonts\\himalaya.ttf" (normalized: "c:\\windows\\fonts\\himalaya.ttf")
Region:
id = 516
start_va = 0x6ce0000
end_va = 0x8188fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msjh.ttf"
filename = "\\Windows\\Fonts\\msjh.ttf" (normalized: "c:\\windows\\fonts\\msjh.ttf")
Region:
id = 517
start_va = 0x6ce0000
end_va = 0x8188fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msjh.ttf"
filename = "\\Windows\\Fonts\\msjh.ttf" (normalized: "c:\\windows\\fonts\\msjh.ttf")
Region:
id = 518
start_va = 0x4f50000
end_va = 0x5d26fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msjhbd.ttf"
filename = "\\Windows\\Fonts\\msjhbd.ttf" (normalized: "c:\\windows\\fonts\\msjhbd.ttf")
Region:
id = 519
start_va = 0x4f50000
end_va = 0x5d26fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msjhbd.ttf"
filename = "\\Windows\\Fonts\\msjhbd.ttf" (normalized: "c:\\windows\\fonts\\msjhbd.ttf")
Region:
id = 520
start_va = 0x6ce0000
end_va = 0x81a2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msyh.ttf"
filename = "\\Windows\\Fonts\\msyh.ttf" (normalized: "c:\\windows\\fonts\\msyh.ttf")
Region:
id = 521
start_va = 0x6ce0000
end_va = 0x81a2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msyh.ttf"
filename = "\\Windows\\Fonts\\msyh.ttf" (normalized: "c:\\windows\\fonts\\msyh.ttf")
Region:
id = 522
start_va = 0x4f50000
end_va = 0x5d3dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msyhbd.ttf"
filename = "\\Windows\\Fonts\\msyhbd.ttf" (normalized: "c:\\windows\\fonts\\msyhbd.ttf")
Region:
id = 523
start_va = 0x4f50000
end_va = 0x5d3dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msyhbd.ttf"
filename = "\\Windows\\Fonts\\msyhbd.ttf" (normalized: "c:\\windows\\fonts\\msyhbd.ttf")
Region:
id = 524
start_va = 0x6ce0000
end_va = 0x8b99fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mingliu.ttc"
filename = "\\Windows\\Fonts\\mingliu.ttc" (normalized: "c:\\windows\\fonts\\mingliu.ttc")
Region:
id = 525
start_va = 0x6ce0000
end_va = 0x8b99fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mingliu.ttc"
filename = "\\Windows\\Fonts\\mingliu.ttc" (normalized: "c:\\windows\\fonts\\mingliu.ttc")
Region:
id = 526
start_va = 0x6ce0000
end_va = 0x8b99fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mingliu.ttc"
filename = "\\Windows\\Fonts\\mingliu.ttc" (normalized: "c:\\windows\\fonts\\mingliu.ttc")
Region:
id = 527
start_va = 0x6ce0000
end_va = 0x8b99fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mingliu.ttc"
filename = "\\Windows\\Fonts\\mingliu.ttc" (normalized: "c:\\windows\\fonts\\mingliu.ttc")
Region:
id = 528
start_va = 0x6ce0000
end_va = 0x8d1dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mingliub.ttc"
filename = "\\Windows\\Fonts\\mingliub.ttc" (normalized: "c:\\windows\\fonts\\mingliub.ttc")
Region:
id = 529
start_va = 0x6ce0000
end_va = 0x8d1dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mingliub.ttc"
filename = "\\Windows\\Fonts\\mingliub.ttc" (normalized: "c:\\windows\\fonts\\mingliub.ttc")
Region:
id = 530
start_va = 0x6ce0000
end_va = 0x8d1dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mingliub.ttc"
filename = "\\Windows\\Fonts\\mingliub.ttc" (normalized: "c:\\windows\\fonts\\mingliub.ttc")
Region:
id = 531
start_va = 0x6ce0000
end_va = 0x8d1dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mingliub.ttc"
filename = "\\Windows\\Fonts\\mingliub.ttc" (normalized: "c:\\windows\\fonts\\mingliub.ttc")
Region:
id = 532
start_va = 0x42b0000
end_va = 0x4307fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "monbaiti.ttf"
filename = "\\Windows\\Fonts\\monbaiti.ttf" (normalized: "c:\\windows\\fonts\\monbaiti.ttf")
Region:
id = 533
start_va = 0x42b0000
end_va = 0x4307fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "monbaiti.ttf"
filename = "\\Windows\\Fonts\\monbaiti.ttf" (normalized: "c:\\windows\\fonts\\monbaiti.ttf")
Region:
id = 534
start_va = 0x4f50000
end_va = 0x5810fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msgothic.ttc"
filename = "\\Windows\\Fonts\\msgothic.ttc" (normalized: "c:\\windows\\fonts\\msgothic.ttc")
Region:
id = 535
start_va = 0x4f50000
end_va = 0x5810fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msgothic.ttc"
filename = "\\Windows\\Fonts\\msgothic.ttc" (normalized: "c:\\windows\\fonts\\msgothic.ttc")
Region:
id = 536
start_va = 0x4f50000
end_va = 0x5810fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msgothic.ttc"
filename = "\\Windows\\Fonts\\msgothic.ttc" (normalized: "c:\\windows\\fonts\\msgothic.ttc")
Region:
id = 537
start_va = 0x4f50000
end_va = 0x5810fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msgothic.ttc"
filename = "\\Windows\\Fonts\\msgothic.ttc" (normalized: "c:\\windows\\fonts\\msgothic.ttc")
Region:
id = 538
start_va = 0x4f50000
end_va = 0x58e7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msmincho.ttc"
filename = "\\Windows\\Fonts\\msmincho.ttc" (normalized: "c:\\windows\\fonts\\msmincho.ttc")
Region:
id = 539
start_va = 0x4f50000
end_va = 0x58e7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msmincho.ttc"
filename = "\\Windows\\Fonts\\msmincho.ttc" (normalized: "c:\\windows\\fonts\\msmincho.ttc")
Region:
id = 540
start_va = 0x4f50000
end_va = 0x58e7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msmincho.ttc"
filename = "\\Windows\\Fonts\\msmincho.ttc" (normalized: "c:\\windows\\fonts\\msmincho.ttc")
Region:
id = 541
start_va = 0x400000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mvboli.ttf"
filename = "\\Windows\\Fonts\\mvboli.ttf" (normalized: "c:\\windows\\fonts\\mvboli.ttf")
Region:
id = 542
start_va = 0x400000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mvboli.ttf"
filename = "\\Windows\\Fonts\\mvboli.ttf" (normalized: "c:\\windows\\fonts\\mvboli.ttf")
Region:
id = 543
start_va = 0x400000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntailu.ttf"
filename = "\\Windows\\Fonts\\ntailu.ttf" (normalized: "c:\\windows\\fonts\\ntailu.ttf")
Region:
id = 544
start_va = 0x400000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntailu.ttf"
filename = "\\Windows\\Fonts\\ntailu.ttf" (normalized: "c:\\windows\\fonts\\ntailu.ttf")
Region:
id = 545
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntailub.ttf"
filename = "\\Windows\\Fonts\\ntailub.ttf" (normalized: "c:\\windows\\fonts\\ntailub.ttf")
Region:
id = 546
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntailub.ttf"
filename = "\\Windows\\Fonts\\ntailub.ttf" (normalized: "c:\\windows\\fonts\\ntailub.ttf")
Region:
id = 547
start_va = 0x42b0000
end_va = 0x431afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "nyala.ttf"
filename = "\\Windows\\Fonts\\nyala.ttf" (normalized: "c:\\windows\\fonts\\nyala.ttf")
Region:
id = 548
start_va = 0x42b0000
end_va = 0x431afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "nyala.ttf"
filename = "\\Windows\\Fonts\\nyala.ttf" (normalized: "c:\\windows\\fonts\\nyala.ttf")
Region:
id = 549
start_va = 0x620000
end_va = 0x643fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "phagspa.ttf"
filename = "\\Windows\\Fonts\\phagspa.ttf" (normalized: "c:\\windows\\fonts\\phagspa.ttf")
Region:
id = 550
start_va = 0x620000
end_va = 0x643fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "phagspa.ttf"
filename = "\\Windows\\Fonts\\phagspa.ttf" (normalized: "c:\\windows\\fonts\\phagspa.ttf")
Region:
id = 551
start_va = 0x620000
end_va = 0x644fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "phagspab.ttf"
filename = "\\Windows\\Fonts\\phagspab.ttf" (normalized: "c:\\windows\\fonts\\phagspab.ttf")
Region:
id = 552
start_va = 0x620000
end_va = 0x644fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "phagspab.ttf"
filename = "\\Windows\\Fonts\\phagspab.ttf" (normalized: "c:\\windows\\fonts\\phagspab.ttf")
Region:
id = 553
start_va = 0x400000
end_va = 0x41dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "plantc.ttf"
filename = "\\Windows\\Fonts\\plantc.ttf" (normalized: "c:\\windows\\fonts\\plantc.ttf")
Region:
id = 554
start_va = 0x400000
end_va = 0x41dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "plantc.ttf"
filename = "\\Windows\\Fonts\\plantc.ttf" (normalized: "c:\\windows\\fonts\\plantc.ttf")
Region:
id = 555
start_va = 0x400000
end_va = 0x417fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "raavi.ttf"
filename = "\\Windows\\Fonts\\raavi.ttf" (normalized: "c:\\windows\\fonts\\raavi.ttf")
Region:
id = 556
start_va = 0x400000
end_va = 0x417fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "raavi.ttf"
filename = "\\Windows\\Fonts\\raavi.ttf" (normalized: "c:\\windows\\fonts\\raavi.ttf")
Region:
id = 557
start_va = 0x400000
end_va = 0x416fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "raavib.ttf"
filename = "\\Windows\\Fonts\\raavib.ttf" (normalized: "c:\\windows\\fonts\\raavib.ttf")
Region:
id = 558
start_va = 0x400000
end_va = 0x416fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "raavib.ttf"
filename = "\\Windows\\Fonts\\raavib.ttf" (normalized: "c:\\windows\\fonts\\raavib.ttf")
Region:
id = 559
start_va = 0x4c20000
end_va = 0x4cb7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoesc.ttf"
filename = "\\Windows\\Fonts\\segoesc.ttf" (normalized: "c:\\windows\\fonts\\segoesc.ttf")
Region:
id = 560
start_va = 0x4c20000
end_va = 0x4cb7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoesc.ttf"
filename = "\\Windows\\Fonts\\segoesc.ttf" (normalized: "c:\\windows\\fonts\\segoesc.ttf")
Region:
id = 561
start_va = 0x4c20000
end_va = 0x4cb3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoescb.ttf"
filename = "\\Windows\\Fonts\\segoescb.ttf" (normalized: "c:\\windows\\fonts\\segoescb.ttf")
Region:
id = 562
start_va = 0x4c20000
end_va = 0x4cb3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoescb.ttf"
filename = "\\Windows\\Fonts\\segoescb.ttf" (normalized: "c:\\windows\\fonts\\segoescb.ttf")
Region:
id = 563
start_va = 0x4c20000
end_va = 0x4c9efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeui.ttf"
filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf")
Region:
id = 564
start_va = 0x4c20000
end_va = 0x4c9efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeui.ttf"
filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf")
Region:
id = 565
start_va = 0x4c20000
end_va = 0x4c99fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeuib.ttf"
filename = "\\Windows\\Fonts\\segoeuib.ttf" (normalized: "c:\\windows\\fonts\\segoeuib.ttf")
Region:
id = 566
start_va = 0x4c20000
end_va = 0x4c99fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeuib.ttf"
filename = "\\Windows\\Fonts\\segoeuib.ttf" (normalized: "c:\\windows\\fonts\\segoeuib.ttf")
Region:
id = 567
start_va = 0x42b0000
end_va = 0x430efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeuii.ttf"
filename = "\\Windows\\Fonts\\segoeuii.ttf" (normalized: "c:\\windows\\fonts\\segoeuii.ttf")
Region:
id = 568
start_va = 0x42b0000
end_va = 0x430efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeuii.ttf"
filename = "\\Windows\\Fonts\\segoeuii.ttf" (normalized: "c:\\windows\\fonts\\segoeuii.ttf")
Region:
id = 569
start_va = 0x42b0000
end_va = 0x4311fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeuiz.ttf"
filename = "\\Windows\\Fonts\\segoeuiz.ttf" (normalized: "c:\\windows\\fonts\\segoeuiz.ttf")
Region:
id = 570
start_va = 0x42b0000
end_va = 0x4311fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeuiz.ttf"
filename = "\\Windows\\Fonts\\segoeuiz.ttf" (normalized: "c:\\windows\\fonts\\segoeuiz.ttf")
Region:
id = 571
start_va = 0x42b0000
end_va = 0x4313fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "seguisb.ttf"
filename = "\\Windows\\Fonts\\seguisb.ttf" (normalized: "c:\\windows\\fonts\\seguisb.ttf")
Region:
id = 572
start_va = 0x42b0000
end_va = 0x4313fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "seguisb.ttf"
filename = "\\Windows\\Fonts\\seguisb.ttf" (normalized: "c:\\windows\\fonts\\seguisb.ttf")
Region:
id = 573
start_va = 0x42b0000
end_va = 0x4300fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeuil.ttf"
filename = "\\Windows\\Fonts\\segoeuil.ttf" (normalized: "c:\\windows\\fonts\\segoeuil.ttf")
Region:
id = 574
start_va = 0x42b0000
end_va = 0x4300fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeuil.ttf"
filename = "\\Windows\\Fonts\\segoeuil.ttf" (normalized: "c:\\windows\\fonts\\segoeuil.ttf")
Region:
id = 575
start_va = 0x4c20000
end_va = 0x4c9efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "seguisym.ttf"
filename = "\\Windows\\Fonts\\seguisym.ttf" (normalized: "c:\\windows\\fonts\\seguisym.ttf")
Region:
id = 576
start_va = 0x4c20000
end_va = 0x4c9efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "seguisym.ttf"
filename = "\\Windows\\Fonts\\seguisym.ttf" (normalized: "c:\\windows\\fonts\\seguisym.ttf")
Region:
id = 577
start_va = 0x620000
end_va = 0x661fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "shruti.ttf"
filename = "\\Windows\\Fonts\\shruti.ttf" (normalized: "c:\\windows\\fonts\\shruti.ttf")
Region:
id = 578
start_va = 0x620000
end_va = 0x661fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "shruti.ttf"
filename = "\\Windows\\Fonts\\shruti.ttf" (normalized: "c:\\windows\\fonts\\shruti.ttf")
Region:
id = 579
start_va = 0x620000
end_va = 0x659fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "shrutib.ttf"
filename = "\\Windows\\Fonts\\shrutib.ttf" (normalized: "c:\\windows\\fonts\\shrutib.ttf")
Region:
id = 580
start_va = 0x620000
end_va = 0x659fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "shrutib.ttf"
filename = "\\Windows\\Fonts\\shrutib.ttf" (normalized: "c:\\windows\\fonts\\shrutib.ttf")
Region:
id = 581
start_va = 0x4f50000
end_va = 0x5dedfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simsun.ttc"
filename = "\\Windows\\Fonts\\simsun.ttc" (normalized: "c:\\windows\\fonts\\simsun.ttc")
Region:
id = 582
start_va = 0x4f50000
end_va = 0x5dedfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simsun.ttc"
filename = "\\Windows\\Fonts\\simsun.ttc" (normalized: "c:\\windows\\fonts\\simsun.ttc")
Region:
id = 583
start_va = 0x4f50000
end_va = 0x5dedfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simsun.ttc"
filename = "\\Windows\\Fonts\\simsun.ttc" (normalized: "c:\\windows\\fonts\\simsun.ttc")
Region:
id = 584
start_va = 0x4f50000
end_va = 0x5e01fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simsunb.ttf"
filename = "\\Windows\\Fonts\\simsunb.ttf" (normalized: "c:\\windows\\fonts\\simsunb.ttf")
Region:
id = 585
start_va = 0x4f50000
end_va = 0x5e01fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simsunb.ttf"
filename = "\\Windows\\Fonts\\simsunb.ttf" (normalized: "c:\\windows\\fonts\\simsunb.ttf")
Region:
id = 586
start_va = 0x620000
end_va = 0x657fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sylfaen.ttf"
filename = "\\Windows\\Fonts\\sylfaen.ttf" (normalized: "c:\\windows\\fonts\\sylfaen.ttf")
Region:
id = 587
start_va = 0x620000
end_va = 0x657fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sylfaen.ttf"
filename = "\\Windows\\Fonts\\sylfaen.ttf" (normalized: "c:\\windows\\fonts\\sylfaen.ttf")
Region:
id = 588
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "taile.ttf"
filename = "\\Windows\\Fonts\\taile.ttf" (normalized: "c:\\windows\\fonts\\taile.ttf")
Region:
id = 589
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "taile.ttf"
filename = "\\Windows\\Fonts\\taile.ttf" (normalized: "c:\\windows\\fonts\\taile.ttf")
Region:
id = 590
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "taileb.ttf"
filename = "\\Windows\\Fonts\\taileb.ttf" (normalized: "c:\\windows\\fonts\\taileb.ttf")
Region:
id = 591
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "taileb.ttf"
filename = "\\Windows\\Fonts\\taileb.ttf" (normalized: "c:\\windows\\fonts\\taileb.ttf")
Region:
id = 592
start_va = 0x4c20000
end_va = 0x4cebfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "times.ttf"
filename = "\\Windows\\Fonts\\times.ttf" (normalized: "c:\\windows\\fonts\\times.ttf")
Region:
id = 593
start_va = 0x4c20000
end_va = 0x4cebfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "times.ttf"
filename = "\\Windows\\Fonts\\times.ttf" (normalized: "c:\\windows\\fonts\\times.ttf")
Region:
id = 594
start_va = 0x4c20000
end_va = 0x4cc1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "timesi.ttf"
filename = "\\Windows\\Fonts\\timesi.ttf" (normalized: "c:\\windows\\fonts\\timesi.ttf")
Region:
id = 595
start_va = 0x4c20000
end_va = 0x4cc1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "timesi.ttf"
filename = "\\Windows\\Fonts\\timesi.ttf" (normalized: "c:\\windows\\fonts\\timesi.ttf")
Region:
id = 596
start_va = 0x4c20000
end_va = 0x4cedfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "timesbd.ttf"
filename = "\\Windows\\Fonts\\timesbd.ttf" (normalized: "c:\\windows\\fonts\\timesbd.ttf")
Region:
id = 597
start_va = 0x4c20000
end_va = 0x4cedfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "timesbd.ttf"
filename = "\\Windows\\Fonts\\timesbd.ttf" (normalized: "c:\\windows\\fonts\\timesbd.ttf")
Region:
id = 598
start_va = 0x4c20000
end_va = 0x4cb7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "timesbi.ttf"
filename = "\\Windows\\Fonts\\timesbi.ttf" (normalized: "c:\\windows\\fonts\\timesbi.ttf")
Region:
id = 599
start_va = 0x4c20000
end_va = 0x4cb7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "timesbi.ttf"
filename = "\\Windows\\Fonts\\timesbi.ttf" (normalized: "c:\\windows\\fonts\\timesbi.ttf")
Region:
id = 600
start_va = 0x620000
end_va = 0x64efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tunga.ttf"
filename = "\\Windows\\Fonts\\tunga.ttf" (normalized: "c:\\windows\\fonts\\tunga.ttf")
Region:
id = 601
start_va = 0x620000
end_va = 0x64efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tunga.ttf"
filename = "\\Windows\\Fonts\\tunga.ttf" (normalized: "c:\\windows\\fonts\\tunga.ttf")
Region:
id = 602
start_va = 0x620000
end_va = 0x64afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tungab.ttf"
filename = "\\Windows\\Fonts\\tungab.ttf" (normalized: "c:\\windows\\fonts\\tungab.ttf")
Region:
id = 603
start_va = 0x620000
end_va = 0x64afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tungab.ttf"
filename = "\\Windows\\Fonts\\tungab.ttf" (normalized: "c:\\windows\\fonts\\tungab.ttf")
Region:
id = 604
start_va = 0x620000
end_va = 0x65ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vrinda.ttf"
filename = "\\Windows\\Fonts\\vrinda.ttf" (normalized: "c:\\windows\\fonts\\vrinda.ttf")
Region:
id = 605
start_va = 0x620000
end_va = 0x65ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vrinda.ttf"
filename = "\\Windows\\Fonts\\vrinda.ttf" (normalized: "c:\\windows\\fonts\\vrinda.ttf")
Region:
id = 606
start_va = 0x620000
end_va = 0x65efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vrindab.ttf"
filename = "\\Windows\\Fonts\\vrindab.ttf" (normalized: "c:\\windows\\fonts\\vrindab.ttf")
Region:
id = 607
start_va = 0x620000
end_va = 0x65efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vrindab.ttf"
filename = "\\Windows\\Fonts\\vrindab.ttf" (normalized: "c:\\windows\\fonts\\vrindab.ttf")
Region:
id = 608
start_va = 0x42b0000
end_va = 0x4303fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "shonar.ttf"
filename = "\\Windows\\Fonts\\Shonar.ttf" (normalized: "c:\\windows\\fonts\\shonar.ttf")
Region:
id = 609
start_va = 0x42b0000
end_va = 0x4303fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "shonar.ttf"
filename = "\\Windows\\Fonts\\Shonar.ttf" (normalized: "c:\\windows\\fonts\\shonar.ttf")
Region:
id = 610
start_va = 0x620000
end_va = 0x669fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "shonarb.ttf"
filename = "\\Windows\\Fonts\\Shonarb.ttf" (normalized: "c:\\windows\\fonts\\shonarb.ttf")
Region:
id = 611
start_va = 0x620000
end_va = 0x669fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "shonarb.ttf"
filename = "\\Windows\\Fonts\\Shonarb.ttf" (normalized: "c:\\windows\\fonts\\shonarb.ttf")
Region:
id = 612
start_va = 0x42b0000
end_va = 0x4303fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msyi.ttf"
filename = "\\Windows\\Fonts\\msyi.ttf" (normalized: "c:\\windows\\fonts\\msyi.ttf")
Region:
id = 613
start_va = 0x42b0000
end_va = 0x4303fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msyi.ttf"
filename = "\\Windows\\Fonts\\msyi.ttf" (normalized: "c:\\windows\\fonts\\msyi.ttf")
Region:
id = 614
start_va = 0x4c20000
end_va = 0x4ccafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tahoma.ttf"
filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf")
Region:
id = 615
start_va = 0x4c20000
end_va = 0x4ccafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tahoma.ttf"
filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf")
Region:
id = 616
start_va = 0x4c20000
end_va = 0x4cbefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tahomabd.ttf"
filename = "\\Windows\\Fonts\\tahomabd.ttf" (normalized: "c:\\windows\\fonts\\tahomabd.ttf")
Region:
id = 617
start_va = 0x4c20000
end_va = 0x4cbefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tahomabd.ttf"
filename = "\\Windows\\Fonts\\tahomabd.ttf" (normalized: "c:\\windows\\fonts\\tahomabd.ttf")
Region:
id = 618
start_va = 0x4c20000
end_va = 0x4cbffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "micross.ttf"
filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf")
Region:
id = 619
start_va = 0x4c20000
end_va = 0x4cbffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "micross.ttf"
filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf")
Region:
id = 620
start_va = 0x400000
end_va = 0x41afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsa.ttf"
filename = "\\Windows\\Fonts\\angsa.ttf" (normalized: "c:\\windows\\fonts\\angsa.ttf")
Region:
id = 621
start_va = 0x400000
end_va = 0x41afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsa.ttf"
filename = "\\Windows\\Fonts\\angsa.ttf" (normalized: "c:\\windows\\fonts\\angsa.ttf")
Region:
id = 622
start_va = 0x400000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsai.ttf"
filename = "\\Windows\\Fonts\\angsai.ttf" (normalized: "c:\\windows\\fonts\\angsai.ttf")
Region:
id = 623
start_va = 0x400000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsai.ttf"
filename = "\\Windows\\Fonts\\angsai.ttf" (normalized: "c:\\windows\\fonts\\angsai.ttf")
Region:
id = 624
start_va = 0x400000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsab.ttf"
filename = "\\Windows\\Fonts\\angsab.ttf" (normalized: "c:\\windows\\fonts\\angsab.ttf")
Region:
id = 625
start_va = 0x400000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsab.ttf"
filename = "\\Windows\\Fonts\\angsab.ttf" (normalized: "c:\\windows\\fonts\\angsab.ttf")
Region:
id = 626
start_va = 0x400000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsaz.ttf"
filename = "\\Windows\\Fonts\\angsaz.ttf" (normalized: "c:\\windows\\fonts\\angsaz.ttf")
Region:
id = 627
start_va = 0x400000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsaz.ttf"
filename = "\\Windows\\Fonts\\angsaz.ttf" (normalized: "c:\\windows\\fonts\\angsaz.ttf")
Region:
id = 628
start_va = 0x620000
end_va = 0x656fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "aparaj.ttf"
filename = "\\Windows\\Fonts\\aparaj.ttf" (normalized: "c:\\windows\\fonts\\aparaj.ttf")
Region:
id = 629
start_va = 0x620000
end_va = 0x656fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "aparaj.ttf"
filename = "\\Windows\\Fonts\\aparaj.ttf" (normalized: "c:\\windows\\fonts\\aparaj.ttf")
Region:
id = 630
start_va = 0x620000
end_va = 0x654fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "aparajb.ttf"
filename = "\\Windows\\Fonts\\aparajb.ttf" (normalized: "c:\\windows\\fonts\\aparajb.ttf")
Region:
id = 631
start_va = 0x620000
end_va = 0x654fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "aparajb.ttf"
filename = "\\Windows\\Fonts\\aparajb.ttf" (normalized: "c:\\windows\\fonts\\aparajb.ttf")
Region:
id = 632
start_va = 0x620000
end_va = 0x657fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "aparajbi.ttf"
filename = "\\Windows\\Fonts\\aparajbi.ttf" (normalized: "c:\\windows\\fonts\\aparajbi.ttf")
Region:
id = 633
start_va = 0x620000
end_va = 0x657fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "aparajbi.ttf"
filename = "\\Windows\\Fonts\\aparajbi.ttf" (normalized: "c:\\windows\\fonts\\aparajbi.ttf")
Region:
id = 634
start_va = 0x620000
end_va = 0x65afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "aparaji.ttf"
filename = "\\Windows\\Fonts\\aparaji.ttf" (normalized: "c:\\windows\\fonts\\aparaji.ttf")
Region:
id = 635
start_va = 0x620000
end_va = 0x65afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "aparaji.ttf"
filename = "\\Windows\\Fonts\\aparaji.ttf" (normalized: "c:\\windows\\fonts\\aparaji.ttf")
Region:
id = 636
start_va = 0x400000
end_va = 0x41afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordia.ttf"
filename = "\\Windows\\Fonts\\cordia.ttf" (normalized: "c:\\windows\\fonts\\cordia.ttf")
Region:
id = 637
start_va = 0x400000
end_va = 0x41afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordia.ttf"
filename = "\\Windows\\Fonts\\cordia.ttf" (normalized: "c:\\windows\\fonts\\cordia.ttf")
Region:
id = 638
start_va = 0x400000
end_va = 0x418fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordiai.ttf"
filename = "\\Windows\\Fonts\\cordiai.ttf" (normalized: "c:\\windows\\fonts\\cordiai.ttf")
Region:
id = 639
start_va = 0x400000
end_va = 0x418fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordiai.ttf"
filename = "\\Windows\\Fonts\\cordiai.ttf" (normalized: "c:\\windows\\fonts\\cordiai.ttf")
Region:
id = 640
start_va = 0x400000
end_va = 0x417fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordiab.ttf"
filename = "\\Windows\\Fonts\\cordiab.ttf" (normalized: "c:\\windows\\fonts\\cordiab.ttf")
Region:
id = 641
start_va = 0x400000
end_va = 0x417fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordiab.ttf"
filename = "\\Windows\\Fonts\\cordiab.ttf" (normalized: "c:\\windows\\fonts\\cordiab.ttf")
Region:
id = 642
start_va = 0x400000
end_va = 0x417fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordiaz.ttf"
filename = "\\Windows\\Fonts\\cordiaz.ttf" (normalized: "c:\\windows\\fonts\\cordiaz.ttf")
Region:
id = 643
start_va = 0x400000
end_va = 0x417fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordiaz.ttf"
filename = "\\Windows\\Fonts\\cordiaz.ttf" (normalized: "c:\\windows\\fonts\\cordiaz.ttf")
Region:
id = 644
start_va = 0x620000
end_va = 0x66afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ebrima.ttf"
filename = "\\Windows\\Fonts\\ebrima.ttf" (normalized: "c:\\windows\\fonts\\ebrima.ttf")
Region:
id = 645
start_va = 0x620000
end_va = 0x66afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ebrima.ttf"
filename = "\\Windows\\Fonts\\ebrima.ttf" (normalized: "c:\\windows\\fonts\\ebrima.ttf")
Region:
id = 646
start_va = 0x620000
end_va = 0x668fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ebrimabd.ttf"
filename = "\\Windows\\Fonts\\ebrimabd.ttf" (normalized: "c:\\windows\\fonts\\ebrimabd.ttf")
Region:
id = 647
start_va = 0x620000
end_va = 0x668fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ebrimabd.ttf"
filename = "\\Windows\\Fonts\\ebrimabd.ttf" (normalized: "c:\\windows\\fonts\\ebrimabd.ttf")
Region:
id = 648
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gisha.ttf"
filename = "\\Windows\\Fonts\\gisha.ttf" (normalized: "c:\\windows\\fonts\\gisha.ttf")
Region:
id = 649
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gisha.ttf"
filename = "\\Windows\\Fonts\\gisha.ttf" (normalized: "c:\\windows\\fonts\\gisha.ttf")
Region:
id = 650
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gishabd.ttf"
filename = "\\Windows\\Fonts\\gishabd.ttf" (normalized: "c:\\windows\\fonts\\gishabd.ttf")
Region:
id = 651
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gishabd.ttf"
filename = "\\Windows\\Fonts\\gishabd.ttf" (normalized: "c:\\windows\\fonts\\gishabd.ttf")
Region:
id = 652
start_va = 0x620000
end_va = 0x651fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kokila.ttf"
filename = "\\Windows\\Fonts\\kokila.ttf" (normalized: "c:\\windows\\fonts\\kokila.ttf")
Region:
id = 653
start_va = 0x620000
end_va = 0x651fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kokila.ttf"
filename = "\\Windows\\Fonts\\kokila.ttf" (normalized: "c:\\windows\\fonts\\kokila.ttf")
Region:
id = 654
start_va = 0x620000
end_va = 0x651fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kokilab.ttf"
filename = "\\Windows\\Fonts\\kokilab.ttf" (normalized: "c:\\windows\\fonts\\kokilab.ttf")
Region:
id = 655
start_va = 0x620000
end_va = 0x651fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kokilab.ttf"
filename = "\\Windows\\Fonts\\kokilab.ttf" (normalized: "c:\\windows\\fonts\\kokilab.ttf")
Region:
id = 656
start_va = 0x620000
end_va = 0x659fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kokilabi.ttf"
filename = "\\Windows\\Fonts\\kokilabi.ttf" (normalized: "c:\\windows\\fonts\\kokilabi.ttf")
Region:
id = 657
start_va = 0x620000
end_va = 0x659fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kokilabi.ttf"
filename = "\\Windows\\Fonts\\kokilabi.ttf" (normalized: "c:\\windows\\fonts\\kokilabi.ttf")
Region:
id = 658
start_va = 0x620000
end_va = 0x65bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kokilai.ttf"
filename = "\\Windows\\Fonts\\kokilai.ttf" (normalized: "c:\\windows\\fonts\\kokilai.ttf")
Region:
id = 659
start_va = 0x620000
end_va = 0x65bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kokilai.ttf"
filename = "\\Windows\\Fonts\\kokilai.ttf" (normalized: "c:\\windows\\fonts\\kokilai.ttf")
Region:
id = 660
start_va = 0x400000
end_va = 0x416fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "leelawad.ttf"
filename = "\\Windows\\Fonts\\leelawad.ttf" (normalized: "c:\\windows\\fonts\\leelawad.ttf")
Region:
id = 661
start_va = 0x400000
end_va = 0x416fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "leelawad.ttf"
filename = "\\Windows\\Fonts\\leelawad.ttf" (normalized: "c:\\windows\\fonts\\leelawad.ttf")
Region:
id = 662
start_va = 0x400000
end_va = 0x416fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "leelawdb.ttf"
filename = "\\Windows\\Fonts\\leelawdb.ttf" (normalized: "c:\\windows\\fonts\\leelawdb.ttf")
Region:
id = 663
start_va = 0x400000
end_va = 0x416fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "leelawdb.ttf"
filename = "\\Windows\\Fonts\\leelawdb.ttf" (normalized: "c:\\windows\\fonts\\leelawdb.ttf")
Region:
id = 664
start_va = 0x620000
end_va = 0x656fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msuighur.ttf"
filename = "\\Windows\\Fonts\\msuighur.ttf" (normalized: "c:\\windows\\fonts\\msuighur.ttf")
Region:
id = 665
start_va = 0x620000
end_va = 0x656fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msuighur.ttf"
filename = "\\Windows\\Fonts\\msuighur.ttf" (normalized: "c:\\windows\\fonts\\msuighur.ttf")
Region:
id = 666
start_va = 0x42b0000
end_va = 0x4303fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "moolbor.ttf"
filename = "\\Windows\\Fonts\\moolbor.ttf" (normalized: "c:\\windows\\fonts\\moolbor.ttf")
Region:
id = 667
start_va = 0x42b0000
end_va = 0x4303fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "moolbor.ttf"
filename = "\\Windows\\Fonts\\moolbor.ttf" (normalized: "c:\\windows\\fonts\\moolbor.ttf")
Region:
id = 668
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "symbol.ttf"
filename = "\\Windows\\Fonts\\symbol.ttf" (normalized: "c:\\windows\\fonts\\symbol.ttf")
Region:
id = 669
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "symbol.ttf"
filename = "\\Windows\\Fonts\\symbol.ttf" (normalized: "c:\\windows\\fonts\\symbol.ttf")
Region:
id = 670
start_va = 0x620000
end_va = 0x654fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "utsaah.ttf"
filename = "\\Windows\\Fonts\\utsaah.ttf" (normalized: "c:\\windows\\fonts\\utsaah.ttf")
Region:
id = 671
start_va = 0x620000
end_va = 0x654fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "utsaah.ttf"
filename = "\\Windows\\Fonts\\utsaah.ttf" (normalized: "c:\\windows\\fonts\\utsaah.ttf")
Region:
id = 672
start_va = 0x620000
end_va = 0x653fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "utsaahb.ttf"
filename = "\\Windows\\Fonts\\utsaahb.ttf" (normalized: "c:\\windows\\fonts\\utsaahb.ttf")
Region:
id = 673
start_va = 0x620000
end_va = 0x653fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "utsaahb.ttf"
filename = "\\Windows\\Fonts\\utsaahb.ttf" (normalized: "c:\\windows\\fonts\\utsaahb.ttf")
Region:
id = 674
start_va = 0x620000
end_va = 0x655fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "utsaahbi.ttf"
filename = "\\Windows\\Fonts\\utsaahbi.ttf" (normalized: "c:\\windows\\fonts\\utsaahbi.ttf")
Region:
id = 675
start_va = 0x620000
end_va = 0x655fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "utsaahbi.ttf"
filename = "\\Windows\\Fonts\\utsaahbi.ttf" (normalized: "c:\\windows\\fonts\\utsaahbi.ttf")
Region:
id = 676
start_va = 0x620000
end_va = 0x65afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "utsaahi.ttf"
filename = "\\Windows\\Fonts\\utsaahi.ttf" (normalized: "c:\\windows\\fonts\\utsaahi.ttf")
Region:
id = 677
start_va = 0x620000
end_va = 0x65afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "utsaahi.ttf"
filename = "\\Windows\\Fonts\\utsaahi.ttf" (normalized: "c:\\windows\\fonts\\utsaahi.ttf")
Region:
id = 678
start_va = 0x620000
end_va = 0x649fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vijaya.ttf"
filename = "\\Windows\\Fonts\\vijaya.ttf" (normalized: "c:\\windows\\fonts\\vijaya.ttf")
Region:
id = 679
start_va = 0x620000
end_va = 0x649fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vijaya.ttf"
filename = "\\Windows\\Fonts\\vijaya.ttf" (normalized: "c:\\windows\\fonts\\vijaya.ttf")
Region:
id = 680
start_va = 0x620000
end_va = 0x645fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vijayab.ttf"
filename = "\\Windows\\Fonts\\vijayab.ttf" (normalized: "c:\\windows\\fonts\\vijayab.ttf")
Region:
id = 681
start_va = 0x620000
end_va = 0x645fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vijayab.ttf"
filename = "\\Windows\\Fonts\\vijayab.ttf" (normalized: "c:\\windows\\fonts\\vijayab.ttf")
Region:
id = 682
start_va = 0x400000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wingding.ttf"
filename = "\\Windows\\Fonts\\wingding.ttf" (normalized: "c:\\windows\\fonts\\wingding.ttf")
Region:
id = 683
start_va = 0x400000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wingding.ttf"
filename = "\\Windows\\Fonts\\wingding.ttf" (normalized: "c:\\windows\\fonts\\wingding.ttf")
Region:
id = 684
start_va = 0x400000
end_va = 0x402fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "modern.fon"
filename = "\\Windows\\Fonts\\modern.fon" (normalized: "c:\\windows\\fonts\\modern.fon")
Region:
id = 685
start_va = 0x400000
end_va = 0x403fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "roman.fon"
filename = "\\Windows\\Fonts\\roman.fon" (normalized: "c:\\windows\\fonts\\roman.fon")
Region:
id = 686
start_va = 0x400000
end_va = 0x402fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "script.fon"
filename = "\\Windows\\Fonts\\script.fon" (normalized: "c:\\windows\\fonts\\script.fon")
Region:
id = 687
start_va = 0x620000
end_va = 0x646fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "andlso.ttf"
filename = "\\Windows\\Fonts\\andlso.ttf" (normalized: "c:\\windows\\fonts\\andlso.ttf")
Region:
id = 688
start_va = 0x620000
end_va = 0x646fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "andlso.ttf"
filename = "\\Windows\\Fonts\\andlso.ttf" (normalized: "c:\\windows\\fonts\\andlso.ttf")
Region:
id = 689
start_va = 0x4c20000
end_va = 0x4cb8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arabtype.ttf"
filename = "\\Windows\\Fonts\\arabtype.ttf" (normalized: "c:\\windows\\fonts\\arabtype.ttf")
Region:
id = 690
start_va = 0x4c20000
end_va = 0x4cb8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arabtype.ttf"
filename = "\\Windows\\Fonts\\arabtype.ttf" (normalized: "c:\\windows\\fonts\\arabtype.ttf")
Region:
id = 691
start_va = 0x400000
end_va = 0x41efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simpo.ttf"
filename = "\\Windows\\Fonts\\simpo.ttf" (normalized: "c:\\windows\\fonts\\simpo.ttf")
Region:
id = 692
start_va = 0x400000
end_va = 0x41efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simpo.ttf"
filename = "\\Windows\\Fonts\\simpo.ttf" (normalized: "c:\\windows\\fonts\\simpo.ttf")
Region:
id = 693
start_va = 0x400000
end_va = 0x41cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simpbdo.ttf"
filename = "\\Windows\\Fonts\\simpbdo.ttf" (normalized: "c:\\windows\\fonts\\simpbdo.ttf")
Region:
id = 694
start_va = 0x400000
end_va = 0x41cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simpbdo.ttf"
filename = "\\Windows\\Fonts\\simpbdo.ttf" (normalized: "c:\\windows\\fonts\\simpbdo.ttf")
Region:
id = 695
start_va = 0x400000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simpfxo.ttf"
filename = "\\Windows\\Fonts\\simpfxo.ttf" (normalized: "c:\\windows\\fonts\\simpfxo.ttf")
Region:
id = 696
start_va = 0x400000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simpfxo.ttf"
filename = "\\Windows\\Fonts\\simpfxo.ttf" (normalized: "c:\\windows\\fonts\\simpfxo.ttf")
Region:
id = 697
start_va = 0x42b0000
end_va = 0x430afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "majalla.ttf"
filename = "\\Windows\\Fonts\\majalla.ttf" (normalized: "c:\\windows\\fonts\\majalla.ttf")
Region:
id = 698
start_va = 0x42b0000
end_va = 0x430afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "majalla.ttf"
filename = "\\Windows\\Fonts\\majalla.ttf" (normalized: "c:\\windows\\fonts\\majalla.ttf")
Region:
id = 699
start_va = 0x42b0000
end_va = 0x430bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "majallab.ttf"
filename = "\\Windows\\Fonts\\majallab.ttf" (normalized: "c:\\windows\\fonts\\majallab.ttf")
Region:
id = 700
start_va = 0x42b0000
end_va = 0x430bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "majallab.ttf"
filename = "\\Windows\\Fonts\\majallab.ttf" (normalized: "c:\\windows\\fonts\\majallab.ttf")
Region:
id = 701
start_va = 0x620000
end_va = 0x64bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "trado.ttf"
filename = "\\Windows\\Fonts\\trado.ttf" (normalized: "c:\\windows\\fonts\\trado.ttf")
Region:
id = 702
start_va = 0x620000
end_va = 0x64bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "trado.ttf"
filename = "\\Windows\\Fonts\\trado.ttf" (normalized: "c:\\windows\\fonts\\trado.ttf")
Region:
id = 703
start_va = 0x620000
end_va = 0x64afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tradbdo.ttf"
filename = "\\Windows\\Fonts\\tradbdo.ttf" (normalized: "c:\\windows\\fonts\\tradbdo.ttf")
Region:
id = 704
start_va = 0x620000
end_va = 0x64afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tradbdo.ttf"
filename = "\\Windows\\Fonts\\tradbdo.ttf" (normalized: "c:\\windows\\fonts\\tradbdo.ttf")
Region:
id = 705
start_va = 0x400000
end_va = 0x40cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ahronbd.ttf"
filename = "\\Windows\\Fonts\\ahronbd.ttf" (normalized: "c:\\windows\\fonts\\ahronbd.ttf")
Region:
id = 706
start_va = 0x400000
end_va = 0x40cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ahronbd.ttf"
filename = "\\Windows\\Fonts\\ahronbd.ttf" (normalized: "c:\\windows\\fonts\\ahronbd.ttf")
Region:
id = 707
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "david.ttf"
filename = "\\Windows\\Fonts\\david.ttf" (normalized: "c:\\windows\\fonts\\david.ttf")
Region:
id = 708
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "david.ttf"
filename = "\\Windows\\Fonts\\david.ttf" (normalized: "c:\\windows\\fonts\\david.ttf")
Region:
id = 709
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "davidbd.ttf"
filename = "\\Windows\\Fonts\\davidbd.ttf" (normalized: "c:\\windows\\fonts\\davidbd.ttf")
Region:
id = 710
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "davidbd.ttf"
filename = "\\Windows\\Fonts\\davidbd.ttf" (normalized: "c:\\windows\\fonts\\davidbd.ttf")
Region:
id = 711
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "frank.ttf"
filename = "\\Windows\\Fonts\\frank.ttf" (normalized: "c:\\windows\\fonts\\frank.ttf")
Region:
id = 712
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "frank.ttf"
filename = "\\Windows\\Fonts\\frank.ttf" (normalized: "c:\\windows\\fonts\\frank.ttf")
Region:
id = 713
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lvnm.ttf"
filename = "\\Windows\\Fonts\\lvnm.ttf" (normalized: "c:\\windows\\fonts\\lvnm.ttf")
Region:
id = 714
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lvnm.ttf"
filename = "\\Windows\\Fonts\\lvnm.ttf" (normalized: "c:\\windows\\fonts\\lvnm.ttf")
Region:
id = 715
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lvnmbd.ttf"
filename = "\\Windows\\Fonts\\lvnmbd.ttf" (normalized: "c:\\windows\\fonts\\lvnmbd.ttf")
Region:
id = 716
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lvnmbd.ttf"
filename = "\\Windows\\Fonts\\lvnmbd.ttf" (normalized: "c:\\windows\\fonts\\lvnmbd.ttf")
Region:
id = 717
start_va = 0x400000
end_va = 0x40cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mriam.ttf"
filename = "\\Windows\\Fonts\\mriam.ttf" (normalized: "c:\\windows\\fonts\\mriam.ttf")
Region:
id = 718
start_va = 0x400000
end_va = 0x40cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mriam.ttf"
filename = "\\Windows\\Fonts\\mriam.ttf" (normalized: "c:\\windows\\fonts\\mriam.ttf")
Region:
id = 719
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mriamc.ttf"
filename = "\\Windows\\Fonts\\mriamc.ttf" (normalized: "c:\\windows\\fonts\\mriamc.ttf")
Region:
id = 720
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mriamc.ttf"
filename = "\\Windows\\Fonts\\mriamc.ttf" (normalized: "c:\\windows\\fonts\\mriamc.ttf")
Region:
id = 721
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "nrkis.ttf"
filename = "\\Windows\\Fonts\\nrkis.ttf" (normalized: "c:\\windows\\fonts\\nrkis.ttf")
Region:
id = 722
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "nrkis.ttf"
filename = "\\Windows\\Fonts\\nrkis.ttf" (normalized: "c:\\windows\\fonts\\nrkis.ttf")
Region:
id = 723
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rod.ttf"
filename = "\\Windows\\Fonts\\rod.ttf" (normalized: "c:\\windows\\fonts\\rod.ttf")
Region:
id = 724
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rod.ttf"
filename = "\\Windows\\Fonts\\rod.ttf" (normalized: "c:\\windows\\fonts\\rod.ttf")
Region:
id = 725
start_va = 0x4f50000
end_va = 0x5966fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simfang.ttf"
filename = "\\Windows\\Fonts\\simfang.ttf" (normalized: "c:\\windows\\fonts\\simfang.ttf")
Region:
id = 726
start_va = 0x4f50000
end_va = 0x5966fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simfang.ttf"
filename = "\\Windows\\Fonts\\simfang.ttf" (normalized: "c:\\windows\\fonts\\simfang.ttf")
Region:
id = 727
start_va = 0x4f50000
end_va = 0x589cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simhei.ttf"
filename = "\\Windows\\Fonts\\simhei.ttf" (normalized: "c:\\windows\\fonts\\simhei.ttf")
Region:
id = 728
start_va = 0x4f50000
end_va = 0x589cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simhei.ttf"
filename = "\\Windows\\Fonts\\simhei.ttf" (normalized: "c:\\windows\\fonts\\simhei.ttf")
Region:
id = 729
start_va = 0x6ce0000
end_va = 0x7caffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006ce0000"
filename = ""
Region:
id = 730
start_va = 0x4f50000
end_va = 0x5a8dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simkai.ttf"
filename = "\\Windows\\Fonts\\simkai.ttf" (normalized: "c:\\windows\\fonts\\simkai.ttf")
Region:
id = 731
start_va = 0x4f50000
end_va = 0x5a8dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simkai.ttf"
filename = "\\Windows\\Fonts\\simkai.ttf" (normalized: "c:\\windows\\fonts\\simkai.ttf")
Region:
id = 732
start_va = 0x400000
end_va = 0x41afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsau.ttf"
filename = "\\Windows\\Fonts\\angsau.ttf" (normalized: "c:\\windows\\fonts\\angsau.ttf")
Region:
id = 733
start_va = 0x400000
end_va = 0x41afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsau.ttf"
filename = "\\Windows\\Fonts\\angsau.ttf" (normalized: "c:\\windows\\fonts\\angsau.ttf")
Region:
id = 734
start_va = 0x400000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsaui.ttf"
filename = "\\Windows\\Fonts\\angsaui.ttf" (normalized: "c:\\windows\\fonts\\angsaui.ttf")
Region:
id = 735
start_va = 0x400000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsaui.ttf"
filename = "\\Windows\\Fonts\\angsaui.ttf" (normalized: "c:\\windows\\fonts\\angsaui.ttf")
Region:
id = 736
start_va = 0x400000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsaub.ttf"
filename = "\\Windows\\Fonts\\angsaub.ttf" (normalized: "c:\\windows\\fonts\\angsaub.ttf")
Region:
id = 737
start_va = 0x400000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsaub.ttf"
filename = "\\Windows\\Fonts\\angsaub.ttf" (normalized: "c:\\windows\\fonts\\angsaub.ttf")
Region:
id = 738
start_va = 0x400000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsauz.ttf"
filename = "\\Windows\\Fonts\\angsauz.ttf" (normalized: "c:\\windows\\fonts\\angsauz.ttf")
Region:
id = 739
start_va = 0x400000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsauz.ttf"
filename = "\\Windows\\Fonts\\angsauz.ttf" (normalized: "c:\\windows\\fonts\\angsauz.ttf")
Region:
id = 740
start_va = 0x400000
end_va = 0x415fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browa.ttf"
filename = "\\Windows\\Fonts\\browa.ttf" (normalized: "c:\\windows\\fonts\\browa.ttf")
Region:
id = 741
start_va = 0x400000
end_va = 0x415fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browa.ttf"
filename = "\\Windows\\Fonts\\browa.ttf" (normalized: "c:\\windows\\fonts\\browa.ttf")
Region:
id = 742
start_va = 0x400000
end_va = 0x418fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browai.ttf"
filename = "\\Windows\\Fonts\\browai.ttf" (normalized: "c:\\windows\\fonts\\browai.ttf")
Region:
id = 743
start_va = 0x400000
end_va = 0x418fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browai.ttf"
filename = "\\Windows\\Fonts\\browai.ttf" (normalized: "c:\\windows\\fonts\\browai.ttf")
Region:
id = 744
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browab.ttf"
filename = "\\Windows\\Fonts\\browab.ttf" (normalized: "c:\\windows\\fonts\\browab.ttf")
Region:
id = 745
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browab.ttf"
filename = "\\Windows\\Fonts\\browab.ttf" (normalized: "c:\\windows\\fonts\\browab.ttf")
Region:
id = 746
start_va = 0x400000
end_va = 0x415fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browaz.ttf"
filename = "\\Windows\\Fonts\\browaz.ttf" (normalized: "c:\\windows\\fonts\\browaz.ttf")
Region:
id = 747
start_va = 0x400000
end_va = 0x415fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browaz.ttf"
filename = "\\Windows\\Fonts\\browaz.ttf" (normalized: "c:\\windows\\fonts\\browaz.ttf")
Region:
id = 748
start_va = 0x400000
end_va = 0x415fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browau.ttf"
filename = "\\Windows\\Fonts\\browau.ttf" (normalized: "c:\\windows\\fonts\\browau.ttf")
Region:
id = 749
start_va = 0x400000
end_va = 0x415fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browau.ttf"
filename = "\\Windows\\Fonts\\browau.ttf" (normalized: "c:\\windows\\fonts\\browau.ttf")
Region:
id = 750
start_va = 0x400000
end_va = 0x418fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browaui.ttf"
filename = "\\Windows\\Fonts\\browaui.ttf" (normalized: "c:\\windows\\fonts\\browaui.ttf")
Region:
id = 751
start_va = 0x400000
end_va = 0x418fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browaui.ttf"
filename = "\\Windows\\Fonts\\browaui.ttf" (normalized: "c:\\windows\\fonts\\browaui.ttf")
Region:
id = 752
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browaub.ttf"
filename = "\\Windows\\Fonts\\browaub.ttf" (normalized: "c:\\windows\\fonts\\browaub.ttf")
Region:
id = 753
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browaub.ttf"
filename = "\\Windows\\Fonts\\browaub.ttf" (normalized: "c:\\windows\\fonts\\browaub.ttf")
Region:
id = 754
start_va = 0x400000
end_va = 0x415fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browauz.ttf"
filename = "\\Windows\\Fonts\\browauz.ttf" (normalized: "c:\\windows\\fonts\\browauz.ttf")
Region:
id = 755
start_va = 0x400000
end_va = 0x415fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browauz.ttf"
filename = "\\Windows\\Fonts\\browauz.ttf" (normalized: "c:\\windows\\fonts\\browauz.ttf")
Region:
id = 756
start_va = 0x400000
end_va = 0x41afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordiau.ttf"
filename = "\\Windows\\Fonts\\cordiau.ttf" (normalized: "c:\\windows\\fonts\\cordiau.ttf")
Region:
id = 757
start_va = 0x400000
end_va = 0x41afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordiau.ttf"
filename = "\\Windows\\Fonts\\cordiau.ttf" (normalized: "c:\\windows\\fonts\\cordiau.ttf")
Region:
id = 758
start_va = 0x400000
end_va = 0x417fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordiaub.ttf"
filename = "\\Windows\\Fonts\\cordiaub.ttf" (normalized: "c:\\windows\\fonts\\cordiaub.ttf")
Region:
id = 759
start_va = 0x400000
end_va = 0x417fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordiaub.ttf"
filename = "\\Windows\\Fonts\\cordiaub.ttf" (normalized: "c:\\windows\\fonts\\cordiaub.ttf")
Region:
id = 760
start_va = 0x400000
end_va = 0x417fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordiauz.ttf"
filename = "\\Windows\\Fonts\\cordiauz.ttf" (normalized: "c:\\windows\\fonts\\cordiauz.ttf")
Region:
id = 761
start_va = 0x400000
end_va = 0x417fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordiauz.ttf"
filename = "\\Windows\\Fonts\\cordiauz.ttf" (normalized: "c:\\windows\\fonts\\cordiauz.ttf")
Region:
id = 762
start_va = 0x400000
end_va = 0x418fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordiaui.ttf"
filename = "\\Windows\\Fonts\\cordiaui.ttf" (normalized: "c:\\windows\\fonts\\cordiaui.ttf")
Region:
id = 763
start_va = 0x400000
end_va = 0x418fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordiaui.ttf"
filename = "\\Windows\\Fonts\\cordiaui.ttf" (normalized: "c:\\windows\\fonts\\cordiaui.ttf")
Region:
id = 764
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcdl.ttf"
filename = "\\Windows\\Fonts\\upcdl.ttf" (normalized: "c:\\windows\\fonts\\upcdl.ttf")
Region:
id = 765
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcdl.ttf"
filename = "\\Windows\\Fonts\\upcdl.ttf" (normalized: "c:\\windows\\fonts\\upcdl.ttf")
Region:
id = 766
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcdi.ttf"
filename = "\\Windows\\Fonts\\upcdi.ttf" (normalized: "c:\\windows\\fonts\\upcdi.ttf")
Region:
id = 767
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcdi.ttf"
filename = "\\Windows\\Fonts\\upcdi.ttf" (normalized: "c:\\windows\\fonts\\upcdi.ttf")
Region:
id = 768
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcdb.ttf"
filename = "\\Windows\\Fonts\\upcdb.ttf" (normalized: "c:\\windows\\fonts\\upcdb.ttf")
Region:
id = 769
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcdb.ttf"
filename = "\\Windows\\Fonts\\upcdb.ttf" (normalized: "c:\\windows\\fonts\\upcdb.ttf")
Region:
id = 770
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcdbi.ttf"
filename = "\\Windows\\Fonts\\upcdbi.ttf" (normalized: "c:\\windows\\fonts\\upcdbi.ttf")
Region:
id = 771
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcdbi.ttf"
filename = "\\Windows\\Fonts\\upcdbi.ttf" (normalized: "c:\\windows\\fonts\\upcdbi.ttf")
Region:
id = 772
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcel.ttf"
filename = "\\Windows\\Fonts\\upcel.ttf" (normalized: "c:\\windows\\fonts\\upcel.ttf")
Region:
id = 773
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcel.ttf"
filename = "\\Windows\\Fonts\\upcel.ttf" (normalized: "c:\\windows\\fonts\\upcel.ttf")
Region:
id = 774
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcei.ttf"
filename = "\\Windows\\Fonts\\upcei.ttf" (normalized: "c:\\windows\\fonts\\upcei.ttf")
Region:
id = 775
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcei.ttf"
filename = "\\Windows\\Fonts\\upcei.ttf" (normalized: "c:\\windows\\fonts\\upcei.ttf")
Region:
id = 776
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upceb.ttf"
filename = "\\Windows\\Fonts\\upceb.ttf" (normalized: "c:\\windows\\fonts\\upceb.ttf")
Region:
id = 777
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upceb.ttf"
filename = "\\Windows\\Fonts\\upceb.ttf" (normalized: "c:\\windows\\fonts\\upceb.ttf")
Region:
id = 778
start_va = 0x400000
end_va = 0x413fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcebi.ttf"
filename = "\\Windows\\Fonts\\upcebi.ttf" (normalized: "c:\\windows\\fonts\\upcebi.ttf")
Region:
id = 779
start_va = 0x400000
end_va = 0x413fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcebi.ttf"
filename = "\\Windows\\Fonts\\upcebi.ttf" (normalized: "c:\\windows\\fonts\\upcebi.ttf")
Region:
id = 780
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcfl.ttf"
filename = "\\Windows\\Fonts\\upcfl.ttf" (normalized: "c:\\windows\\fonts\\upcfl.ttf")
Region:
id = 781
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcfl.ttf"
filename = "\\Windows\\Fonts\\upcfl.ttf" (normalized: "c:\\windows\\fonts\\upcfl.ttf")
Region:
id = 782
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcfi.ttf"
filename = "\\Windows\\Fonts\\upcfi.ttf" (normalized: "c:\\windows\\fonts\\upcfi.ttf")
Region:
id = 783
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcfi.ttf"
filename = "\\Windows\\Fonts\\upcfi.ttf" (normalized: "c:\\windows\\fonts\\upcfi.ttf")
Region:
id = 784
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcfb.ttf"
filename = "\\Windows\\Fonts\\upcfb.ttf" (normalized: "c:\\windows\\fonts\\upcfb.ttf")
Region:
id = 785
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcfb.ttf"
filename = "\\Windows\\Fonts\\upcfb.ttf" (normalized: "c:\\windows\\fonts\\upcfb.ttf")
Region:
id = 786
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcfbi.ttf"
filename = "\\Windows\\Fonts\\upcfbi.ttf" (normalized: "c:\\windows\\fonts\\upcfbi.ttf")
Region:
id = 787
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcfbi.ttf"
filename = "\\Windows\\Fonts\\upcfbi.ttf" (normalized: "c:\\windows\\fonts\\upcfbi.ttf")
Region:
id = 788
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcil.ttf"
filename = "\\Windows\\Fonts\\upcil.ttf" (normalized: "c:\\windows\\fonts\\upcil.ttf")
Region:
id = 789
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcil.ttf"
filename = "\\Windows\\Fonts\\upcil.ttf" (normalized: "c:\\windows\\fonts\\upcil.ttf")
Region:
id = 790
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcii.ttf"
filename = "\\Windows\\Fonts\\upcii.ttf" (normalized: "c:\\windows\\fonts\\upcii.ttf")
Region:
id = 791
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcii.ttf"
filename = "\\Windows\\Fonts\\upcii.ttf" (normalized: "c:\\windows\\fonts\\upcii.ttf")
Region:
id = 792
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcib.ttf"
filename = "\\Windows\\Fonts\\upcib.ttf" (normalized: "c:\\windows\\fonts\\upcib.ttf")
Region:
id = 793
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcib.ttf"
filename = "\\Windows\\Fonts\\upcib.ttf" (normalized: "c:\\windows\\fonts\\upcib.ttf")
Region:
id = 794
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcibi.ttf"
filename = "\\Windows\\Fonts\\upcibi.ttf" (normalized: "c:\\windows\\fonts\\upcibi.ttf")
Region:
id = 795
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcibi.ttf"
filename = "\\Windows\\Fonts\\upcibi.ttf" (normalized: "c:\\windows\\fonts\\upcibi.ttf")
Region:
id = 796
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcjl.ttf"
filename = "\\Windows\\Fonts\\upcjl.ttf" (normalized: "c:\\windows\\fonts\\upcjl.ttf")
Region:
id = 797
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcjl.ttf"
filename = "\\Windows\\Fonts\\upcjl.ttf" (normalized: "c:\\windows\\fonts\\upcjl.ttf")
Region:
id = 798
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcji.ttf"
filename = "\\Windows\\Fonts\\upcji.ttf" (normalized: "c:\\windows\\fonts\\upcji.ttf")
Region:
id = 799
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcji.ttf"
filename = "\\Windows\\Fonts\\upcji.ttf" (normalized: "c:\\windows\\fonts\\upcji.ttf")
Region:
id = 800
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcjb.ttf"
filename = "\\Windows\\Fonts\\upcjb.ttf" (normalized: "c:\\windows\\fonts\\upcjb.ttf")
Region:
id = 801
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcjb.ttf"
filename = "\\Windows\\Fonts\\upcjb.ttf" (normalized: "c:\\windows\\fonts\\upcjb.ttf")
Region:
id = 802
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcjbi.ttf"
filename = "\\Windows\\Fonts\\upcjbi.ttf" (normalized: "c:\\windows\\fonts\\upcjbi.ttf")
Region:
id = 803
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcjbi.ttf"
filename = "\\Windows\\Fonts\\upcjbi.ttf" (normalized: "c:\\windows\\fonts\\upcjbi.ttf")
Region:
id = 804
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upckl.ttf"
filename = "\\Windows\\Fonts\\upckl.ttf" (normalized: "c:\\windows\\fonts\\upckl.ttf")
Region:
id = 805
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upckl.ttf"
filename = "\\Windows\\Fonts\\upckl.ttf" (normalized: "c:\\windows\\fonts\\upckl.ttf")
Region:
id = 806
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcki.ttf"
filename = "\\Windows\\Fonts\\upcki.ttf" (normalized: "c:\\windows\\fonts\\upcki.ttf")
Region:
id = 807
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcki.ttf"
filename = "\\Windows\\Fonts\\upcki.ttf" (normalized: "c:\\windows\\fonts\\upcki.ttf")
Region:
id = 808
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upckb.ttf"
filename = "\\Windows\\Fonts\\upckb.ttf" (normalized: "c:\\windows\\fonts\\upckb.ttf")
Region:
id = 809
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upckb.ttf"
filename = "\\Windows\\Fonts\\upckb.ttf" (normalized: "c:\\windows\\fonts\\upckb.ttf")
Region:
id = 810
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upckbi.ttf"
filename = "\\Windows\\Fonts\\upckbi.ttf" (normalized: "c:\\windows\\fonts\\upckbi.ttf")
Region:
id = 811
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upckbi.ttf"
filename = "\\Windows\\Fonts\\upckbi.ttf" (normalized: "c:\\windows\\fonts\\upckbi.ttf")
Region:
id = 812
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcll.ttf"
filename = "\\Windows\\Fonts\\upcll.ttf" (normalized: "c:\\windows\\fonts\\upcll.ttf")
Region:
id = 813
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcll.ttf"
filename = "\\Windows\\Fonts\\upcll.ttf" (normalized: "c:\\windows\\fonts\\upcll.ttf")
Region:
id = 814
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcli.ttf"
filename = "\\Windows\\Fonts\\upcli.ttf" (normalized: "c:\\windows\\fonts\\upcli.ttf")
Region:
id = 815
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcli.ttf"
filename = "\\Windows\\Fonts\\upcli.ttf" (normalized: "c:\\windows\\fonts\\upcli.ttf")
Region:
id = 816
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upclb.ttf"
filename = "\\Windows\\Fonts\\upclb.ttf" (normalized: "c:\\windows\\fonts\\upclb.ttf")
Region:
id = 817
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upclb.ttf"
filename = "\\Windows\\Fonts\\upclb.ttf" (normalized: "c:\\windows\\fonts\\upclb.ttf")
Region:
id = 818
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upclbi.ttf"
filename = "\\Windows\\Fonts\\upclbi.ttf" (normalized: "c:\\windows\\fonts\\upclbi.ttf")
Region:
id = 819
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upclbi.ttf"
filename = "\\Windows\\Fonts\\upclbi.ttf" (normalized: "c:\\windows\\fonts\\upclbi.ttf")
Region:
id = 820
start_va = 0x4f50000
end_va = 0x5440fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kaiu.ttf"
filename = "\\Windows\\Fonts\\kaiu.ttf" (normalized: "c:\\windows\\fonts\\kaiu.ttf")
Region:
id = 821
start_va = 0x4f50000
end_va = 0x5440fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kaiu.ttf"
filename = "\\Windows\\Fonts\\kaiu.ttf" (normalized: "c:\\windows\\fonts\\kaiu.ttf")
Region:
id = 822
start_va = 0x620000
end_va = 0x66ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "l_10646.ttf"
filename = "\\Windows\\Fonts\\l_10646.ttf" (normalized: "c:\\windows\\fonts\\l_10646.ttf")
Region:
id = 823
start_va = 0x620000
end_va = 0x66ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "l_10646.ttf"
filename = "\\Windows\\Fonts\\l_10646.ttf" (normalized: "c:\\windows\\fonts\\l_10646.ttf")
Region:
id = 824
start_va = 0x400000
end_va = 0x41dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ariblk.ttf"
filename = "\\Windows\\Fonts\\ariblk.ttf" (normalized: "c:\\windows\\fonts\\ariblk.ttf")
Region:
id = 825
start_va = 0x400000
end_va = 0x41dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ariblk.ttf"
filename = "\\Windows\\Fonts\\ariblk.ttf" (normalized: "c:\\windows\\fonts\\ariblk.ttf")
Region:
id = 826
start_va = 0x4c20000
end_va = 0x4ce6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calibri.ttf"
filename = "\\Windows\\Fonts\\calibri.ttf" (normalized: "c:\\windows\\fonts\\calibri.ttf")
Region:
id = 827
start_va = 0x4c20000
end_va = 0x4ce6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calibri.ttf"
filename = "\\Windows\\Fonts\\calibri.ttf" (normalized: "c:\\windows\\fonts\\calibri.ttf")
Region:
id = 828
start_va = 0x4c20000
end_va = 0x4cf0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calibrii.ttf"
filename = "\\Windows\\Fonts\\calibrii.ttf" (normalized: "c:\\windows\\fonts\\calibrii.ttf")
Region:
id = 829
start_va = 0x4c20000
end_va = 0x4cf0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calibrii.ttf"
filename = "\\Windows\\Fonts\\calibrii.ttf" (normalized: "c:\\windows\\fonts\\calibrii.ttf")
Region:
id = 830
start_va = 0x4c20000
end_va = 0x4ceffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calibrib.ttf"
filename = "\\Windows\\Fonts\\calibrib.ttf" (normalized: "c:\\windows\\fonts\\calibrib.ttf")
Region:
id = 831
start_va = 0x4c20000
end_va = 0x4ceffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calibrib.ttf"
filename = "\\Windows\\Fonts\\calibrib.ttf" (normalized: "c:\\windows\\fonts\\calibrib.ttf")
Region:
id = 832
start_va = 0x4c20000
end_va = 0x4cfbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calibriz.ttf"
filename = "\\Windows\\Fonts\\calibriz.ttf" (normalized: "c:\\windows\\fonts\\calibriz.ttf")
Region:
id = 833
start_va = 0x4c20000
end_va = 0x4cfbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calibriz.ttf"
filename = "\\Windows\\Fonts\\calibriz.ttf" (normalized: "c:\\windows\\fonts\\calibriz.ttf")
Region:
id = 834
start_va = 0x4f50000
end_va = 0x50dcfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cambria.ttc"
filename = "\\Windows\\Fonts\\cambria.ttc" (normalized: "c:\\windows\\fonts\\cambria.ttc")
Region:
id = 835
start_va = 0x4f50000
end_va = 0x50dcfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cambria.ttc"
filename = "\\Windows\\Fonts\\cambria.ttc" (normalized: "c:\\windows\\fonts\\cambria.ttc")
Region:
id = 836
start_va = 0x4f50000
end_va = 0x50dcfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cambria.ttc"
filename = "\\Windows\\Fonts\\cambria.ttc" (normalized: "c:\\windows\\fonts\\cambria.ttc")
Region:
id = 837
start_va = 0x4c20000
end_va = 0x4ce9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cambriai.ttf"
filename = "\\Windows\\Fonts\\cambriai.ttf" (normalized: "c:\\windows\\fonts\\cambriai.ttf")
Region:
id = 838
start_va = 0x4c20000
end_va = 0x4ce9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cambriai.ttf"
filename = "\\Windows\\Fonts\\cambriai.ttf" (normalized: "c:\\windows\\fonts\\cambriai.ttf")
Region:
id = 839
start_va = 0x4c20000
end_va = 0x4ce1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cambriab.ttf"
filename = "\\Windows\\Fonts\\cambriab.ttf" (normalized: "c:\\windows\\fonts\\cambriab.ttf")
Region:
id = 840
start_va = 0x4c20000
end_va = 0x4ce1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cambriab.ttf"
filename = "\\Windows\\Fonts\\cambriab.ttf" (normalized: "c:\\windows\\fonts\\cambriab.ttf")
Region:
id = 841
start_va = 0x4c20000
end_va = 0x4ce4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cambriaz.ttf"
filename = "\\Windows\\Fonts\\cambriaz.ttf" (normalized: "c:\\windows\\fonts\\cambriaz.ttf")
Region:
id = 842
start_va = 0x4c20000
end_va = 0x4ce4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cambriaz.ttf"
filename = "\\Windows\\Fonts\\cambriaz.ttf" (normalized: "c:\\windows\\fonts\\cambriaz.ttf")
Region:
id = 843
start_va = 0x620000
end_va = 0x655fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "candara.ttf"
filename = "\\Windows\\Fonts\\Candara.ttf" (normalized: "c:\\windows\\fonts\\candara.ttf")
Region:
id = 844
start_va = 0x620000
end_va = 0x655fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "candara.ttf"
filename = "\\Windows\\Fonts\\Candara.ttf" (normalized: "c:\\windows\\fonts\\candara.ttf")
Region:
id = 845
start_va = 0x620000
end_va = 0x657fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "candarai.ttf"
filename = "\\Windows\\Fonts\\Candarai.ttf" (normalized: "c:\\windows\\fonts\\candarai.ttf")
Region:
id = 846
start_va = 0x620000
end_va = 0x657fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "candarai.ttf"
filename = "\\Windows\\Fonts\\Candarai.ttf" (normalized: "c:\\windows\\fonts\\candarai.ttf")
Region:
id = 847
start_va = 0x620000
end_va = 0x657fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "candarab.ttf"
filename = "\\Windows\\Fonts\\Candarab.ttf" (normalized: "c:\\windows\\fonts\\candarab.ttf")
Region:
id = 848
start_va = 0x620000
end_va = 0x657fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "candarab.ttf"
filename = "\\Windows\\Fonts\\Candarab.ttf" (normalized: "c:\\windows\\fonts\\candarab.ttf")
Region:
id = 849
start_va = 0x620000
end_va = 0x657fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "candaraz.ttf"
filename = "\\Windows\\Fonts\\Candaraz.ttf" (normalized: "c:\\windows\\fonts\\candaraz.ttf")
Region:
id = 850
start_va = 0x620000
end_va = 0x657fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "candaraz.ttf"
filename = "\\Windows\\Fonts\\Candaraz.ttf" (normalized: "c:\\windows\\fonts\\candaraz.ttf")
Region:
id = 851
start_va = 0x620000
end_va = 0x640fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "comic.ttf"
filename = "\\Windows\\Fonts\\comic.ttf" (normalized: "c:\\windows\\fonts\\comic.ttf")
Region:
id = 852
start_va = 0x620000
end_va = 0x640fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "comic.ttf"
filename = "\\Windows\\Fonts\\comic.ttf" (normalized: "c:\\windows\\fonts\\comic.ttf")
Region:
id = 853
start_va = 0x400000
end_va = 0x41cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "comicbd.ttf"
filename = "\\Windows\\Fonts\\comicbd.ttf" (normalized: "c:\\windows\\fonts\\comicbd.ttf")
Region:
id = 854
start_va = 0x400000
end_va = 0x41cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "comicbd.ttf"
filename = "\\Windows\\Fonts\\comicbd.ttf" (normalized: "c:\\windows\\fonts\\comicbd.ttf")
Region:
id = 855
start_va = 0x42b0000
end_va = 0x4307fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "consola.ttf"
filename = "\\Windows\\Fonts\\consola.ttf" (normalized: "c:\\windows\\fonts\\consola.ttf")
Region:
id = 856
start_va = 0x42b0000
end_va = 0x4307fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "consola.ttf"
filename = "\\Windows\\Fonts\\consola.ttf" (normalized: "c:\\windows\\fonts\\consola.ttf")
Region:
id = 857
start_va = 0x42b0000
end_va = 0x4309fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "consolai.ttf"
filename = "\\Windows\\Fonts\\consolai.ttf" (normalized: "c:\\windows\\fonts\\consolai.ttf")
Region:
id = 858
start_va = 0x42b0000
end_va = 0x4309fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "consolai.ttf"
filename = "\\Windows\\Fonts\\consolai.ttf" (normalized: "c:\\windows\\fonts\\consolai.ttf")
Region:
id = 859
start_va = 0x42b0000
end_va = 0x4309fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "consolab.ttf"
filename = "\\Windows\\Fonts\\consolab.ttf" (normalized: "c:\\windows\\fonts\\consolab.ttf")
Region:
id = 860
start_va = 0x42b0000
end_va = 0x4309fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "consolab.ttf"
filename = "\\Windows\\Fonts\\consolab.ttf" (normalized: "c:\\windows\\fonts\\consolab.ttf")
Region:
id = 861
start_va = 0x42b0000
end_va = 0x430bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "consolaz.ttf"
filename = "\\Windows\\Fonts\\consolaz.ttf" (normalized: "c:\\windows\\fonts\\consolaz.ttf")
Region:
id = 862
start_va = 0x42b0000
end_va = 0x430bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "consolaz.ttf"
filename = "\\Windows\\Fonts\\consolaz.ttf" (normalized: "c:\\windows\\fonts\\consolaz.ttf")
Region:
id = 863
start_va = 0x42b0000
end_va = 0x431dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "constan.ttf"
filename = "\\Windows\\Fonts\\constan.ttf" (normalized: "c:\\windows\\fonts\\constan.ttf")
Region:
id = 864
start_va = 0x42b0000
end_va = 0x431dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "constan.ttf"
filename = "\\Windows\\Fonts\\constan.ttf" (normalized: "c:\\windows\\fonts\\constan.ttf")
Region:
id = 865
start_va = 0x42b0000
end_va = 0x431dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "constani.ttf"
filename = "\\Windows\\Fonts\\constani.ttf" (normalized: "c:\\windows\\fonts\\constani.ttf")
Region:
id = 866
start_va = 0x42b0000
end_va = 0x431dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "constani.ttf"
filename = "\\Windows\\Fonts\\constani.ttf" (normalized: "c:\\windows\\fonts\\constani.ttf")
Region:
id = 867
start_va = 0x42b0000
end_va = 0x431efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "constanb.ttf"
filename = "\\Windows\\Fonts\\constanb.ttf" (normalized: "c:\\windows\\fonts\\constanb.ttf")
Region:
id = 868
start_va = 0x42b0000
end_va = 0x431efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "constanb.ttf"
filename = "\\Windows\\Fonts\\constanb.ttf" (normalized: "c:\\windows\\fonts\\constanb.ttf")
Region:
id = 869
start_va = 0x42b0000
end_va = 0x431efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "constanz.ttf"
filename = "\\Windows\\Fonts\\constanz.ttf" (normalized: "c:\\windows\\fonts\\constanz.ttf")
Region:
id = 870
start_va = 0x42b0000
end_va = 0x431efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "constanz.ttf"
filename = "\\Windows\\Fonts\\constanz.ttf" (normalized: "c:\\windows\\fonts\\constanz.ttf")
Region:
id = 871
start_va = 0x620000
end_va = 0x65ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "corbel.ttf"
filename = "\\Windows\\Fonts\\corbel.ttf" (normalized: "c:\\windows\\fonts\\corbel.ttf")
Region:
id = 872
start_va = 0x620000
end_va = 0x65ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "corbel.ttf"
filename = "\\Windows\\Fonts\\corbel.ttf" (normalized: "c:\\windows\\fonts\\corbel.ttf")
Region:
id = 873
start_va = 0x620000
end_va = 0x661fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "corbeli.ttf"
filename = "\\Windows\\Fonts\\corbeli.ttf" (normalized: "c:\\windows\\fonts\\corbeli.ttf")
Region:
id = 874
start_va = 0x620000
end_va = 0x661fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "corbeli.ttf"
filename = "\\Windows\\Fonts\\corbeli.ttf" (normalized: "c:\\windows\\fonts\\corbeli.ttf")
Region:
id = 875
start_va = 0x620000
end_va = 0x662fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "corbelb.ttf"
filename = "\\Windows\\Fonts\\corbelb.ttf" (normalized: "c:\\windows\\fonts\\corbelb.ttf")
Region:
id = 876
start_va = 0x620000
end_va = 0x662fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "corbelb.ttf"
filename = "\\Windows\\Fonts\\corbelb.ttf" (normalized: "c:\\windows\\fonts\\corbelb.ttf")
Region:
id = 877
start_va = 0x620000
end_va = 0x664fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "corbelz.ttf"
filename = "\\Windows\\Fonts\\corbelz.ttf" (normalized: "c:\\windows\\fonts\\corbelz.ttf")
Region:
id = 878
start_va = 0x620000
end_va = 0x664fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "corbelz.ttf"
filename = "\\Windows\\Fonts\\corbelz.ttf" (normalized: "c:\\windows\\fonts\\corbelz.ttf")
Region:
id = 879
start_va = 0x620000
end_va = 0x642fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "framd.ttf"
filename = "\\Windows\\Fonts\\framd.ttf" (normalized: "c:\\windows\\fonts\\framd.ttf")
Region:
id = 880
start_va = 0x620000
end_va = 0x642fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "framd.ttf"
filename = "\\Windows\\Fonts\\framd.ttf" (normalized: "c:\\windows\\fonts\\framd.ttf")
Region:
id = 881
start_va = 0x620000
end_va = 0x645fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "framdit.ttf"
filename = "\\Windows\\Fonts\\framdit.ttf" (normalized: "c:\\windows\\fonts\\framdit.ttf")
Region:
id = 882
start_va = 0x620000
end_va = 0x645fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "framdit.ttf"
filename = "\\Windows\\Fonts\\framdit.ttf" (normalized: "c:\\windows\\fonts\\framdit.ttf")
Region:
id = 883
start_va = 0x4f50000
end_va = 0x5108fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gabriola.ttf"
filename = "\\Windows\\Fonts\\Gabriola.ttf" (normalized: "c:\\windows\\fonts\\gabriola.ttf")
Region:
id = 884
start_va = 0x4f50000
end_va = 0x5108fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gabriola.ttf"
filename = "\\Windows\\Fonts\\Gabriola.ttf" (normalized: "c:\\windows\\fonts\\gabriola.ttf")
Region:
id = 885
start_va = 0x4c20000
end_va = 0x4cfafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c20000"
filename = ""
Region:
id = 886
start_va = 0x620000
end_va = 0x646fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "georgia.ttf"
filename = "\\Windows\\Fonts\\georgia.ttf" (normalized: "c:\\windows\\fonts\\georgia.ttf")
Region:
id = 887
start_va = 0x620000
end_va = 0x646fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "georgia.ttf"
filename = "\\Windows\\Fonts\\georgia.ttf" (normalized: "c:\\windows\\fonts\\georgia.ttf")
Region:
id = 888
start_va = 0x620000
end_va = 0x647fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "georgiai.ttf"
filename = "\\Windows\\Fonts\\georgiai.ttf" (normalized: "c:\\windows\\fonts\\georgiai.ttf")
Region:
id = 889
start_va = 0x620000
end_va = 0x647fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "georgiai.ttf"
filename = "\\Windows\\Fonts\\georgiai.ttf" (normalized: "c:\\windows\\fonts\\georgiai.ttf")
Region:
id = 890
start_va = 0x620000
end_va = 0x643fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "georgiab.ttf"
filename = "\\Windows\\Fonts\\georgiab.ttf" (normalized: "c:\\windows\\fonts\\georgiab.ttf")
Region:
id = 891
start_va = 0x620000
end_va = 0x643fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "georgiab.ttf"
filename = "\\Windows\\Fonts\\georgiab.ttf" (normalized: "c:\\windows\\fonts\\georgiab.ttf")
Region:
id = 892
start_va = 0x620000
end_va = 0x648fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "georgiaz.ttf"
filename = "\\Windows\\Fonts\\georgiaz.ttf" (normalized: "c:\\windows\\fonts\\georgiaz.ttf")
Region:
id = 893
start_va = 0x620000
end_va = 0x648fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "georgiaz.ttf"
filename = "\\Windows\\Fonts\\georgiaz.ttf" (normalized: "c:\\windows\\fonts\\georgiaz.ttf")
Region:
id = 894
start_va = 0x4f50000
end_va = 0x4fc3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pala.ttf"
filename = "\\Windows\\Fonts\\pala.ttf" (normalized: "c:\\windows\\fonts\\pala.ttf")
Region:
id = 895
start_va = 0x4f50000
end_va = 0x4fc3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pala.ttf"
filename = "\\Windows\\Fonts\\pala.ttf" (normalized: "c:\\windows\\fonts\\pala.ttf")
Region:
id = 896
start_va = 0x42b0000
end_va = 0x4315fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "palai.ttf"
filename = "\\Windows\\Fonts\\palai.ttf" (normalized: "c:\\windows\\fonts\\palai.ttf")
Region:
id = 897
start_va = 0x42b0000
end_va = 0x4315fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "palai.ttf"
filename = "\\Windows\\Fonts\\palai.ttf" (normalized: "c:\\windows\\fonts\\palai.ttf")
Region:
id = 898
start_va = 0x42b0000
end_va = 0x4316fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "palab.ttf"
filename = "\\Windows\\Fonts\\palab.ttf" (normalized: "c:\\windows\\fonts\\palab.ttf")
Region:
id = 899
start_va = 0x42b0000
end_va = 0x4316fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "palab.ttf"
filename = "\\Windows\\Fonts\\palab.ttf" (normalized: "c:\\windows\\fonts\\palab.ttf")
Region:
id = 900
start_va = 0x42b0000
end_va = 0x4302fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "palabi.ttf"
filename = "\\Windows\\Fonts\\palabi.ttf" (normalized: "c:\\windows\\fonts\\palabi.ttf")
Region:
id = 901
start_va = 0x42b0000
end_va = 0x4302fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "palabi.ttf"
filename = "\\Windows\\Fonts\\palabi.ttf" (normalized: "c:\\windows\\fonts\\palabi.ttf")
Region:
id = 902
start_va = 0x620000
end_va = 0x64afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoepr.ttf"
filename = "\\Windows\\Fonts\\segoepr.ttf" (normalized: "c:\\windows\\fonts\\segoepr.ttf")
Region:
id = 903
start_va = 0x620000
end_va = 0x64afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoepr.ttf"
filename = "\\Windows\\Fonts\\segoepr.ttf" (normalized: "c:\\windows\\fonts\\segoepr.ttf")
Region:
id = 904
start_va = 0x620000
end_va = 0x64afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeprb.ttf"
filename = "\\Windows\\Fonts\\segoeprb.ttf" (normalized: "c:\\windows\\fonts\\segoeprb.ttf")
Region:
id = 905
start_va = 0x620000
end_va = 0x64afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeprb.ttf"
filename = "\\Windows\\Fonts\\segoeprb.ttf" (normalized: "c:\\windows\\fonts\\segoeprb.ttf")
Region:
id = 906
start_va = 0x620000
end_va = 0x641fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "trebuc.ttf"
filename = "\\Windows\\Fonts\\trebuc.ttf" (normalized: "c:\\windows\\fonts\\trebuc.ttf")
Region:
id = 907
start_va = 0x620000
end_va = 0x641fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "trebuc.ttf"
filename = "\\Windows\\Fonts\\trebuc.ttf" (normalized: "c:\\windows\\fonts\\trebuc.ttf")
Region:
id = 908
start_va = 0x620000
end_va = 0x642fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "trebucit.ttf"
filename = "\\Windows\\Fonts\\trebucit.ttf" (normalized: "c:\\windows\\fonts\\trebucit.ttf")
Region:
id = 909
start_va = 0x620000
end_va = 0x642fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "trebucit.ttf"
filename = "\\Windows\\Fonts\\trebucit.ttf" (normalized: "c:\\windows\\fonts\\trebucit.ttf")
Region:
id = 910
start_va = 0x400000
end_va = 0x41efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "trebucbd.ttf"
filename = "\\Windows\\Fonts\\trebucbd.ttf" (normalized: "c:\\windows\\fonts\\trebucbd.ttf")
Region:
id = 911
start_va = 0x400000
end_va = 0x41efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "trebucbd.ttf"
filename = "\\Windows\\Fonts\\trebucbd.ttf" (normalized: "c:\\windows\\fonts\\trebucbd.ttf")
Region:
id = 912
start_va = 0x620000
end_va = 0x640fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "trebucbi.ttf"
filename = "\\Windows\\Fonts\\trebucbi.ttf" (normalized: "c:\\windows\\fonts\\trebucbi.ttf")
Region:
id = 913
start_va = 0x620000
end_va = 0x640fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "trebucbi.ttf"
filename = "\\Windows\\Fonts\\trebucbi.ttf" (normalized: "c:\\windows\\fonts\\trebucbi.ttf")
Region:
id = 914
start_va = 0x620000
end_va = 0x64dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "verdana.ttf"
filename = "\\Windows\\Fonts\\verdana.ttf" (normalized: "c:\\windows\\fonts\\verdana.ttf")
Region:
id = 915
start_va = 0x620000
end_va = 0x64dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "verdana.ttf"
filename = "\\Windows\\Fonts\\verdana.ttf" (normalized: "c:\\windows\\fonts\\verdana.ttf")
Region:
id = 916
start_va = 0x620000
end_va = 0x64bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "verdanai.ttf"
filename = "\\Windows\\Fonts\\verdanai.ttf" (normalized: "c:\\windows\\fonts\\verdanai.ttf")
Region:
id = 917
start_va = 0x620000
end_va = 0x64bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "verdanai.ttf"
filename = "\\Windows\\Fonts\\verdanai.ttf" (normalized: "c:\\windows\\fonts\\verdanai.ttf")
Region:
id = 918
start_va = 0x620000
end_va = 0x645fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "verdanab.ttf"
filename = "\\Windows\\Fonts\\verdanab.ttf" (normalized: "c:\\windows\\fonts\\verdanab.ttf")
Region:
id = 919
start_va = 0x620000
end_va = 0x645fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "verdanab.ttf"
filename = "\\Windows\\Fonts\\verdanab.ttf" (normalized: "c:\\windows\\fonts\\verdanab.ttf")
Region:
id = 920
start_va = 0x620000
end_va = 0x64afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "verdanaz.ttf"
filename = "\\Windows\\Fonts\\verdanaz.ttf" (normalized: "c:\\windows\\fonts\\verdanaz.ttf")
Region:
id = 921
start_va = 0x620000
end_va = 0x64afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "verdanaz.ttf"
filename = "\\Windows\\Fonts\\verdanaz.ttf" (normalized: "c:\\windows\\fonts\\verdanaz.ttf")
Region:
id = 922
start_va = 0x400000
end_va = 0x41dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "webdings.ttf"
filename = "\\Windows\\Fonts\\webdings.ttf" (normalized: "c:\\windows\\fonts\\webdings.ttf")
Region:
id = 923
start_va = 0x400000
end_va = 0x41dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "webdings.ttf"
filename = "\\Windows\\Fonts\\webdings.ttf" (normalized: "c:\\windows\\fonts\\webdings.ttf")
Region:
id = 924
start_va = 0x400000
end_va = 0x405fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "coure.fon"
filename = "\\Windows\\Fonts\\coure.fon" (normalized: "c:\\windows\\fonts\\coure.fon")
Region:
id = 925
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "serife.fon"
filename = "\\Windows\\Fonts\\serife.fon" (normalized: "c:\\windows\\fonts\\serife.fon")
Region:
id = 926
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sserife.fon"
filename = "\\Windows\\Fonts\\sserife.fon" (normalized: "c:\\windows\\fonts\\sserife.fon")
Region:
id = 927
start_va = 0x400000
end_va = 0x406fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "smalle.fon"
filename = "\\Windows\\Fonts\\smalle.fon" (normalized: "c:\\windows\\fonts\\smalle.fon")
Region:
id = 928
start_va = 0x400000
end_va = 0x405fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "smallf.fon"
filename = "\\Windows\\Fonts\\smallf.fon" (normalized: "c:\\windows\\fonts\\smallf.fon")
Region:
id = 929
start_va = 0x4f50000
end_va = 0x5098fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "nirmala.ttf"
filename = "\\Windows\\Fonts\\NIRMALA.TTF" (normalized: "c:\\windows\\fonts\\nirmala.ttf")
Region:
id = 930
start_va = 0x4f50000
end_va = 0x5098fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "nirmala.ttf"
filename = "\\Windows\\Fonts\\NIRMALA.TTF" (normalized: "c:\\windows\\fonts\\nirmala.ttf")
Region:
id = 931
start_va = 0x4f50000
end_va = 0x508cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "nirmalab.ttf"
filename = "\\Windows\\Fonts\\NIRMALAB.TTF" (normalized: "c:\\windows\\fonts\\nirmalab.ttf")
Region:
id = 932
start_va = 0x4f50000
end_va = 0x508cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "nirmalab.ttf"
filename = "\\Windows\\Fonts\\NIRMALAB.TTF" (normalized: "c:\\windows\\fonts\\nirmalab.ttf")
Region:
id = 933
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "agencyb.ttf"
filename = "\\Windows\\Fonts\\AGENCYB.TTF" (normalized: "c:\\windows\\fonts\\agencyb.ttf")
Region:
id = 934
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "agencyb.ttf"
filename = "\\Windows\\Fonts\\AGENCYB.TTF" (normalized: "c:\\windows\\fonts\\agencyb.ttf")
Region:
id = 935
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "agencyr.ttf"
filename = "\\Windows\\Fonts\\AGENCYR.TTF" (normalized: "c:\\windows\\fonts\\agencyr.ttf")
Region:
id = 936
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "agencyr.ttf"
filename = "\\Windows\\Fonts\\AGENCYR.TTF" (normalized: "c:\\windows\\fonts\\agencyr.ttf")
Region:
id = 937
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "alger.ttf"
filename = "\\Windows\\Fonts\\ALGER.TTF" (normalized: "c:\\windows\\fonts\\alger.ttf")
Region:
id = 938
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "alger.ttf"
filename = "\\Windows\\Fonts\\ALGER.TTF" (normalized: "c:\\windows\\fonts\\alger.ttf")
Region:
id = 939
start_va = 0x620000
end_va = 0x644fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "antquab.ttf"
filename = "\\Windows\\Fonts\\ANTQUAB.TTF" (normalized: "c:\\windows\\fonts\\antquab.ttf")
Region:
id = 940
start_va = 0x620000
end_va = 0x644fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "antquab.ttf"
filename = "\\Windows\\Fonts\\ANTQUAB.TTF" (normalized: "c:\\windows\\fonts\\antquab.ttf")
Region:
id = 941
start_va = 0x620000
end_va = 0x644fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "antquabi.ttf"
filename = "\\Windows\\Fonts\\ANTQUABI.TTF" (normalized: "c:\\windows\\fonts\\antquabi.ttf")
Region:
id = 942
start_va = 0x620000
end_va = 0x644fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "antquabi.ttf"
filename = "\\Windows\\Fonts\\ANTQUABI.TTF" (normalized: "c:\\windows\\fonts\\antquabi.ttf")
Region:
id = 943
start_va = 0x620000
end_va = 0x644fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "antquai.ttf"
filename = "\\Windows\\Fonts\\ANTQUAI.TTF" (normalized: "c:\\windows\\fonts\\antquai.ttf")
Region:
id = 944
start_va = 0x620000
end_va = 0x644fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "antquai.ttf"
filename = "\\Windows\\Fonts\\ANTQUAI.TTF" (normalized: "c:\\windows\\fonts\\antquai.ttf")
Region:
id = 945
start_va = 0x620000
end_va = 0x64afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialn.ttf"
filename = "\\Windows\\Fonts\\ARIALN.TTF" (normalized: "c:\\windows\\fonts\\arialn.ttf")
Region:
id = 946
start_va = 0x620000
end_va = 0x64afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialn.ttf"
filename = "\\Windows\\Fonts\\ARIALN.TTF" (normalized: "c:\\windows\\fonts\\arialn.ttf")
Region:
id = 947
start_va = 0x620000
end_va = 0x64cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialnb.ttf"
filename = "\\Windows\\Fonts\\ARIALNB.TTF" (normalized: "c:\\windows\\fonts\\arialnb.ttf")
Region:
id = 948
start_va = 0x620000
end_va = 0x64cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialnb.ttf"
filename = "\\Windows\\Fonts\\ARIALNB.TTF" (normalized: "c:\\windows\\fonts\\arialnb.ttf")
Region:
id = 949
start_va = 0x620000
end_va = 0x64bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialnbi.ttf"
filename = "\\Windows\\Fonts\\ARIALNBI.TTF" (normalized: "c:\\windows\\fonts\\arialnbi.ttf")
Region:
id = 950
start_va = 0x620000
end_va = 0x64bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialnbi.ttf"
filename = "\\Windows\\Fonts\\ARIALNBI.TTF" (normalized: "c:\\windows\\fonts\\arialnbi.ttf")
Region:
id = 951
start_va = 0x620000
end_va = 0x64cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialni.ttf"
filename = "\\Windows\\Fonts\\ARIALNI.TTF" (normalized: "c:\\windows\\fonts\\arialni.ttf")
Region:
id = 952
start_va = 0x620000
end_va = 0x64cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialni.ttf"
filename = "\\Windows\\Fonts\\ARIALNI.TTF" (normalized: "c:\\windows\\fonts\\arialni.ttf")
Region:
id = 953
start_va = 0x400000
end_va = 0x40bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arlrdbd.ttf"
filename = "\\Windows\\Fonts\\ARLRDBD.TTF" (normalized: "c:\\windows\\fonts\\arlrdbd.ttf")
Region:
id = 954
start_va = 0x400000
end_va = 0x40bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arlrdbd.ttf"
filename = "\\Windows\\Fonts\\ARLRDBD.TTF" (normalized: "c:\\windows\\fonts\\arlrdbd.ttf")
Region:
id = 955
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "baskvill.ttf"
filename = "\\Windows\\Fonts\\BASKVILL.TTF" (normalized: "c:\\windows\\fonts\\baskvill.ttf")
Region:
id = 956
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "baskvill.ttf"
filename = "\\Windows\\Fonts\\BASKVILL.TTF" (normalized: "c:\\windows\\fonts\\baskvill.ttf")
Region:
id = 957
start_va = 0x400000
end_va = 0x40bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bauhs93.ttf"
filename = "\\Windows\\Fonts\\BAUHS93.TTF" (normalized: "c:\\windows\\fonts\\bauhs93.ttf")
Region:
id = 958
start_va = 0x400000
end_va = 0x40bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bauhs93.ttf"
filename = "\\Windows\\Fonts\\BAUHS93.TTF" (normalized: "c:\\windows\\fonts\\bauhs93.ttf")
Region:
id = 959
start_va = 0x400000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bell.ttf"
filename = "\\Windows\\Fonts\\BELL.TTF" (normalized: "c:\\windows\\fonts\\bell.ttf")
Region:
id = 960
start_va = 0x400000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bell.ttf"
filename = "\\Windows\\Fonts\\BELL.TTF" (normalized: "c:\\windows\\fonts\\bell.ttf")
Region:
id = 961
start_va = 0x400000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bellb.ttf"
filename = "\\Windows\\Fonts\\BELLB.TTF" (normalized: "c:\\windows\\fonts\\bellb.ttf")
Region:
id = 962
start_va = 0x400000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bellb.ttf"
filename = "\\Windows\\Fonts\\BELLB.TTF" (normalized: "c:\\windows\\fonts\\bellb.ttf")
Region:
id = 963
start_va = 0x400000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "belli.ttf"
filename = "\\Windows\\Fonts\\BELLI.TTF" (normalized: "c:\\windows\\fonts\\belli.ttf")
Region:
id = 964
start_va = 0x400000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "belli.ttf"
filename = "\\Windows\\Fonts\\BELLI.TTF" (normalized: "c:\\windows\\fonts\\belli.ttf")
Region:
id = 965
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bernhc.ttf"
filename = "\\Windows\\Fonts\\BERNHC.TTF" (normalized: "c:\\windows\\fonts\\bernhc.ttf")
Region:
id = 966
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bernhc.ttf"
filename = "\\Windows\\Fonts\\BERNHC.TTF" (normalized: "c:\\windows\\fonts\\bernhc.ttf")
Region:
id = 967
start_va = 0x620000
end_va = 0x645fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bkant.ttf"
filename = "\\Windows\\Fonts\\BKANT.TTF" (normalized: "c:\\windows\\fonts\\bkant.ttf")
Region:
id = 968
start_va = 0x620000
end_va = 0x645fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bkant.ttf"
filename = "\\Windows\\Fonts\\BKANT.TTF" (normalized: "c:\\windows\\fonts\\bkant.ttf")
Region:
id = 969
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_b.ttf"
filename = "\\Windows\\Fonts\\BOD_B.TTF" (normalized: "c:\\windows\\fonts\\bod_b.ttf")
Region:
id = 970
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_b.ttf"
filename = "\\Windows\\Fonts\\BOD_B.TTF" (normalized: "c:\\windows\\fonts\\bod_b.ttf")
Region:
id = 971
start_va = 0x400000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_bi.ttf"
filename = "\\Windows\\Fonts\\BOD_BI.TTF" (normalized: "c:\\windows\\fonts\\bod_bi.ttf")
Region:
id = 972
start_va = 0x400000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_bi.ttf"
filename = "\\Windows\\Fonts\\BOD_BI.TTF" (normalized: "c:\\windows\\fonts\\bod_bi.ttf")
Region:
id = 973
start_va = 0x400000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_blai.ttf"
filename = "\\Windows\\Fonts\\BOD_BLAI.TTF" (normalized: "c:\\windows\\fonts\\bod_blai.ttf")
Region:
id = 974
start_va = 0x400000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_blai.ttf"
filename = "\\Windows\\Fonts\\BOD_BLAI.TTF" (normalized: "c:\\windows\\fonts\\bod_blai.ttf")
Region:
id = 975
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_blar.ttf"
filename = "\\Windows\\Fonts\\BOD_BLAR.TTF" (normalized: "c:\\windows\\fonts\\bod_blar.ttf")
Region:
id = 976
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_blar.ttf"
filename = "\\Windows\\Fonts\\BOD_BLAR.TTF" (normalized: "c:\\windows\\fonts\\bod_blar.ttf")
Region:
id = 977
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_cb.ttf"
filename = "\\Windows\\Fonts\\BOD_CB.TTF" (normalized: "c:\\windows\\fonts\\bod_cb.ttf")
Region:
id = 978
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_cb.ttf"
filename = "\\Windows\\Fonts\\BOD_CB.TTF" (normalized: "c:\\windows\\fonts\\bod_cb.ttf")
Region:
id = 979
start_va = 0x400000
end_va = 0x413fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_cbi.ttf"
filename = "\\Windows\\Fonts\\BOD_CBI.TTF" (normalized: "c:\\windows\\fonts\\bod_cbi.ttf")
Region:
id = 980
start_va = 0x400000
end_va = 0x413fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_cbi.ttf"
filename = "\\Windows\\Fonts\\BOD_CBI.TTF" (normalized: "c:\\windows\\fonts\\bod_cbi.ttf")
Region:
id = 981
start_va = 0x400000
end_va = 0x413fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_ci.ttf"
filename = "\\Windows\\Fonts\\BOD_CI.TTF" (normalized: "c:\\windows\\fonts\\bod_ci.ttf")
Region:
id = 982
start_va = 0x400000
end_va = 0x413fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_ci.ttf"
filename = "\\Windows\\Fonts\\BOD_CI.TTF" (normalized: "c:\\windows\\fonts\\bod_ci.ttf")
Region:
id = 983
start_va = 0x400000
end_va = 0x413fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_cr.ttf"
filename = "\\Windows\\Fonts\\BOD_CR.TTF" (normalized: "c:\\windows\\fonts\\bod_cr.ttf")
Region:
id = 984
start_va = 0x400000
end_va = 0x413fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_cr.ttf"
filename = "\\Windows\\Fonts\\BOD_CR.TTF" (normalized: "c:\\windows\\fonts\\bod_cr.ttf")
Region:
id = 985
start_va = 0x400000
end_va = 0x415fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_i.ttf"
filename = "\\Windows\\Fonts\\BOD_I.TTF" (normalized: "c:\\windows\\fonts\\bod_i.ttf")
Region:
id = 986
start_va = 0x400000
end_va = 0x415fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_i.ttf"
filename = "\\Windows\\Fonts\\BOD_I.TTF" (normalized: "c:\\windows\\fonts\\bod_i.ttf")
Region:
id = 987
start_va = 0x400000
end_va = 0x416fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_pstc.ttf"
filename = "\\Windows\\Fonts\\BOD_PSTC.TTF" (normalized: "c:\\windows\\fonts\\bod_pstc.ttf")
Region:
id = 988
start_va = 0x400000
end_va = 0x416fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_pstc.ttf"
filename = "\\Windows\\Fonts\\BOD_PSTC.TTF" (normalized: "c:\\windows\\fonts\\bod_pstc.ttf")
Region:
id = 989
start_va = 0x400000
end_va = 0x413fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_r.ttf"
filename = "\\Windows\\Fonts\\BOD_R.TTF" (normalized: "c:\\windows\\fonts\\bod_r.ttf")
Region:
id = 990
start_va = 0x400000
end_va = 0x413fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_r.ttf"
filename = "\\Windows\\Fonts\\BOD_R.TTF" (normalized: "c:\\windows\\fonts\\bod_r.ttf")
Region:
id = 991
start_va = 0x620000
end_va = 0x647fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bookos.ttf"
filename = "\\Windows\\Fonts\\BOOKOS.TTF" (normalized: "c:\\windows\\fonts\\bookos.ttf")
Region:
id = 992
start_va = 0x620000
end_va = 0x647fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bookos.ttf"
filename = "\\Windows\\Fonts\\BOOKOS.TTF" (normalized: "c:\\windows\\fonts\\bookos.ttf")
Region:
id = 993
start_va = 0x620000
end_va = 0x645fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bookosb.ttf"
filename = "\\Windows\\Fonts\\BOOKOSB.TTF" (normalized: "c:\\windows\\fonts\\bookosb.ttf")
Region:
id = 994
start_va = 0x620000
end_va = 0x645fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bookosb.ttf"
filename = "\\Windows\\Fonts\\BOOKOSB.TTF" (normalized: "c:\\windows\\fonts\\bookosb.ttf")
Region:
id = 995
start_va = 0x620000
end_va = 0x647fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bookosbi.ttf"
filename = "\\Windows\\Fonts\\BOOKOSBI.TTF" (normalized: "c:\\windows\\fonts\\bookosbi.ttf")
Region:
id = 996
start_va = 0x620000
end_va = 0x647fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bookosbi.ttf"
filename = "\\Windows\\Fonts\\BOOKOSBI.TTF" (normalized: "c:\\windows\\fonts\\bookosbi.ttf")
Region:
id = 997
start_va = 0x620000
end_va = 0x647fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bookosi.ttf"
filename = "\\Windows\\Fonts\\BOOKOSI.TTF" (normalized: "c:\\windows\\fonts\\bookosi.ttf")
Region:
id = 998
start_va = 0x620000
end_va = 0x647fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bookosi.ttf"
filename = "\\Windows\\Fonts\\BOOKOSI.TTF" (normalized: "c:\\windows\\fonts\\bookosi.ttf")
Region:
id = 999
start_va = 0x400000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bradhitc.ttf"
filename = "\\Windows\\Fonts\\BRADHITC.TTF" (normalized: "c:\\windows\\fonts\\bradhitc.ttf")
Region:
id = 1000
start_va = 0x400000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bradhitc.ttf"
filename = "\\Windows\\Fonts\\BRADHITC.TTF" (normalized: "c:\\windows\\fonts\\bradhitc.ttf")
Region:
id = 1001
start_va = 0x400000
end_va = 0x409fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "britanic.ttf"
filename = "\\Windows\\Fonts\\BRITANIC.TTF" (normalized: "c:\\windows\\fonts\\britanic.ttf")
Region:
id = 1002
start_va = 0x400000
end_va = 0x409fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "britanic.ttf"
filename = "\\Windows\\Fonts\\BRITANIC.TTF" (normalized: "c:\\windows\\fonts\\britanic.ttf")
Region:
id = 1003
start_va = 0x400000
end_va = 0x417fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "brlnsb.ttf"
filename = "\\Windows\\Fonts\\BRLNSB.TTF" (normalized: "c:\\windows\\fonts\\brlnsb.ttf")
Region:
id = 1004
start_va = 0x400000
end_va = 0x417fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "brlnsb.ttf"
filename = "\\Windows\\Fonts\\BRLNSB.TTF" (normalized: "c:\\windows\\fonts\\brlnsb.ttf")
Region:
id = 1005
start_va = 0x400000
end_va = 0x417fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "brlnsdb.ttf"
filename = "\\Windows\\Fonts\\BRLNSDB.TTF" (normalized: "c:\\windows\\fonts\\brlnsdb.ttf")
Region:
id = 1006
start_va = 0x400000
end_va = 0x417fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "brlnsdb.ttf"
filename = "\\Windows\\Fonts\\BRLNSDB.TTF" (normalized: "c:\\windows\\fonts\\brlnsdb.ttf")
Region:
id = 1007
start_va = 0x400000
end_va = 0x417fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "brlnsr.ttf"
filename = "\\Windows\\Fonts\\BRLNSR.TTF" (normalized: "c:\\windows\\fonts\\brlnsr.ttf")
Region:
id = 1008
start_va = 0x400000
end_va = 0x417fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "brlnsr.ttf"
filename = "\\Windows\\Fonts\\BRLNSR.TTF" (normalized: "c:\\windows\\fonts\\brlnsr.ttf")
Region:
id = 1009
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "broadw.ttf"
filename = "\\Windows\\Fonts\\BROADW.TTF" (normalized: "c:\\windows\\fonts\\broadw.ttf")
Region:
id = 1010
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "broadw.ttf"
filename = "\\Windows\\Fonts\\BROADW.TTF" (normalized: "c:\\windows\\fonts\\broadw.ttf")
Region:
id = 1011
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "brushsci.ttf"
filename = "\\Windows\\Fonts\\BRUSHSCI.TTF" (normalized: "c:\\windows\\fonts\\brushsci.ttf")
Region:
id = 1012
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "brushsci.ttf"
filename = "\\Windows\\Fonts\\BRUSHSCI.TTF" (normalized: "c:\\windows\\fonts\\brushsci.ttf")
Region:
id = 1013
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bssym7.ttf"
filename = "\\Windows\\Fonts\\BSSYM7.TTF" (normalized: "c:\\windows\\fonts\\bssym7.ttf")
Region:
id = 1014
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bssym7.ttf"
filename = "\\Windows\\Fonts\\BSSYM7.TTF" (normalized: "c:\\windows\\fonts\\bssym7.ttf")
Region:
id = 1015
start_va = 0x4f50000
end_va = 0x5009fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calibril.ttf"
filename = "\\Windows\\Fonts\\CalibriL.ttf" (normalized: "c:\\windows\\fonts\\calibril.ttf")
Region:
id = 1016
start_va = 0x4f50000
end_va = 0x5009fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calibril.ttf"
filename = "\\Windows\\Fonts\\CalibriL.ttf" (normalized: "c:\\windows\\fonts\\calibril.ttf")
Region:
id = 1017
start_va = 0x4f50000
end_va = 0x5024fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calibrili.ttf"
filename = "\\Windows\\Fonts\\CalibriLI.ttf" (normalized: "c:\\windows\\fonts\\calibrili.ttf")
Region:
id = 1018
start_va = 0x4f50000
end_va = 0x5024fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calibrili.ttf"
filename = "\\Windows\\Fonts\\CalibriLI.ttf" (normalized: "c:\\windows\\fonts\\calibrili.ttf")
Region:
id = 1019
start_va = 0x400000
end_va = 0x413fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "califb.ttf"
filename = "\\Windows\\Fonts\\CALIFB.TTF" (normalized: "c:\\windows\\fonts\\califb.ttf")
Region:
id = 1020
start_va = 0x400000
end_va = 0x413fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "califb.ttf"
filename = "\\Windows\\Fonts\\CALIFB.TTF" (normalized: "c:\\windows\\fonts\\califb.ttf")
Region:
id = 1021
start_va = 0x400000
end_va = 0x418fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "califi.ttf"
filename = "\\Windows\\Fonts\\CALIFI.TTF" (normalized: "c:\\windows\\fonts\\califi.ttf")
Region:
id = 1022
start_va = 0x400000
end_va = 0x418fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "califi.ttf"
filename = "\\Windows\\Fonts\\CALIFI.TTF" (normalized: "c:\\windows\\fonts\\califi.ttf")
Region:
id = 1023
start_va = 0x400000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "califr.ttf"
filename = "\\Windows\\Fonts\\CALIFR.TTF" (normalized: "c:\\windows\\fonts\\califr.ttf")
Region:
id = 1024
start_va = 0x400000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "califr.ttf"
filename = "\\Windows\\Fonts\\CALIFR.TTF" (normalized: "c:\\windows\\fonts\\califr.ttf")
Region:
id = 1025
start_va = 0x400000
end_va = 0x413fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calist.ttf"
filename = "\\Windows\\Fonts\\CALIST.TTF" (normalized: "c:\\windows\\fonts\\calist.ttf")
Region:
id = 1026
start_va = 0x400000
end_va = 0x413fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calist.ttf"
filename = "\\Windows\\Fonts\\CALIST.TTF" (normalized: "c:\\windows\\fonts\\calist.ttf")
Region:
id = 1027
start_va = 0x400000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calistb.ttf"
filename = "\\Windows\\Fonts\\CALISTB.TTF" (normalized: "c:\\windows\\fonts\\calistb.ttf")
Region:
id = 1028
start_va = 0x400000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calistb.ttf"
filename = "\\Windows\\Fonts\\CALISTB.TTF" (normalized: "c:\\windows\\fonts\\calistb.ttf")
Region:
id = 1029
start_va = 0x400000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calistbi.ttf"
filename = "\\Windows\\Fonts\\CALISTBI.TTF" (normalized: "c:\\windows\\fonts\\calistbi.ttf")
Region:
id = 1030
start_va = 0x400000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calistbi.ttf"
filename = "\\Windows\\Fonts\\CALISTBI.TTF" (normalized: "c:\\windows\\fonts\\calistbi.ttf")
Region:
id = 1031
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calisti.ttf"
filename = "\\Windows\\Fonts\\CALISTI.TTF" (normalized: "c:\\windows\\fonts\\calisti.ttf")
Region:
id = 1032
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calisti.ttf"
filename = "\\Windows\\Fonts\\CALISTI.TTF" (normalized: "c:\\windows\\fonts\\calisti.ttf")
Region:
id = 1033
start_va = 0x400000
end_va = 0x40bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "castelar.ttf"
filename = "\\Windows\\Fonts\\CASTELAR.TTF" (normalized: "c:\\windows\\fonts\\castelar.ttf")
Region:
id = 1034
start_va = 0x400000
end_va = 0x40bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "castelar.ttf"
filename = "\\Windows\\Fonts\\CASTELAR.TTF" (normalized: "c:\\windows\\fonts\\castelar.ttf")
Region:
id = 1035
start_va = 0x620000
end_va = 0x647fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "censcbk.ttf"
filename = "\\Windows\\Fonts\\CENSCBK.TTF" (normalized: "c:\\windows\\fonts\\censcbk.ttf")
Region:
id = 1036
start_va = 0x620000
end_va = 0x647fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "censcbk.ttf"
filename = "\\Windows\\Fonts\\CENSCBK.TTF" (normalized: "c:\\windows\\fonts\\censcbk.ttf")
Region:
id = 1037
start_va = 0x400000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "centaur.ttf"
filename = "\\Windows\\Fonts\\CENTAUR.TTF" (normalized: "c:\\windows\\fonts\\centaur.ttf")
Region:
id = 1038
start_va = 0x400000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "centaur.ttf"
filename = "\\Windows\\Fonts\\CENTAUR.TTF" (normalized: "c:\\windows\\fonts\\centaur.ttf")
Region:
id = 1039
start_va = 0x620000
end_va = 0x648fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "century.ttf"
filename = "\\Windows\\Fonts\\CENTURY.TTF" (normalized: "c:\\windows\\fonts\\century.ttf")
Region:
id = 1040
start_va = 0x620000
end_va = 0x648fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "century.ttf"
filename = "\\Windows\\Fonts\\CENTURY.TTF" (normalized: "c:\\windows\\fonts\\century.ttf")
Region:
id = 1041
start_va = 0x400000
end_va = 0x417fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "chiller.ttf"
filename = "\\Windows\\Fonts\\CHILLER.TTF" (normalized: "c:\\windows\\fonts\\chiller.ttf")
Region:
id = 1042
start_va = 0x400000
end_va = 0x417fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "chiller.ttf"
filename = "\\Windows\\Fonts\\CHILLER.TTF" (normalized: "c:\\windows\\fonts\\chiller.ttf")
Region:
id = 1043
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "colonna.ttf"
filename = "\\Windows\\Fonts\\COLONNA.TTF" (normalized: "c:\\windows\\fonts\\colonna.ttf")
Region:
id = 1044
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "colonna.ttf"
filename = "\\Windows\\Fonts\\COLONNA.TTF" (normalized: "c:\\windows\\fonts\\colonna.ttf")
Region:
id = 1045
start_va = 0x400000
end_va = 0x413fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "coopbl.ttf"
filename = "\\Windows\\Fonts\\COOPBL.TTF" (normalized: "c:\\windows\\fonts\\coopbl.ttf")
Region:
id = 1046
start_va = 0x400000
end_va = 0x413fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "coopbl.ttf"
filename = "\\Windows\\Fonts\\COOPBL.TTF" (normalized: "c:\\windows\\fonts\\coopbl.ttf")
Region:
id = 1047
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "coprgtb.ttf"
filename = "\\Windows\\Fonts\\COPRGTB.TTF" (normalized: "c:\\windows\\fonts\\coprgtb.ttf")
Region:
id = 1048
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "coprgtb.ttf"
filename = "\\Windows\\Fonts\\COPRGTB.TTF" (normalized: "c:\\windows\\fonts\\coprgtb.ttf")
Region:
id = 1049
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "coprgtl.ttf"
filename = "\\Windows\\Fonts\\COPRGTL.TTF" (normalized: "c:\\windows\\fonts\\coprgtl.ttf")
Region:
id = 1050
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "coprgtl.ttf"
filename = "\\Windows\\Fonts\\COPRGTL.TTF" (normalized: "c:\\windows\\fonts\\coprgtl.ttf")
Region:
id = 1051
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "curlz___.ttf"
filename = "\\Windows\\Fonts\\CURLZ___.TTF" (normalized: "c:\\windows\\fonts\\curlz___.ttf")
Region:
id = 1052
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "curlz___.ttf"
filename = "\\Windows\\Fonts\\CURLZ___.TTF" (normalized: "c:\\windows\\fonts\\curlz___.ttf")
Region:
id = 1053
start_va = 0x400000
end_va = 0x40cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "elephnt.ttf"
filename = "\\Windows\\Fonts\\ELEPHNT.TTF" (normalized: "c:\\windows\\fonts\\elephnt.ttf")
Region:
id = 1054
start_va = 0x400000
end_va = 0x40cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "elephnt.ttf"
filename = "\\Windows\\Fonts\\ELEPHNT.TTF" (normalized: "c:\\windows\\fonts\\elephnt.ttf")
Region:
id = 1055
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "elephnti.ttf"
filename = "\\Windows\\Fonts\\ELEPHNTI.TTF" (normalized: "c:\\windows\\fonts\\elephnti.ttf")
Region:
id = 1056
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "elephnti.ttf"
filename = "\\Windows\\Fonts\\ELEPHNTI.TTF" (normalized: "c:\\windows\\fonts\\elephnti.ttf")
Region:
id = 1057
start_va = 0x400000
end_va = 0x40cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "engr.ttf"
filename = "\\Windows\\Fonts\\ENGR.TTF" (normalized: "c:\\windows\\fonts\\engr.ttf")
Region:
id = 1058
start_va = 0x400000
end_va = 0x40cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "engr.ttf"
filename = "\\Windows\\Fonts\\ENGR.TTF" (normalized: "c:\\windows\\fonts\\engr.ttf")
Region:
id = 1059
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "erasbd.ttf"
filename = "\\Windows\\Fonts\\ERASBD.TTF" (normalized: "c:\\windows\\fonts\\erasbd.ttf")
Region:
id = 1060
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "erasbd.ttf"
filename = "\\Windows\\Fonts\\ERASBD.TTF" (normalized: "c:\\windows\\fonts\\erasbd.ttf")
Region:
id = 1061
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "erasdemi.ttf"
filename = "\\Windows\\Fonts\\ERASDEMI.TTF" (normalized: "c:\\windows\\fonts\\erasdemi.ttf")
Region:
id = 1062
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "erasdemi.ttf"
filename = "\\Windows\\Fonts\\ERASDEMI.TTF" (normalized: "c:\\windows\\fonts\\erasdemi.ttf")
Region:
id = 1063
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "eraslght.ttf"
filename = "\\Windows\\Fonts\\ERASLGHT.TTF" (normalized: "c:\\windows\\fonts\\eraslght.ttf")
Region:
id = 1064
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "eraslght.ttf"
filename = "\\Windows\\Fonts\\ERASLGHT.TTF" (normalized: "c:\\windows\\fonts\\eraslght.ttf")
Region:
id = 1065
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "erasmd.ttf"
filename = "\\Windows\\Fonts\\ERASMD.TTF" (normalized: "c:\\windows\\fonts\\erasmd.ttf")
Region:
id = 1066
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "erasmd.ttf"
filename = "\\Windows\\Fonts\\ERASMD.TTF" (normalized: "c:\\windows\\fonts\\erasmd.ttf")
Region:
id = 1067
start_va = 0x400000
end_va = 0x40bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "felixti.ttf"
filename = "\\Windows\\Fonts\\FELIXTI.TTF" (normalized: "c:\\windows\\fonts\\felixti.ttf")
Region:
id = 1068
start_va = 0x400000
end_va = 0x40bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "felixti.ttf"
filename = "\\Windows\\Fonts\\FELIXTI.TTF" (normalized: "c:\\windows\\fonts\\felixti.ttf")
Region:
id = 1069
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "forte.ttf"
filename = "\\Windows\\Fonts\\FORTE.TTF" (normalized: "c:\\windows\\fonts\\forte.ttf")
Region:
id = 1070
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "forte.ttf"
filename = "\\Windows\\Fonts\\FORTE.TTF" (normalized: "c:\\windows\\fonts\\forte.ttf")
Region:
id = 1071
start_va = 0x620000
end_va = 0x645fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "frabk.ttf"
filename = "\\Windows\\Fonts\\FRABK.TTF" (normalized: "c:\\windows\\fonts\\frabk.ttf")
Region:
id = 1072
start_va = 0x620000
end_va = 0x645fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "frabk.ttf"
filename = "\\Windows\\Fonts\\FRABK.TTF" (normalized: "c:\\windows\\fonts\\frabk.ttf")
Region:
id = 1073
start_va = 0x620000
end_va = 0x649fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "frabkit.ttf"
filename = "\\Windows\\Fonts\\FRABKIT.TTF" (normalized: "c:\\windows\\fonts\\frabkit.ttf")
Region:
id = 1074
start_va = 0x620000
end_va = 0x649fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "frabkit.ttf"
filename = "\\Windows\\Fonts\\FRABKIT.TTF" (normalized: "c:\\windows\\fonts\\frabkit.ttf")
Region:
id = 1075
start_va = 0x620000
end_va = 0x642fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fradm.ttf"
filename = "\\Windows\\Fonts\\FRADM.TTF" (normalized: "c:\\windows\\fonts\\fradm.ttf")
Region:
id = 1076
start_va = 0x620000
end_va = 0x642fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fradm.ttf"
filename = "\\Windows\\Fonts\\FRADM.TTF" (normalized: "c:\\windows\\fonts\\fradm.ttf")
Region:
id = 1077
start_va = 0x400000
end_va = 0x41cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fradmcn.ttf"
filename = "\\Windows\\Fonts\\FRADMCN.TTF" (normalized: "c:\\windows\\fonts\\fradmcn.ttf")
Region:
id = 1078
start_va = 0x400000
end_va = 0x41cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fradmcn.ttf"
filename = "\\Windows\\Fonts\\FRADMCN.TTF" (normalized: "c:\\windows\\fonts\\fradmcn.ttf")
Region:
id = 1079
start_va = 0x620000
end_va = 0x641fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fradmit.ttf"
filename = "\\Windows\\Fonts\\FRADMIT.TTF" (normalized: "c:\\windows\\fonts\\fradmit.ttf")
Region:
id = 1080
start_va = 0x620000
end_va = 0x641fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fradmit.ttf"
filename = "\\Windows\\Fonts\\FRADMIT.TTF" (normalized: "c:\\windows\\fonts\\fradmit.ttf")
Region:
id = 1081
start_va = 0x620000
end_va = 0x642fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "frahv.ttf"
filename = "\\Windows\\Fonts\\FRAHV.TTF" (normalized: "c:\\windows\\fonts\\frahv.ttf")
Region:
id = 1082
start_va = 0x620000
end_va = 0x642fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "frahv.ttf"
filename = "\\Windows\\Fonts\\FRAHV.TTF" (normalized: "c:\\windows\\fonts\\frahv.ttf")
Region:
id = 1083
start_va = 0x620000
end_va = 0x645fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "frahvit.ttf"
filename = "\\Windows\\Fonts\\FRAHVIT.TTF" (normalized: "c:\\windows\\fonts\\frahvit.ttf")
Region:
id = 1084
start_va = 0x620000
end_va = 0x645fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "frahvit.ttf"
filename = "\\Windows\\Fonts\\FRAHVIT.TTF" (normalized: "c:\\windows\\fonts\\frahvit.ttf")
Region:
id = 1085
start_va = 0x620000
end_va = 0x640fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "framdcn.ttf"
filename = "\\Windows\\Fonts\\FRAMDCN.TTF" (normalized: "c:\\windows\\fonts\\framdcn.ttf")
Region:
id = 1086
start_va = 0x620000
end_va = 0x640fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "framdcn.ttf"
filename = "\\Windows\\Fonts\\FRAMDCN.TTF" (normalized: "c:\\windows\\fonts\\framdcn.ttf")
Region:
id = 1087
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "freescpt.ttf"
filename = "\\Windows\\Fonts\\FREESCPT.TTF" (normalized: "c:\\windows\\fonts\\freescpt.ttf")
Region:
id = 1088
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "freescpt.ttf"
filename = "\\Windows\\Fonts\\FREESCPT.TTF" (normalized: "c:\\windows\\fonts\\freescpt.ttf")
Region:
id = 1089
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "frscript.ttf"
filename = "\\Windows\\Fonts\\FRSCRIPT.TTF" (normalized: "c:\\windows\\fonts\\frscript.ttf")
Region:
id = 1090
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "frscript.ttf"
filename = "\\Windows\\Fonts\\FRSCRIPT.TTF" (normalized: "c:\\windows\\fonts\\frscript.ttf")
Region:
id = 1091
start_va = 0x400000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ftltlt.ttf"
filename = "\\Windows\\Fonts\\FTLTLT.TTF" (normalized: "c:\\windows\\fonts\\ftltlt.ttf")
Region:
id = 1092
start_va = 0x400000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ftltlt.ttf"
filename = "\\Windows\\Fonts\\FTLTLT.TTF" (normalized: "c:\\windows\\fonts\\ftltlt.ttf")
Region:
id = 1093
start_va = 0x620000
end_va = 0x653fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gadugi.ttf"
filename = "\\Windows\\Fonts\\GADUGI.TTF" (normalized: "c:\\windows\\fonts\\gadugi.ttf")
Region:
id = 1094
start_va = 0x620000
end_va = 0x653fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gadugi.ttf"
filename = "\\Windows\\Fonts\\GADUGI.TTF" (normalized: "c:\\windows\\fonts\\gadugi.ttf")
Region:
id = 1095
start_va = 0x620000
end_va = 0x653fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gadugib.ttf"
filename = "\\Windows\\Fonts\\GADUGIB.TTF" (normalized: "c:\\windows\\fonts\\gadugib.ttf")
Region:
id = 1096
start_va = 0x620000
end_va = 0x653fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gadugib.ttf"
filename = "\\Windows\\Fonts\\GADUGIB.TTF" (normalized: "c:\\windows\\fonts\\gadugib.ttf")
Region:
id = 1097
start_va = 0x620000
end_va = 0x650fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gara.ttf"
filename = "\\Windows\\Fonts\\GARA.TTF" (normalized: "c:\\windows\\fonts\\gara.ttf")
Region:
id = 1098
start_va = 0x620000
end_va = 0x650fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gara.ttf"
filename = "\\Windows\\Fonts\\GARA.TTF" (normalized: "c:\\windows\\fonts\\gara.ttf")
Region:
id = 1099
start_va = 0x620000
end_va = 0x650fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "garabd.ttf"
filename = "\\Windows\\Fonts\\GARABD.TTF" (normalized: "c:\\windows\\fonts\\garabd.ttf")
Region:
id = 1100
start_va = 0x620000
end_va = 0x650fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "garabd.ttf"
filename = "\\Windows\\Fonts\\GARABD.TTF" (normalized: "c:\\windows\\fonts\\garabd.ttf")
Region:
id = 1101
start_va = 0x620000
end_va = 0x64efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "garait.ttf"
filename = "\\Windows\\Fonts\\GARAIT.TTF" (normalized: "c:\\windows\\fonts\\garait.ttf")
Region:
id = 1102
start_va = 0x620000
end_va = 0x64efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "garait.ttf"
filename = "\\Windows\\Fonts\\GARAIT.TTF" (normalized: "c:\\windows\\fonts\\garait.ttf")
Region:
id = 1103
start_va = 0x620000
end_va = 0x642fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gigi.ttf"
filename = "\\Windows\\Fonts\\GIGI.TTF" (normalized: "c:\\windows\\fonts\\gigi.ttf")
Region:
id = 1104
start_va = 0x620000
end_va = 0x642fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gigi.ttf"
filename = "\\Windows\\Fonts\\GIGI.TTF" (normalized: "c:\\windows\\fonts\\gigi.ttf")
Region:
id = 1105
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gil_____.ttf"
filename = "\\Windows\\Fonts\\GIL_____.TTF" (normalized: "c:\\windows\\fonts\\gil_____.ttf")
Region:
id = 1106
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gil_____.ttf"
filename = "\\Windows\\Fonts\\GIL_____.TTF" (normalized: "c:\\windows\\fonts\\gil_____.ttf")
Region:
id = 1107
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gilb____.ttf"
filename = "\\Windows\\Fonts\\GILB____.TTF" (normalized: "c:\\windows\\fonts\\gilb____.ttf")
Region:
id = 1108
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gilb____.ttf"
filename = "\\Windows\\Fonts\\GILB____.TTF" (normalized: "c:\\windows\\fonts\\gilb____.ttf")
Region:
id = 1109
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gilbi___.ttf"
filename = "\\Windows\\Fonts\\GILBI___.TTF" (normalized: "c:\\windows\\fonts\\gilbi___.ttf")
Region:
id = 1110
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gilbi___.ttf"
filename = "\\Windows\\Fonts\\GILBI___.TTF" (normalized: "c:\\windows\\fonts\\gilbi___.ttf")
Region:
id = 1111
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gilc____.ttf"
filename = "\\Windows\\Fonts\\GILC____.TTF" (normalized: "c:\\windows\\fonts\\gilc____.ttf")
Region:
id = 1112
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gilc____.ttf"
filename = "\\Windows\\Fonts\\GILC____.TTF" (normalized: "c:\\windows\\fonts\\gilc____.ttf")
Region:
id = 1113
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gili____.ttf"
filename = "\\Windows\\Fonts\\GILI____.TTF" (normalized: "c:\\windows\\fonts\\gili____.ttf")
Region:
id = 1114
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gili____.ttf"
filename = "\\Windows\\Fonts\\GILI____.TTF" (normalized: "c:\\windows\\fonts\\gili____.ttf")
Region:
id = 1115
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gillubcd.ttf"
filename = "\\Windows\\Fonts\\GILLUBCD.TTF" (normalized: "c:\\windows\\fonts\\gillubcd.ttf")
Region:
id = 1116
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gillubcd.ttf"
filename = "\\Windows\\Fonts\\GILLUBCD.TTF" (normalized: "c:\\windows\\fonts\\gillubcd.ttf")
Region:
id = 1117
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gilsanub.ttf"
filename = "\\Windows\\Fonts\\GILSANUB.TTF" (normalized: "c:\\windows\\fonts\\gilsanub.ttf")
Region:
id = 1118
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gilsanub.ttf"
filename = "\\Windows\\Fonts\\GILSANUB.TTF" (normalized: "c:\\windows\\fonts\\gilsanub.ttf")
Region:
id = 1119
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "glecb.ttf"
filename = "\\Windows\\Fonts\\GLECB.TTF" (normalized: "c:\\windows\\fonts\\glecb.ttf")
Region:
id = 1120
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "glecb.ttf"
filename = "\\Windows\\Fonts\\GLECB.TTF" (normalized: "c:\\windows\\fonts\\glecb.ttf")
Region:
id = 1121
start_va = 0x400000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "glsnecb.ttf"
filename = "\\Windows\\Fonts\\GLSNECB.TTF" (normalized: "c:\\windows\\fonts\\glsnecb.ttf")
Region:
id = 1122
start_va = 0x400000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "glsnecb.ttf"
filename = "\\Windows\\Fonts\\GLSNECB.TTF" (normalized: "c:\\windows\\fonts\\glsnecb.ttf")
Region:
id = 1123
start_va = 0x620000
end_va = 0x641fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gothic.ttf"
filename = "\\Windows\\Fonts\\GOTHIC.TTF" (normalized: "c:\\windows\\fonts\\gothic.ttf")
Region:
id = 1124
start_va = 0x620000
end_va = 0x641fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gothic.ttf"
filename = "\\Windows\\Fonts\\GOTHIC.TTF" (normalized: "c:\\windows\\fonts\\gothic.ttf")
Region:
id = 1125
start_va = 0x400000
end_va = 0x41ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gothicb.ttf"
filename = "\\Windows\\Fonts\\GOTHICB.TTF" (normalized: "c:\\windows\\fonts\\gothicb.ttf")
Region:
id = 1126
start_va = 0x400000
end_va = 0x41ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gothicb.ttf"
filename = "\\Windows\\Fonts\\GOTHICB.TTF" (normalized: "c:\\windows\\fonts\\gothicb.ttf")
Region:
id = 1127
start_va = 0x620000
end_va = 0x641fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gothicbi.ttf"
filename = "\\Windows\\Fonts\\GOTHICBI.TTF" (normalized: "c:\\windows\\fonts\\gothicbi.ttf")
Region:
id = 1128
start_va = 0x620000
end_va = 0x641fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gothicbi.ttf"
filename = "\\Windows\\Fonts\\GOTHICBI.TTF" (normalized: "c:\\windows\\fonts\\gothicbi.ttf")
Region:
id = 1129
start_va = 0x620000
end_va = 0x644fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gothici.ttf"
filename = "\\Windows\\Fonts\\GOTHICI.TTF" (normalized: "c:\\windows\\fonts\\gothici.ttf")
Region:
id = 1130
start_va = 0x620000
end_va = 0x644fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gothici.ttf"
filename = "\\Windows\\Fonts\\GOTHICI.TTF" (normalized: "c:\\windows\\fonts\\gothici.ttf")
Region:
id = 1131
start_va = 0x400000
end_va = 0x413fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "goudos.ttf"
filename = "\\Windows\\Fonts\\GOUDOS.TTF" (normalized: "c:\\windows\\fonts\\goudos.ttf")
Region:
id = 1132
start_va = 0x400000
end_va = 0x413fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "goudos.ttf"
filename = "\\Windows\\Fonts\\GOUDOS.TTF" (normalized: "c:\\windows\\fonts\\goudos.ttf")
Region:
id = 1133
start_va = 0x400000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "goudosb.ttf"
filename = "\\Windows\\Fonts\\GOUDOSB.TTF" (normalized: "c:\\windows\\fonts\\goudosb.ttf")
Region:
id = 1134
start_va = 0x400000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "goudosb.ttf"
filename = "\\Windows\\Fonts\\GOUDOSB.TTF" (normalized: "c:\\windows\\fonts\\goudosb.ttf")
Region:
id = 1135
start_va = 0x400000
end_va = 0x413fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "goudosi.ttf"
filename = "\\Windows\\Fonts\\GOUDOSI.TTF" (normalized: "c:\\windows\\fonts\\goudosi.ttf")
Region:
id = 1136
start_va = 0x400000
end_va = 0x413fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "goudosi.ttf"
filename = "\\Windows\\Fonts\\GOUDOSI.TTF" (normalized: "c:\\windows\\fonts\\goudosi.ttf")
Region:
id = 1137
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "goudysto.ttf"
filename = "\\Windows\\Fonts\\GOUDYSTO.TTF" (normalized: "c:\\windows\\fonts\\goudysto.ttf")
Region:
id = 1138
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "goudysto.ttf"
filename = "\\Windows\\Fonts\\GOUDYSTO.TTF" (normalized: "c:\\windows\\fonts\\goudysto.ttf")
Region:
id = 1139
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "harlowsi.ttf"
filename = "\\Windows\\Fonts\\HARLOWSI.TTF" (normalized: "c:\\windows\\fonts\\harlowsi.ttf")
Region:
id = 1140
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "harlowsi.ttf"
filename = "\\Windows\\Fonts\\HARLOWSI.TTF" (normalized: "c:\\windows\\fonts\\harlowsi.ttf")
Region:
id = 1141
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "harngton.ttf"
filename = "\\Windows\\Fonts\\HARNGTON.TTF" (normalized: "c:\\windows\\fonts\\harngton.ttf")
Region:
id = 1142
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "harngton.ttf"
filename = "\\Windows\\Fonts\\HARNGTON.TTF" (normalized: "c:\\windows\\fonts\\harngton.ttf")
Region:
id = 1143
start_va = 0x400000
end_va = 0x41afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "hatten.ttf"
filename = "\\Windows\\Fonts\\HATTEN.TTF" (normalized: "c:\\windows\\fonts\\hatten.ttf")
Region:
id = 1144
start_va = 0x400000
end_va = 0x41afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "hatten.ttf"
filename = "\\Windows\\Fonts\\HATTEN.TTF" (normalized: "c:\\windows\\fonts\\hatten.ttf")
Region:
id = 1145
start_va = 0x400000
end_va = 0x416fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "htowert.ttf"
filename = "\\Windows\\Fonts\\HTOWERT.TTF" (normalized: "c:\\windows\\fonts\\htowert.ttf")
Region:
id = 1146
start_va = 0x400000
end_va = 0x416fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "htowert.ttf"
filename = "\\Windows\\Fonts\\HTOWERT.TTF" (normalized: "c:\\windows\\fonts\\htowert.ttf")
Region:
id = 1147
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "htowerti.ttf"
filename = "\\Windows\\Fonts\\HTOWERTI.TTF" (normalized: "c:\\windows\\fonts\\htowerti.ttf")
Region:
id = 1148
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "htowerti.ttf"
filename = "\\Windows\\Fonts\\HTOWERTI.TTF" (normalized: "c:\\windows\\fonts\\htowerti.ttf")
Region:
id = 1149
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "imprisha.ttf"
filename = "\\Windows\\Fonts\\IMPRISHA.TTF" (normalized: "c:\\windows\\fonts\\imprisha.ttf")
Region:
id = 1150
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "imprisha.ttf"
filename = "\\Windows\\Fonts\\IMPRISHA.TTF" (normalized: "c:\\windows\\fonts\\imprisha.ttf")
Region:
id = 1151
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "infroman.ttf"
filename = "\\Windows\\Fonts\\INFROMAN.TTF" (normalized: "c:\\windows\\fonts\\infroman.ttf")
Region:
id = 1152
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "infroman.ttf"
filename = "\\Windows\\Fonts\\INFROMAN.TTF" (normalized: "c:\\windows\\fonts\\infroman.ttf")
Region:
id = 1153
start_va = 0x620000
end_va = 0x640fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "itcblkad.ttf"
filename = "\\Windows\\Fonts\\ITCBLKAD.TTF" (normalized: "c:\\windows\\fonts\\itcblkad.ttf")
Region:
id = 1154
start_va = 0x620000
end_va = 0x640fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "itcblkad.ttf"
filename = "\\Windows\\Fonts\\ITCBLKAD.TTF" (normalized: "c:\\windows\\fonts\\itcblkad.ttf")
Region:
id = 1155
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "itcedscr.ttf"
filename = "\\Windows\\Fonts\\ITCEDSCR.TTF" (normalized: "c:\\windows\\fonts\\itcedscr.ttf")
Region:
id = 1156
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "itcedscr.ttf"
filename = "\\Windows\\Fonts\\ITCEDSCR.TTF" (normalized: "c:\\windows\\fonts\\itcedscr.ttf")
Region:
id = 1157
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "itckrist.ttf"
filename = "\\Windows\\Fonts\\ITCKRIST.TTF" (normalized: "c:\\windows\\fonts\\itckrist.ttf")
Region:
id = 1158
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "itckrist.ttf"
filename = "\\Windows\\Fonts\\ITCKRIST.TTF" (normalized: "c:\\windows\\fonts\\itckrist.ttf")
Region:
id = 1159
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "jokerman.ttf"
filename = "\\Windows\\Fonts\\JOKERMAN.TTF" (normalized: "c:\\windows\\fonts\\jokerman.ttf")
Region:
id = 1160
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "jokerman.ttf"
filename = "\\Windows\\Fonts\\JOKERMAN.TTF" (normalized: "c:\\windows\\fonts\\jokerman.ttf")
Region:
id = 1161
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "juice___.ttf"
filename = "\\Windows\\Fonts\\JUICE___.TTF" (normalized: "c:\\windows\\fonts\\juice___.ttf")
Region:
id = 1162
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "juice___.ttf"
filename = "\\Windows\\Fonts\\JUICE___.TTF" (normalized: "c:\\windows\\fonts\\juice___.ttf")
Region:
id = 1163
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kunstler.ttf"
filename = "\\Windows\\Fonts\\KUNSTLER.TTF" (normalized: "c:\\windows\\fonts\\kunstler.ttf")
Region:
id = 1164
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kunstler.ttf"
filename = "\\Windows\\Fonts\\KUNSTLER.TTF" (normalized: "c:\\windows\\fonts\\kunstler.ttf")
Region:
id = 1165
start_va = 0x400000
end_va = 0x40afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "latinwd.ttf"
filename = "\\Windows\\Fonts\\LATINWD.TTF" (normalized: "c:\\windows\\fonts\\latinwd.ttf")
Region:
id = 1166
start_va = 0x400000
end_va = 0x40afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "latinwd.ttf"
filename = "\\Windows\\Fonts\\LATINWD.TTF" (normalized: "c:\\windows\\fonts\\latinwd.ttf")
Region:
id = 1167
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lbrite.ttf"
filename = "\\Windows\\Fonts\\LBRITE.TTF" (normalized: "c:\\windows\\fonts\\lbrite.ttf")
Region:
id = 1168
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lbrite.ttf"
filename = "\\Windows\\Fonts\\LBRITE.TTF" (normalized: "c:\\windows\\fonts\\lbrite.ttf")
Region:
id = 1169
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lbrited.ttf"
filename = "\\Windows\\Fonts\\LBRITED.TTF" (normalized: "c:\\windows\\fonts\\lbrited.ttf")
Region:
id = 1170
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lbrited.ttf"
filename = "\\Windows\\Fonts\\LBRITED.TTF" (normalized: "c:\\windows\\fonts\\lbrited.ttf")
Region:
id = 1171
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lbritedi.ttf"
filename = "\\Windows\\Fonts\\LBRITEDI.TTF" (normalized: "c:\\windows\\fonts\\lbritedi.ttf")
Region:
id = 1172
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lbritedi.ttf"
filename = "\\Windows\\Fonts\\LBRITEDI.TTF" (normalized: "c:\\windows\\fonts\\lbritedi.ttf")
Region:
id = 1173
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lbritei.ttf"
filename = "\\Windows\\Fonts\\LBRITEI.TTF" (normalized: "c:\\windows\\fonts\\lbritei.ttf")
Region:
id = 1174
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lbritei.ttf"
filename = "\\Windows\\Fonts\\LBRITEI.TTF" (normalized: "c:\\windows\\fonts\\lbritei.ttf")
Region:
id = 1175
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lcallig.ttf"
filename = "\\Windows\\Fonts\\LCALLIG.TTF" (normalized: "c:\\windows\\fonts\\lcallig.ttf")
Region:
id = 1176
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lcallig.ttf"
filename = "\\Windows\\Fonts\\LCALLIG.TTF" (normalized: "c:\\windows\\fonts\\lcallig.ttf")
Region:
id = 1177
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lfax.ttf"
filename = "\\Windows\\Fonts\\LFAX.TTF" (normalized: "c:\\windows\\fonts\\lfax.ttf")
Region:
id = 1178
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lfax.ttf"
filename = "\\Windows\\Fonts\\LFAX.TTF" (normalized: "c:\\windows\\fonts\\lfax.ttf")
Region:
id = 1179
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lfaxd.ttf"
filename = "\\Windows\\Fonts\\LFAXD.TTF" (normalized: "c:\\windows\\fonts\\lfaxd.ttf")
Region:
id = 1180
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lfaxd.ttf"
filename = "\\Windows\\Fonts\\LFAXD.TTF" (normalized: "c:\\windows\\fonts\\lfaxd.ttf")
Region:
id = 1181
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lfaxdi.ttf"
filename = "\\Windows\\Fonts\\LFAXDI.TTF" (normalized: "c:\\windows\\fonts\\lfaxdi.ttf")
Region:
id = 1182
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lfaxdi.ttf"
filename = "\\Windows\\Fonts\\LFAXDI.TTF" (normalized: "c:\\windows\\fonts\\lfaxdi.ttf")
Region:
id = 1183
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lfaxi.ttf"
filename = "\\Windows\\Fonts\\LFAXI.TTF" (normalized: "c:\\windows\\fonts\\lfaxi.ttf")
Region:
id = 1184
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lfaxi.ttf"
filename = "\\Windows\\Fonts\\LFAXI.TTF" (normalized: "c:\\windows\\fonts\\lfaxi.ttf")
Region:
id = 1185
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lhandw.ttf"
filename = "\\Windows\\Fonts\\LHANDW.TTF" (normalized: "c:\\windows\\fonts\\lhandw.ttf")
Region:
id = 1186
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lhandw.ttf"
filename = "\\Windows\\Fonts\\LHANDW.TTF" (normalized: "c:\\windows\\fonts\\lhandw.ttf")
Region:
id = 1187
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsans.ttf"
filename = "\\Windows\\Fonts\\LSANS.TTF" (normalized: "c:\\windows\\fonts\\lsans.ttf")
Region:
id = 1188
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsans.ttf"
filename = "\\Windows\\Fonts\\LSANS.TTF" (normalized: "c:\\windows\\fonts\\lsans.ttf")
Region:
id = 1189
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsansd.ttf"
filename = "\\Windows\\Fonts\\LSANSD.TTF" (normalized: "c:\\windows\\fonts\\lsansd.ttf")
Region:
id = 1190
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsansd.ttf"
filename = "\\Windows\\Fonts\\LSANSD.TTF" (normalized: "c:\\windows\\fonts\\lsansd.ttf")
Region:
id = 1191
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsansdi.ttf"
filename = "\\Windows\\Fonts\\LSANSDI.TTF" (normalized: "c:\\windows\\fonts\\lsansdi.ttf")
Region:
id = 1192
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsansdi.ttf"
filename = "\\Windows\\Fonts\\LSANSDI.TTF" (normalized: "c:\\windows\\fonts\\lsansdi.ttf")
Region:
id = 1193
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsansi.ttf"
filename = "\\Windows\\Fonts\\LSANSI.TTF" (normalized: "c:\\windows\\fonts\\lsansi.ttf")
Region:
id = 1194
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsansi.ttf"
filename = "\\Windows\\Fonts\\LSANSI.TTF" (normalized: "c:\\windows\\fonts\\lsansi.ttf")
Region:
id = 1195
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ltype.ttf"
filename = "\\Windows\\Fonts\\LTYPE.TTF" (normalized: "c:\\windows\\fonts\\ltype.ttf")
Region:
id = 1196
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ltype.ttf"
filename = "\\Windows\\Fonts\\LTYPE.TTF" (normalized: "c:\\windows\\fonts\\ltype.ttf")
Region:
id = 1197
start_va = 0x400000
end_va = 0x40cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ltypeb.ttf"
filename = "\\Windows\\Fonts\\LTYPEB.TTF" (normalized: "c:\\windows\\fonts\\ltypeb.ttf")
Region:
id = 1198
start_va = 0x400000
end_va = 0x40cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ltypeb.ttf"
filename = "\\Windows\\Fonts\\LTYPEB.TTF" (normalized: "c:\\windows\\fonts\\ltypeb.ttf")
Region:
id = 1199
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ltypebo.ttf"
filename = "\\Windows\\Fonts\\LTYPEBO.TTF" (normalized: "c:\\windows\\fonts\\ltypebo.ttf")
Region:
id = 1200
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ltypebo.ttf"
filename = "\\Windows\\Fonts\\LTYPEBO.TTF" (normalized: "c:\\windows\\fonts\\ltypebo.ttf")
Region:
id = 1201
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ltypeo.ttf"
filename = "\\Windows\\Fonts\\LTYPEO.TTF" (normalized: "c:\\windows\\fonts\\ltypeo.ttf")
Region:
id = 1202
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ltypeo.ttf"
filename = "\\Windows\\Fonts\\LTYPEO.TTF" (normalized: "c:\\windows\\fonts\\ltypeo.ttf")
Region:
id = 1203
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "magnetob.ttf"
filename = "\\Windows\\Fonts\\MAGNETOB.TTF" (normalized: "c:\\windows\\fonts\\magnetob.ttf")
Region:
id = 1204
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "magnetob.ttf"
filename = "\\Windows\\Fonts\\MAGNETOB.TTF" (normalized: "c:\\windows\\fonts\\magnetob.ttf")
Region:
id = 1205
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "maian.ttf"
filename = "\\Windows\\Fonts\\MAIAN.TTF" (normalized: "c:\\windows\\fonts\\maian.ttf")
Region:
id = 1206
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "maian.ttf"
filename = "\\Windows\\Fonts\\MAIAN.TTF" (normalized: "c:\\windows\\fonts\\maian.ttf")
Region:
id = 1207
start_va = 0x400000
end_va = 0x40cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "maturasc.ttf"
filename = "\\Windows\\Fonts\\MATURASC.TTF" (normalized: "c:\\windows\\fonts\\maturasc.ttf")
Region:
id = 1208
start_va = 0x400000
end_va = 0x40cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "maturasc.ttf"
filename = "\\Windows\\Fonts\\MATURASC.TTF" (normalized: "c:\\windows\\fonts\\maturasc.ttf")
Region:
id = 1209
start_va = 0x620000
end_va = 0x64efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mistral.ttf"
filename = "\\Windows\\Fonts\\MISTRAL.TTF" (normalized: "c:\\windows\\fonts\\mistral.ttf")
Region:
id = 1210
start_va = 0x620000
end_va = 0x64efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mistral.ttf"
filename = "\\Windows\\Fonts\\MISTRAL.TTF" (normalized: "c:\\windows\\fonts\\mistral.ttf")
Region:
id = 1211
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mod20.ttf"
filename = "\\Windows\\Fonts\\MOD20.TTF" (normalized: "c:\\windows\\fonts\\mod20.ttf")
Region:
id = 1212
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mod20.ttf"
filename = "\\Windows\\Fonts\\MOD20.TTF" (normalized: "c:\\windows\\fonts\\mod20.ttf")
Region:
id = 1213
start_va = 0x7cb0000
end_va = 0x9100fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msjh.ttc"
filename = "\\Windows\\Fonts\\MSJH.TTC" (normalized: "c:\\windows\\fonts\\msjh.ttc")
Region:
id = 1214
start_va = 0x7cb0000
end_va = 0x9100fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msjh.ttc"
filename = "\\Windows\\Fonts\\MSJH.TTC" (normalized: "c:\\windows\\fonts\\msjh.ttc")
Region:
id = 1215
start_va = 0x7cb0000
end_va = 0x9100fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msjh.ttc"
filename = "\\Windows\\Fonts\\MSJH.TTC" (normalized: "c:\\windows\\fonts\\msjh.ttc")
Region:
id = 1216
start_va = 0x4f50000
end_va = 0x5cfdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msjhbd.ttc"
filename = "\\Windows\\Fonts\\MSJHBD.TTC" (normalized: "c:\\windows\\fonts\\msjhbd.ttc")
Region:
id = 1217
start_va = 0x4f50000
end_va = 0x5cfdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msjhbd.ttc"
filename = "\\Windows\\Fonts\\MSJHBD.TTC" (normalized: "c:\\windows\\fonts\\msjhbd.ttc")
Region:
id = 1218
start_va = 0x4f50000
end_va = 0x5cfdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msjhbd.ttc"
filename = "\\Windows\\Fonts\\MSJHBD.TTC" (normalized: "c:\\windows\\fonts\\msjhbd.ttc")
Region:
id = 1219
start_va = 0x620000
end_va = 0x658fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msuighub.ttf"
filename = "\\Windows\\Fonts\\MSUIGHUB.TTF" (normalized: "c:\\windows\\fonts\\msuighub.ttf")
Region:
id = 1220
start_va = 0x620000
end_va = 0x658fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msuighub.ttf"
filename = "\\Windows\\Fonts\\MSUIGHUB.TTF" (normalized: "c:\\windows\\fonts\\msuighub.ttf")
Region:
id = 1221
start_va = 0x7cb0000
end_va = 0x913bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msyh.ttc"
filename = "\\Windows\\Fonts\\MSYH.TTC" (normalized: "c:\\windows\\fonts\\msyh.ttc")
Region:
id = 1222
start_va = 0x7cb0000
end_va = 0x913bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msyh.ttc"
filename = "\\Windows\\Fonts\\MSYH.TTC" (normalized: "c:\\windows\\fonts\\msyh.ttc")
Region:
id = 1223
start_va = 0x7cb0000
end_va = 0x913bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msyh.ttc"
filename = "\\Windows\\Fonts\\MSYH.TTC" (normalized: "c:\\windows\\fonts\\msyh.ttc")
Region:
id = 1224
start_va = 0x4f50000
end_va = 0x5d07fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msyhbd.ttc"
filename = "\\Windows\\Fonts\\MSYHBD.TTC" (normalized: "c:\\windows\\fonts\\msyhbd.ttc")
Region:
id = 1225
start_va = 0x4f50000
end_va = 0x5d07fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msyhbd.ttc"
filename = "\\Windows\\Fonts\\MSYHBD.TTC" (normalized: "c:\\windows\\fonts\\msyhbd.ttc")
Region:
id = 1226
start_va = 0x4f50000
end_va = 0x5d07fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msyhbd.ttc"
filename = "\\Windows\\Fonts\\MSYHBD.TTC" (normalized: "c:\\windows\\fonts\\msyhbd.ttc")
Region:
id = 1227
start_va = 0x620000
end_va = 0x646fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mtcorsva.ttf"
filename = "\\Windows\\Fonts\\MTCORSVA.TTF" (normalized: "c:\\windows\\fonts\\mtcorsva.ttf")
Region:
id = 1228
start_va = 0x620000
end_va = 0x646fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mtcorsva.ttf"
filename = "\\Windows\\Fonts\\MTCORSVA.TTF" (normalized: "c:\\windows\\fonts\\mtcorsva.ttf")
Region:
id = 1229
start_va = 0x400000
end_va = 0x417fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "niageng.ttf"
filename = "\\Windows\\Fonts\\NIAGENG.TTF" (normalized: "c:\\windows\\fonts\\niageng.ttf")
Region:
id = 1230
start_va = 0x400000
end_va = 0x417fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "niageng.ttf"
filename = "\\Windows\\Fonts\\NIAGENG.TTF" (normalized: "c:\\windows\\fonts\\niageng.ttf")
Region:
id = 1231
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "niagsol.ttf"
filename = "\\Windows\\Fonts\\NIAGSOL.TTF" (normalized: "c:\\windows\\fonts\\niagsol.ttf")
Region:
id = 1232
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "niagsol.ttf"
filename = "\\Windows\\Fonts\\NIAGSOL.TTF" (normalized: "c:\\windows\\fonts\\niagsol.ttf")
Region:
id = 1233
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ocraext.ttf"
filename = "\\Windows\\Fonts\\OCRAEXT.TTF" (normalized: "c:\\windows\\fonts\\ocraext.ttf")
Region:
id = 1234
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ocraext.ttf"
filename = "\\Windows\\Fonts\\OCRAEXT.TTF" (normalized: "c:\\windows\\fonts\\ocraext.ttf")
Region:
id = 1235
start_va = 0x400000
end_va = 0x416fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "oldengl.ttf"
filename = "\\Windows\\Fonts\\OLDENGL.TTF" (normalized: "c:\\windows\\fonts\\oldengl.ttf")
Region:
id = 1236
start_va = 0x400000
end_va = 0x416fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "oldengl.ttf"
filename = "\\Windows\\Fonts\\OLDENGL.TTF" (normalized: "c:\\windows\\fonts\\oldengl.ttf")
Region:
id = 1237
start_va = 0x400000
end_va = 0x413fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "onyx.ttf"
filename = "\\Windows\\Fonts\\ONYX.TTF" (normalized: "c:\\windows\\fonts\\onyx.ttf")
Region:
id = 1238
start_va = 0x400000
end_va = 0x413fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "onyx.ttf"
filename = "\\Windows\\Fonts\\ONYX.TTF" (normalized: "c:\\windows\\fonts\\onyx.ttf")
Region:
id = 1239
start_va = 0x400000
end_va = 0x404fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "outlook.ttf"
filename = "\\Windows\\Fonts\\OUTLOOK.TTF" (normalized: "c:\\windows\\fonts\\outlook.ttf")
Region:
id = 1240
start_va = 0x400000
end_va = 0x404fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "outlook.ttf"
filename = "\\Windows\\Fonts\\OUTLOOK.TTF" (normalized: "c:\\windows\\fonts\\outlook.ttf")
Region:
id = 1241
start_va = 0x400000
end_va = 0x40cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "palscri.ttf"
filename = "\\Windows\\Fonts\\PALSCRI.TTF" (normalized: "c:\\windows\\fonts\\palscri.ttf")
Region:
id = 1242
start_va = 0x400000
end_va = 0x40cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "palscri.ttf"
filename = "\\Windows\\Fonts\\PALSCRI.TTF" (normalized: "c:\\windows\\fonts\\palscri.ttf")
Region:
id = 1243
start_va = 0x620000
end_va = 0x647fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "papyrus.ttf"
filename = "\\Windows\\Fonts\\PAPYRUS.TTF" (normalized: "c:\\windows\\fonts\\papyrus.ttf")
Region:
id = 1244
start_va = 0x620000
end_va = 0x647fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "papyrus.ttf"
filename = "\\Windows\\Fonts\\PAPYRUS.TTF" (normalized: "c:\\windows\\fonts\\papyrus.ttf")
Region:
id = 1245
start_va = 0x620000
end_va = 0x644fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "parchm.ttf"
filename = "\\Windows\\Fonts\\PARCHM.TTF" (normalized: "c:\\windows\\fonts\\parchm.ttf")
Region:
id = 1246
start_va = 0x620000
end_va = 0x644fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "parchm.ttf"
filename = "\\Windows\\Fonts\\PARCHM.TTF" (normalized: "c:\\windows\\fonts\\parchm.ttf")
Region:
id = 1247
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "per_____.ttf"
filename = "\\Windows\\Fonts\\PER_____.TTF" (normalized: "c:\\windows\\fonts\\per_____.ttf")
Region:
id = 1248
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "per_____.ttf"
filename = "\\Windows\\Fonts\\PER_____.TTF" (normalized: "c:\\windows\\fonts\\per_____.ttf")
Region:
id = 1249
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "perb____.ttf"
filename = "\\Windows\\Fonts\\PERB____.TTF" (normalized: "c:\\windows\\fonts\\perb____.ttf")
Region:
id = 1250
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "perb____.ttf"
filename = "\\Windows\\Fonts\\PERB____.TTF" (normalized: "c:\\windows\\fonts\\perb____.ttf")
Region:
id = 1251
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "perbi___.ttf"
filename = "\\Windows\\Fonts\\PERBI___.TTF" (normalized: "c:\\windows\\fonts\\perbi___.ttf")
Region:
id = 1252
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "perbi___.ttf"
filename = "\\Windows\\Fonts\\PERBI___.TTF" (normalized: "c:\\windows\\fonts\\perbi___.ttf")
Region:
id = 1253
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "peri____.ttf"
filename = "\\Windows\\Fonts\\PERI____.TTF" (normalized: "c:\\windows\\fonts\\peri____.ttf")
Region:
id = 1254
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "peri____.ttf"
filename = "\\Windows\\Fonts\\PERI____.TTF" (normalized: "c:\\windows\\fonts\\peri____.ttf")
Region:
id = 1255
start_va = 0x400000
end_va = 0x40bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pertibd.ttf"
filename = "\\Windows\\Fonts\\PERTIBD.TTF" (normalized: "c:\\windows\\fonts\\pertibd.ttf")
Region:
id = 1256
start_va = 0x400000
end_va = 0x40bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pertibd.ttf"
filename = "\\Windows\\Fonts\\PERTIBD.TTF" (normalized: "c:\\windows\\fonts\\pertibd.ttf")
Region:
id = 1257
start_va = 0x400000
end_va = 0x40afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pertili.ttf"
filename = "\\Windows\\Fonts\\PERTILI.TTF" (normalized: "c:\\windows\\fonts\\pertili.ttf")
Region:
id = 1258
start_va = 0x400000
end_va = 0x40afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pertili.ttf"
filename = "\\Windows\\Fonts\\PERTILI.TTF" (normalized: "c:\\windows\\fonts\\pertili.ttf")
Region:
id = 1259
start_va = 0x400000
end_va = 0x40bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "playbill.ttf"
filename = "\\Windows\\Fonts\\PLAYBILL.TTF" (normalized: "c:\\windows\\fonts\\playbill.ttf")
Region:
id = 1260
start_va = 0x400000
end_va = 0x40bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "playbill.ttf"
filename = "\\Windows\\Fonts\\PLAYBILL.TTF" (normalized: "c:\\windows\\fonts\\playbill.ttf")
Region:
id = 1261
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "poorich.ttf"
filename = "\\Windows\\Fonts\\POORICH.TTF" (normalized: "c:\\windows\\fonts\\poorich.ttf")
Region:
id = 1262
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "poorich.ttf"
filename = "\\Windows\\Fonts\\POORICH.TTF" (normalized: "c:\\windows\\fonts\\poorich.ttf")
Region:
id = 1263
start_va = 0x400000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pristina.ttf"
filename = "\\Windows\\Fonts\\PRISTINA.TTF" (normalized: "c:\\windows\\fonts\\pristina.ttf")
Region:
id = 1264
start_va = 0x400000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pristina.ttf"
filename = "\\Windows\\Fonts\\PRISTINA.TTF" (normalized: "c:\\windows\\fonts\\pristina.ttf")
Region:
id = 1265
start_va = 0x620000
end_va = 0x640fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rage.ttf"
filename = "\\Windows\\Fonts\\RAGE.TTF" (normalized: "c:\\windows\\fonts\\rage.ttf")
Region:
id = 1266
start_va = 0x620000
end_va = 0x640fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rage.ttf"
filename = "\\Windows\\Fonts\\RAGE.TTF" (normalized: "c:\\windows\\fonts\\rage.ttf")
Region:
id = 1267
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ravie.ttf"
filename = "\\Windows\\Fonts\\RAVIE.TTF" (normalized: "c:\\windows\\fonts\\ravie.ttf")
Region:
id = 1268
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ravie.ttf"
filename = "\\Windows\\Fonts\\RAVIE.TTF" (normalized: "c:\\windows\\fonts\\ravie.ttf")
Region:
id = 1269
start_va = 0x620000
end_va = 0x655fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "refsan.ttf"
filename = "\\Windows\\Fonts\\REFSAN.TTF" (normalized: "c:\\windows\\fonts\\refsan.ttf")
Region:
id = 1270
start_va = 0x620000
end_va = 0x655fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "refsan.ttf"
filename = "\\Windows\\Fonts\\REFSAN.TTF" (normalized: "c:\\windows\\fonts\\refsan.ttf")
Region:
id = 1271
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "refspcl.ttf"
filename = "\\Windows\\Fonts\\REFSPCL.TTF" (normalized: "c:\\windows\\fonts\\refspcl.ttf")
Region:
id = 1272
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "refspcl.ttf"
filename = "\\Windows\\Fonts\\REFSPCL.TTF" (normalized: "c:\\windows\\fonts\\refspcl.ttf")
Region:
id = 1273
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rocc____.ttf"
filename = "\\Windows\\Fonts\\ROCC____.TTF" (normalized: "c:\\windows\\fonts\\rocc____.ttf")
Region:
id = 1274
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rocc____.ttf"
filename = "\\Windows\\Fonts\\ROCC____.TTF" (normalized: "c:\\windows\\fonts\\rocc____.ttf")
Region:
id = 1275
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "roccb___.ttf"
filename = "\\Windows\\Fonts\\ROCCB___.TTF" (normalized: "c:\\windows\\fonts\\roccb___.ttf")
Region:
id = 1276
start_va = 0x400000
end_va = 0x40efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "roccb___.ttf"
filename = "\\Windows\\Fonts\\ROCCB___.TTF" (normalized: "c:\\windows\\fonts\\roccb___.ttf")
Region:
id = 1277
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rock.ttf"
filename = "\\Windows\\Fonts\\ROCK.TTF" (normalized: "c:\\windows\\fonts\\rock.ttf")
Region:
id = 1278
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rock.ttf"
filename = "\\Windows\\Fonts\\ROCK.TTF" (normalized: "c:\\windows\\fonts\\rock.ttf")
Region:
id = 1279
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rockb.ttf"
filename = "\\Windows\\Fonts\\ROCKB.TTF" (normalized: "c:\\windows\\fonts\\rockb.ttf")
Region:
id = 1280
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rockb.ttf"
filename = "\\Windows\\Fonts\\ROCKB.TTF" (normalized: "c:\\windows\\fonts\\rockb.ttf")
Region:
id = 1281
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rockbi.ttf"
filename = "\\Windows\\Fonts\\ROCKBI.TTF" (normalized: "c:\\windows\\fonts\\rockbi.ttf")
Region:
id = 1282
start_va = 0x400000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rockbi.ttf"
filename = "\\Windows\\Fonts\\ROCKBI.TTF" (normalized: "c:\\windows\\fonts\\rockbi.ttf")
Region:
id = 1283
start_va = 0x400000
end_va = 0x40cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rockeb.ttf"
filename = "\\Windows\\Fonts\\ROCKEB.TTF" (normalized: "c:\\windows\\fonts\\rockeb.ttf")
Region:
id = 1284
start_va = 0x400000
end_va = 0x40cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rockeb.ttf"
filename = "\\Windows\\Fonts\\ROCKEB.TTF" (normalized: "c:\\windows\\fonts\\rockeb.ttf")
Region:
id = 1285
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rocki.ttf"
filename = "\\Windows\\Fonts\\ROCKI.TTF" (normalized: "c:\\windows\\fonts\\rocki.ttf")
Region:
id = 1286
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rocki.ttf"
filename = "\\Windows\\Fonts\\ROCKI.TTF" (normalized: "c:\\windows\\fonts\\rocki.ttf")
Region:
id = 1287
start_va = 0x620000
end_va = 0x649fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "schlbkb.ttf"
filename = "\\Windows\\Fonts\\SCHLBKB.TTF" (normalized: "c:\\windows\\fonts\\schlbkb.ttf")
Region:
id = 1288
start_va = 0x620000
end_va = 0x649fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "schlbkb.ttf"
filename = "\\Windows\\Fonts\\SCHLBKB.TTF" (normalized: "c:\\windows\\fonts\\schlbkb.ttf")
Region:
id = 1289
start_va = 0x620000
end_va = 0x647fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "schlbkbi.ttf"
filename = "\\Windows\\Fonts\\SCHLBKBI.TTF" (normalized: "c:\\windows\\fonts\\schlbkbi.ttf")
Region:
id = 1290
start_va = 0x620000
end_va = 0x647fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "schlbkbi.ttf"
filename = "\\Windows\\Fonts\\SCHLBKBI.TTF" (normalized: "c:\\windows\\fonts\\schlbkbi.ttf")
Region:
id = 1291
start_va = 0x620000
end_va = 0x647fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "schlbki.ttf"
filename = "\\Windows\\Fonts\\SCHLBKI.TTF" (normalized: "c:\\windows\\fonts\\schlbki.ttf")
Region:
id = 1292
start_va = 0x620000
end_va = 0x647fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "schlbki.ttf"
filename = "\\Windows\\Fonts\\SCHLBKI.TTF" (normalized: "c:\\windows\\fonts\\schlbki.ttf")
Region:
id = 1293
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "scriptbl.ttf"
filename = "\\Windows\\Fonts\\SCRIPTBL.TTF" (normalized: "c:\\windows\\fonts\\scriptbl.ttf")
Region:
id = 1294
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "scriptbl.ttf"
filename = "\\Windows\\Fonts\\SCRIPTBL.TTF" (normalized: "c:\\windows\\fonts\\scriptbl.ttf")
Region:
id = 1295
start_va = 0x4f50000
end_va = 0x4fe7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeuisl.ttf"
filename = "\\Windows\\Fonts\\SEGOEUISL.TTF" (normalized: "c:\\windows\\fonts\\segoeuisl.ttf")
Region:
id = 1296
start_va = 0x4f50000
end_va = 0x4fe7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeuisl.ttf"
filename = "\\Windows\\Fonts\\SEGOEUISL.TTF" (normalized: "c:\\windows\\fonts\\segoeuisl.ttf")
Region:
id = 1297
start_va = 0x400000
end_va = 0x40cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "showg.ttf"
filename = "\\Windows\\Fonts\\SHOWG.TTF" (normalized: "c:\\windows\\fonts\\showg.ttf")
Region:
id = 1298
start_va = 0x400000
end_va = 0x40cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "showg.ttf"
filename = "\\Windows\\Fonts\\SHOWG.TTF" (normalized: "c:\\windows\\fonts\\showg.ttf")
Region:
id = 1299
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "snap____.ttf"
filename = "\\Windows\\Fonts\\SNAP____.TTF" (normalized: "c:\\windows\\fonts\\snap____.ttf")
Region:
id = 1300
start_va = 0x400000
end_va = 0x40ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "snap____.ttf"
filename = "\\Windows\\Fonts\\SNAP____.TTF" (normalized: "c:\\windows\\fonts\\snap____.ttf")
Region:
id = 1301
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "stencil.ttf"
filename = "\\Windows\\Fonts\\STENCIL.TTF" (normalized: "c:\\windows\\fonts\\stencil.ttf")
Region:
id = 1302
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "stencil.ttf"
filename = "\\Windows\\Fonts\\STENCIL.TTF" (normalized: "c:\\windows\\fonts\\stencil.ttf")
Region:
id = 1303
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcb_____.ttf"
filename = "\\Windows\\Fonts\\TCB_____.TTF" (normalized: "c:\\windows\\fonts\\tcb_____.ttf")
Region:
id = 1304
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcb_____.ttf"
filename = "\\Windows\\Fonts\\TCB_____.TTF" (normalized: "c:\\windows\\fonts\\tcb_____.ttf")
Region:
id = 1305
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcbi____.ttf"
filename = "\\Windows\\Fonts\\TCBI____.TTF" (normalized: "c:\\windows\\fonts\\tcbi____.ttf")
Region:
id = 1306
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcbi____.ttf"
filename = "\\Windows\\Fonts\\TCBI____.TTF" (normalized: "c:\\windows\\fonts\\tcbi____.ttf")
Region:
id = 1307
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tccb____.ttf"
filename = "\\Windows\\Fonts\\TCCB____.TTF" (normalized: "c:\\windows\\fonts\\tccb____.ttf")
Region:
id = 1308
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tccb____.ttf"
filename = "\\Windows\\Fonts\\TCCB____.TTF" (normalized: "c:\\windows\\fonts\\tccb____.ttf")
Region:
id = 1309
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcceb.ttf"
filename = "\\Windows\\Fonts\\TCCEB.TTF" (normalized: "c:\\windows\\fonts\\tcceb.ttf")
Region:
id = 1310
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcceb.ttf"
filename = "\\Windows\\Fonts\\TCCEB.TTF" (normalized: "c:\\windows\\fonts\\tcceb.ttf")
Region:
id = 1311
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tccm____.ttf"
filename = "\\Windows\\Fonts\\TCCM____.TTF" (normalized: "c:\\windows\\fonts\\tccm____.ttf")
Region:
id = 1312
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tccm____.ttf"
filename = "\\Windows\\Fonts\\TCCM____.TTF" (normalized: "c:\\windows\\fonts\\tccm____.ttf")
Region:
id = 1313
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcm_____.ttf"
filename = "\\Windows\\Fonts\\TCM_____.TTF" (normalized: "c:\\windows\\fonts\\tcm_____.ttf")
Region:
id = 1314
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcm_____.ttf"
filename = "\\Windows\\Fonts\\TCM_____.TTF" (normalized: "c:\\windows\\fonts\\tcm_____.ttf")
Region:
id = 1315
start_va = 0x400000
end_va = 0x413fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcmi____.ttf"
filename = "\\Windows\\Fonts\\TCMI____.TTF" (normalized: "c:\\windows\\fonts\\tcmi____.ttf")
Region:
id = 1316
start_va = 0x400000
end_va = 0x413fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcmi____.ttf"
filename = "\\Windows\\Fonts\\TCMI____.TTF" (normalized: "c:\\windows\\fonts\\tcmi____.ttf")
Region:
id = 1317
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tempsitc.ttf"
filename = "\\Windows\\Fonts\\TEMPSITC.TTF" (normalized: "c:\\windows\\fonts\\tempsitc.ttf")
Region:
id = 1318
start_va = 0x400000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tempsitc.ttf"
filename = "\\Windows\\Fonts\\TEMPSITC.TTF" (normalized: "c:\\windows\\fonts\\tempsitc.ttf")
Region:
id = 1319
start_va = 0x400000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vineritc.ttf"
filename = "\\Windows\\Fonts\\VINERITC.TTF" (normalized: "c:\\windows\\fonts\\vineritc.ttf")
Region:
id = 1320
start_va = 0x400000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vineritc.ttf"
filename = "\\Windows\\Fonts\\VINERITC.TTF" (normalized: "c:\\windows\\fonts\\vineritc.ttf")
Region:
id = 1321
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vivaldii.ttf"
filename = "\\Windows\\Fonts\\VIVALDII.TTF" (normalized: "c:\\windows\\fonts\\vivaldii.ttf")
Region:
id = 1322
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vivaldii.ttf"
filename = "\\Windows\\Fonts\\VIVALDII.TTF" (normalized: "c:\\windows\\fonts\\vivaldii.ttf")
Region:
id = 1323
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vladimir.ttf"
filename = "\\Windows\\Fonts\\VLADIMIR.TTF" (normalized: "c:\\windows\\fonts\\vladimir.ttf")
Region:
id = 1324
start_va = 0x400000
end_va = 0x40dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vladimir.ttf"
filename = "\\Windows\\Fonts\\VLADIMIR.TTF" (normalized: "c:\\windows\\fonts\\vladimir.ttf")
Region:
id = 1325
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wingdng2.ttf"
filename = "\\Windows\\Fonts\\WINGDNG2.TTF" (normalized: "c:\\windows\\fonts\\wingdng2.ttf")
Region:
id = 1326
start_va = 0x400000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wingdng2.ttf"
filename = "\\Windows\\Fonts\\WINGDNG2.TTF" (normalized: "c:\\windows\\fonts\\wingdng2.ttf")
Region:
id = 1327
start_va = 0x400000
end_va = 0x408fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wingdng3.ttf"
filename = "\\Windows\\Fonts\\WINGDNG3.TTF" (normalized: "c:\\windows\\fonts\\wingdng3.ttf")
Region:
id = 1328
start_va = 0x400000
end_va = 0x408fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wingdng3.ttf"
filename = "\\Windows\\Fonts\\WINGDNG3.TTF" (normalized: "c:\\windows\\fonts\\wingdng3.ttf")
Region:
id = 1329
start_va = 0x400000
end_va = 0x401fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mtextra.ttf"
filename = "\\Windows\\Fonts\\MTEXTRA.TTF" (normalized: "c:\\windows\\fonts\\mtextra.ttf")
Region:
id = 1330
start_va = 0x400000
end_va = 0x401fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mtextra.ttf"
filename = "\\Windows\\Fonts\\MTEXTRA.TTF" (normalized: "c:\\windows\\fonts\\mtextra.ttf")
Region:
id = 1331
start_va = 0x3f0000
end_va = 0x40bfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "gdipfontcachev1.dat"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\gdipfontcachev1.dat")
Region:
id = 1332
start_va = 0x3f0000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 1333
start_va = 0x42b0000
end_va = 0x4311fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorrc.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll")
Region:
id = 1334
start_va = 0x3f0000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 1335
start_va = 0x400000
end_va = 0x40ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 1336
start_va = 0x410000
end_va = 0x41ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000410000"
filename = ""
Region:
id = 1337
start_va = 0x71450000
end_va = 0x71631fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "microsoft.visualbasic.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")
Region:
id = 1338
start_va = 0x470000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000470000"
filename = ""
Region:
id = 1339
start_va = 0x4c0000
end_va = 0x4cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004c0000"
filename = ""
Region:
id = 1340
start_va = 0x4d0000
end_va = 0x4dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004d0000"
filename = ""
Region:
id = 1341
start_va = 0x3f0000
end_va = 0x408fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003f0000"
filename = ""
Region:
id = 1342
start_va = 0x410000
end_va = 0x41ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000410000"
filename = ""
Region:
id = 1343
start_va = 0x4f50000
end_va = 0x50bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004f50000"
filename = ""
Region:
id = 1344
start_va = 0x50c0000
end_va = 0x59effff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 1345
start_va = 0x470000
end_va = 0x470fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000470000"
filename = ""
Region:
id = 1346
start_va = 0x4c0000
end_va = 0x4cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004c0000"
filename = ""
Region:
id = 1347
start_va = 0x4d0000
end_va = 0x4dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004d0000"
filename = ""
Region:
id = 1348
start_va = 0x600000
end_va = 0x60ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 1349
start_va = 0x4c0000
end_va = 0x4cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004c0000"
filename = ""
Region:
id = 1350
start_va = 0x4f50000
end_va = 0x4f8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004f50000"
filename = ""
Region:
id = 1351
start_va = 0x4fd0000
end_va = 0x500ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004fd0000"
filename = ""
Region:
id = 1352
start_va = 0x5080000
end_va = 0x50bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005080000"
filename = ""
Region:
id = 1353
start_va = 0x5a00000
end_va = 0x5afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005a00000"
filename = ""
Region:
id = 1354
start_va = 0x5bd0000
end_va = 0x5ccffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005bd0000"
filename = ""
Region:
id = 1355
start_va = 0x7efa4000
end_va = 0x7efa6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa4000"
filename = ""
Region:
id = 1356
start_va = 0x7efa7000
end_va = 0x7efa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa7000"
filename = ""
Region:
id = 1357
start_va = 0x4c0000
end_va = 0x4cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004c0000"
filename = ""
Region:
id = 1358
start_va = 0x4d0000
end_va = 0x4dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004d0000"
filename = ""
Region:
id = 1359
start_va = 0x600000
end_va = 0x60ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 1360
start_va = 0x620000
end_va = 0x62ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000620000"
filename = ""
Region:
id = 1361
start_va = 0x630000
end_va = 0x63ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000630000"
filename = ""
Region:
id = 1362
start_va = 0x640000
end_va = 0x64ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 1363
start_va = 0x650000
end_va = 0x65ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000650000"
filename = ""
Region:
id = 1364
start_va = 0x660000
end_va = 0x66ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000660000"
filename = ""
Region:
id = 1365
start_va = 0x6b0000
end_va = 0x6bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006b0000"
filename = ""
Region:
id = 1366
start_va = 0x1ee0000
end_va = 0x1eeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ee0000"
filename = ""
Region:
id = 1367
start_va = 0x1ff0000
end_va = 0x1ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ff0000"
filename = ""
Region:
id = 1368
start_va = 0x2000000
end_va = 0x200ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002000000"
filename = ""
Region:
id = 1369
start_va = 0x2010000
end_va = 0x201ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002010000"
filename = ""
Region:
id = 1370
start_va = 0x2020000
end_va = 0x202ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002020000"
filename = ""
Region:
id = 1371
start_va = 0x2030000
end_va = 0x203ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002030000"
filename = ""
Region:
id = 1372
start_va = 0x2080000
end_va = 0x208ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002080000"
filename = ""
Region:
id = 1373
start_va = 0x2090000
end_va = 0x209ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002090000"
filename = ""
Region:
id = 1374
start_va = 0x21a0000
end_va = 0x21affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021a0000"
filename = ""
Region:
id = 1375
start_va = 0x21b0000
end_va = 0x21bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021b0000"
filename = ""
Region:
id = 1376
start_va = 0x4c0000
end_va = 0x4cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004c0000"
filename = ""
Region:
id = 1377
start_va = 0x4d0000
end_va = 0x4dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004d0000"
filename = ""
Region:
id = 1378
start_va = 0x600000
end_va = 0x602fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000600000"
filename = ""
Region:
id = 1379
start_va = 0x620000
end_va = 0x62ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000620000"
filename = ""
Region:
id = 1380
start_va = 0x5b00000
end_va = 0x5b7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005b00000"
filename = ""
Region:
id = 1381
start_va = 0x5cd0000
end_va = 0x5dcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cd0000"
filename = ""
Region:
id = 1382
start_va = 0x71350000
end_va = 0x7144afff
monitored = 0
entry_point = 0x713617e1
region_type = mapped_file
name = "windowscodecs.dll"
filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")
Region:
id = 1383
start_va = 0x5010000
end_va = 0x507afff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005010000"
filename = ""
Region:
id = 1384
start_va = 0x5dd0000
end_va = 0x5e3afff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000005dd0000"
filename = ""
Region:
id = 1385
start_va = 0x630000
end_va = 0x63ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000630000"
filename = ""
Region:
id = 1386
start_va = 0x640000
end_va = 0x64ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 1387
start_va = 0x650000
end_va = 0x65ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000650000"
filename = ""
Region:
id = 1388
start_va = 0x660000
end_va = 0x66ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000660000"
filename = ""
Region:
id = 1389
start_va = 0x6b0000
end_va = 0x6bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006b0000"
filename = ""
Region:
id = 1390
start_va = 0x1ee0000
end_va = 0x1eeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ee0000"
filename = ""
Region:
id = 1391
start_va = 0x1ff0000
end_va = 0x1ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ff0000"
filename = ""
Region:
id = 1392
start_va = 0x2000000
end_va = 0x200ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002000000"
filename = ""
Region:
id = 1393
start_va = 0x2010000
end_va = 0x201ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002010000"
filename = ""
Region:
id = 1394
start_va = 0x2020000
end_va = 0x202ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002020000"
filename = ""
Region:
id = 1395
start_va = 0x2030000
end_va = 0x203ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002030000"
filename = ""
Region:
id = 1396
start_va = 0x2080000
end_va = 0x208ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002080000"
filename = ""
Region:
id = 1397
start_va = 0x2090000
end_va = 0x209ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002090000"
filename = ""
Region:
id = 1398
start_va = 0x21a0000
end_va = 0x21affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021a0000"
filename = ""
Region:
id = 1399
start_va = 0x21c0000
end_va = 0x21cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021c0000"
filename = ""
Region:
id = 1400
start_va = 0x21d0000
end_va = 0x21dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021d0000"
filename = ""
Region:
id = 1401
start_va = 0x21e0000
end_va = 0x21effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021e0000"
filename = ""
Region:
id = 1402
start_va = 0x2230000
end_va = 0x223ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002230000"
filename = ""
Region:
id = 1403
start_va = 0x2240000
end_va = 0x224ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002240000"
filename = ""
Region:
id = 1404
start_va = 0x2250000
end_va = 0x225ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002250000"
filename = ""
Region:
id = 1405
start_va = 0x640000
end_va = 0x64ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 1406
start_va = 0x640000
end_va = 0x64ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 1407
start_va = 0x650000
end_va = 0x65ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000650000"
filename = ""
Region:
id = 1408
start_va = 0x660000
end_va = 0x66ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000660000"
filename = ""
Region:
id = 1409
start_va = 0x6b0000
end_va = 0x6bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006b0000"
filename = ""
Region:
id = 1410
start_va = 0x1ee0000
end_va = 0x1eeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ee0000"
filename = ""
Region:
id = 1411
start_va = 0x1ff0000
end_va = 0x1ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ff0000"
filename = ""
Region:
id = 1412
start_va = 0x2000000
end_va = 0x200ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002000000"
filename = ""
Region:
id = 1413
start_va = 0x2010000
end_va = 0x201ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002010000"
filename = ""
Region:
id = 1414
start_va = 0x2020000
end_va = 0x202ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002020000"
filename = ""
Region:
id = 1415
start_va = 0x2030000
end_va = 0x203ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002030000"
filename = ""
Region:
id = 1416
start_va = 0x2080000
end_va = 0x208ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002080000"
filename = ""
Region:
id = 1417
start_va = 0x2090000
end_va = 0x209ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002090000"
filename = ""
Region:
id = 1418
start_va = 0x21a0000
end_va = 0x21affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021a0000"
filename = ""
Region:
id = 1419
start_va = 0x21c0000
end_va = 0x21cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021c0000"
filename = ""
Region:
id = 1420
start_va = 0x21d0000
end_va = 0x21dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021d0000"
filename = ""
Region:
id = 1421
start_va = 0x21e0000
end_va = 0x21effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021e0000"
filename = ""
Region:
id = 1422
start_va = 0x2230000
end_va = 0x223ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002230000"
filename = ""
Region:
id = 1423
start_va = 0x2240000
end_va = 0x224ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002240000"
filename = ""
Region:
id = 1424
start_va = 0x2260000
end_va = 0x226ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002260000"
filename = ""
Region:
id = 1425
start_va = 0x4330000
end_va = 0x433ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004330000"
filename = ""
Region:
id = 1426
start_va = 0x640000
end_va = 0x64ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 1427
start_va = 0x640000
end_va = 0x64ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 1428
start_va = 0x5e80000
end_va = 0x5ebffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005e80000"
filename = ""
Region:
id = 1429
start_va = 0x7e60000
end_va = 0x7f5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007e60000"
filename = ""
Region:
id = 1430
start_va = 0x7efa1000
end_va = 0x7efa3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa1000"
filename = ""
Region:
id = 1431
start_va = 0x640000
end_va = 0x64ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 1432
start_va = 0x640000
end_va = 0x64ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 1433
start_va = 0x640000
end_va = 0x64ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 1434
start_va = 0x640000
end_va = 0x64ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 1435
start_va = 0x4bd0000
end_va = 0x4c0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004bd0000"
filename = ""
Region:
id = 1436
start_va = 0x7d60000
end_va = 0x7e5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007d60000"
filename = ""
Region:
id = 1437
start_va = 0x73800000
end_va = 0x738f4fff
monitored = 0
entry_point = 0x73810d9e
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll")
Region:
id = 1438
start_va = 0x7ef9e000
end_va = 0x7efa0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef9e000"
filename = ""
Region:
id = 1439
start_va = 0x640000
end_va = 0x641fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000640000"
filename = ""
Region:
id = 1440
start_va = 0x73d70000
end_va = 0x73f0dfff
monitored = 0
entry_point = 0x73d9e6b5
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 1441
start_va = 0x650000
end_va = 0x650fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 1442
start_va = 0x660000
end_va = 0x661fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000660000"
filename = ""
Region:
id = 1443
start_va = 0x739b0000
end_va = 0x739fbfff
monitored = 0
entry_point = 0x739b2c14
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")
Region:
id = 1444
start_va = 0x650000
end_va = 0x650fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000650000"
filename = ""
Region:
id = 1445
start_va = 0x76880000
end_va = 0x76902fff
monitored = 0
entry_point = 0x768823d2
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 1446
start_va = 0x6b0000
end_va = 0x6b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006b0000"
filename = ""
Region:
id = 1447
start_va = 0x73f50000
end_va = 0x749cffff
monitored = 0
entry_point = 0x73f56b95
region_type = mapped_file
name = "ieframe.dll"
filename = "\\Windows\\SysWOW64\\ieframe.dll" (normalized: "c:\\windows\\syswow64\\ieframe.dll")
Region:
id = 1448
start_va = 0x754e0000
end_va = 0x754e4fff
monitored = 0
entry_point = 0x754e1438
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")
Region:
id = 1449
start_va = 0x73f10000
end_va = 0x73f4bfff
monitored = 0
entry_point = 0x73f13089
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\SysWOW64\\oleacc.dll" (normalized: "c:\\windows\\syswow64\\oleacc.dll")
Region:
id = 1450
start_va = 0x750c0000
end_va = 0x752bafff
monitored = 0
entry_point = 0x750c22d9
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll")
Region:
id = 1451
start_va = 0x1ee0000
end_va = 0x1ee0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\SysWOW64\\oleaccrc.dll" (normalized: "c:\\windows\\syswow64\\oleaccrc.dll")
Region:
id = 1452
start_va = 0x1ff0000
end_va = 0x1ff1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001ff0000"
filename = ""
Region:
id = 1453
start_va = 0x74e30000
end_va = 0x74f65fff
monitored = 0
entry_point = 0x74e31b35
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll")
Region:
id = 1454
start_va = 0x76b70000
end_va = 0x76c64fff
monitored = 0
entry_point = 0x76b71865
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll")
Region:
id = 1455
start_va = 0x754f0000
end_va = 0x75610fff
monitored = 0
entry_point = 0x754f158e
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")
Region:
id = 1456
start_va = 0x74d50000
end_va = 0x74d5bfff
monitored = 0
entry_point = 0x74d5238e
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")
Region:
id = 1457
start_va = 0x7f60000
end_va = 0x805ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007f60000"
filename = ""
Region:
id = 1458
start_va = 0x765a0000
end_va = 0x7673cfff
monitored = 0
entry_point = 0x765a17e7
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll")
Region:
id = 1459
start_va = 0x75070000
end_va = 0x75096fff
monitored = 0
entry_point = 0x750758b9
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")
Region:
id = 1460
start_va = 0x750a0000
end_va = 0x750b1fff
monitored = 0
entry_point = 0x750a1441
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll")
Region:
id = 1461
start_va = 0x2000000
end_va = 0x200cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "setupapi.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\setupapi.dll.mui")
Region:
id = 1462
start_va = 0x73d30000
end_va = 0x73d50fff
monitored = 0
entry_point = 0x73d3145e
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll")
Region:
id = 1463
start_va = 0x74d00000
end_va = 0x74d44fff
monitored = 0
entry_point = 0x74d011e1
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll")
Region:
id = 1464
start_va = 0x2010000
end_va = 0x2013fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.1.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db")
Region:
id = 1465
start_va = 0x2020000
end_va = 0x2036fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db")
Region:
id = 1466
start_va = 0x2080000
end_va = 0x2080fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002080000"
filename = ""
Region:
id = 1467
start_va = 0x8060000
end_va = 0x8160fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008060000"
filename = ""
Region:
id = 1468
start_va = 0x8060000
end_va = 0x8160fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008060000"
filename = ""
Region:
id = 1469
start_va = 0x8060000
end_va = 0x8160fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008060000"
filename = ""
Region:
id = 1470
start_va = 0x2010000
end_va = 0x2013fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 1471
start_va = 0x21c0000
end_va = 0x21effff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000e.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db")
Region:
id = 1472
start_va = 0x2090000
end_va = 0x2093fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 1473
start_va = 0x7cb0000
end_va = 0x7d15fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db")
Region:
id = 1474
start_va = 0x21a0000
end_va = 0x21adfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "propsys.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\propsys.dll.mui")
Region:
id = 1475
start_va = 0x2230000
end_va = 0x2230fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002230000"
filename = ""
Region:
id = 1518
start_va = 0x2240000
end_va = 0x224ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002240000"
filename = ""
Region:
id = 1541
start_va = 0x4d10000
end_va = 0x4d4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d10000"
filename = ""
Region:
id = 1542
start_va = 0x81e0000
end_va = 0x82dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000081e0000"
filename = ""
Region:
id = 1543
start_va = 0x7ef9e000
end_va = 0x7efa0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef9e000"
filename = ""
Region:
id = 1544
start_va = 0x2240000
end_va = 0x2240fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002240000"
filename = ""
Region:
id = 1621
start_va = 0x73ba0000
end_va = 0x73badfff
monitored = 0
entry_point = 0x73ba1235
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")
Region:
id = 1767
start_va = 0x4d10000
end_va = 0x4d4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d10000"
filename = ""
Region:
id = 1768
start_va = 0x8120000
end_va = 0x821ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008120000"
filename = ""
Region:
id = 1769
start_va = 0x7ef9e000
end_va = 0x7efa0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef9e000"
filename = ""
Region:
id = 1770
start_va = 0x2260000
end_va = 0x226ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002260000"
filename = ""
Region:
id = 1771
start_va = 0x4340000
end_va = 0x434ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004340000"
filename = ""
Region:
id = 1772
start_va = 0x4350000
end_va = 0x435ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004350000"
filename = ""
Region:
id = 1773
start_va = 0x4b30000
end_va = 0x4b3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b30000"
filename = ""
Region:
id = 1774
start_va = 0x4b40000
end_va = 0x4b4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b40000"
filename = ""
Region:
id = 1775
start_va = 0x4b50000
end_va = 0x4b5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b50000"
filename = ""
Region:
id = 1776
start_va = 0x4b60000
end_va = 0x4b6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b60000"
filename = ""
Region:
id = 1777
start_va = 0x4bb0000
end_va = 0x4bbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004bb0000"
filename = ""
Region:
id = 1778
start_va = 0x4bc0000
end_va = 0x4bcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004bc0000"
filename = ""
Region:
id = 1779
start_va = 0x4bd0000
end_va = 0x4bdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004bd0000"
filename = ""
Region:
id = 1780
start_va = 0x4be0000
end_va = 0x4beffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004be0000"
filename = ""
Region:
id = 1781
start_va = 0x4bf0000
end_va = 0x4bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004bf0000"
filename = ""
Region:
id = 1782
start_va = 0x4c00000
end_va = 0x4c0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c00000"
filename = ""
Region:
id = 1783
start_va = 0x4d00000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 1784
start_va = 0x4f90000
end_va = 0x4f9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004f90000"
filename = ""
Region:
id = 1785
start_va = 0x4fa0000
end_va = 0x4faffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004fa0000"
filename = ""
Region:
id = 1786
start_va = 0x4fb0000
end_va = 0x4fbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004fb0000"
filename = ""
Region:
id = 1787
start_va = 0x4fc0000
end_va = 0x4fcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004fc0000"
filename = ""
Region:
id = 1788
start_va = 0x59f0000
end_va = 0x59fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000059f0000"
filename = ""
Region:
id = 1789
start_va = 0x4b30000
end_va = 0x4b66fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004b30000"
filename = ""
Region:
id = 1790
start_va = 0x2260000
end_va = 0x226ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002260000"
filename = ""
Region:
id = 1791
start_va = 0x2260000
end_va = 0x226ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002260000"
filename = ""
Region:
id = 1792
start_va = 0x4340000
end_va = 0x434ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004340000"
filename = ""
Region:
id = 1795
start_va = 0x4350000
end_va = 0x435ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004350000"
filename = ""
Region:
id = 1844
start_va = 0x5b90000
end_va = 0x5bcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005b90000"
filename = ""
Region:
id = 1845
start_va = 0x7d30000
end_va = 0x7e2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007d30000"
filename = ""
Region:
id = 1846
start_va = 0x7ef9b000
end_va = 0x7ef9dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef9b000"
filename = ""
Region:
id = 1889
start_va = 0x82b0000
end_va = 0x82effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000082b0000"
filename = ""
Region:
id = 1890
start_va = 0x84c0000
end_va = 0x85bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000084c0000"
filename = ""
Region:
id = 1891
start_va = 0x7ef98000
end_va = 0x7ef9afff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef98000"
filename = ""
Thread:
id = 1
os_tid = 0x9d4
[0066.218] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0069.444] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x28e540 | out: phkResult=0x28e540*=0x0) returned 0x2
[0069.444] RegCloseKey (hKey=0x80000002) returned 0x0
[0069.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x28e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77
[0069.478] IsAppThemed () returned 0x1
[0069.486] CoTaskMemAlloc (cb=0xf0) returned 0x71cb20
[0069.486] CreateActCtxA (pActCtx=0x28ece8) returned 0x71cd14
[0069.641] CoTaskMemFree (pv=0x71cb20)
[0069.666] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc1ca
[0069.666] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc1c9
[0071.154] GetCurrentProcess () returned 0xffffffff
[0071.154] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28e948 | out: TokenHandle=0x28e948*=0x1f0) returned 1
[0071.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x28e400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e
[0071.165] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x28e940 | out: lpFileInformation=0x28e940*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0071.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x28e3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0071.167] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x28e948 | out: lpFileInformation=0x28e948*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0071.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x28e368, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0071.172] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28e880) returned 1
[0071.173] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x40
[0071.174] GetFileType (hFile=0x40) returned 0x1
[0071.174] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28e87c) returned 1
[0071.174] GetFileType (hFile=0x40) returned 0x1
[0074.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x28dbb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43
[0074.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x28dc1c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43
[0074.676] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28de5c) returned 1
[0074.676] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x28e120 | out: lpFileInformation=0x28e120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0074.676] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28de58) returned 1
[0074.930] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x28dfec | out: pfEnabled=0x28dfec) returned 0x0
[0075.500] GetFileSize (in: hFile=0x40, lpFileSizeHigh=0x28e93c | out: lpFileSizeHigh=0x28e93c*=0x0) returned 0x8c8e
[0075.501] ReadFile (in: hFile=0x40, lpBuffer=0x22e4838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28e8f8, lpOverlapped=0x0 | out: lpBuffer=0x22e4838*, lpNumberOfBytesRead=0x28e8f8*=0x1000, lpOverlapped=0x0) returned 1
[0075.524] ReadFile (in: hFile=0x40, lpBuffer=0x22e4838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28e7a8, lpOverlapped=0x0 | out: lpBuffer=0x22e4838*, lpNumberOfBytesRead=0x28e7a8*=0x1000, lpOverlapped=0x0) returned 1
[0075.526] ReadFile (in: hFile=0x40, lpBuffer=0x22e4838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28e65c, lpOverlapped=0x0 | out: lpBuffer=0x22e4838*, lpNumberOfBytesRead=0x28e65c*=0x1000, lpOverlapped=0x0) returned 1
[0075.527] ReadFile (in: hFile=0x40, lpBuffer=0x22e4838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28e65c, lpOverlapped=0x0 | out: lpBuffer=0x22e4838*, lpNumberOfBytesRead=0x28e65c*=0x1000, lpOverlapped=0x0) returned 1
[0075.528] ReadFile (in: hFile=0x40, lpBuffer=0x22e4838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28e65c, lpOverlapped=0x0 | out: lpBuffer=0x22e4838*, lpNumberOfBytesRead=0x28e65c*=0x1000, lpOverlapped=0x0) returned 1
[0075.529] ReadFile (in: hFile=0x40, lpBuffer=0x22e4838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28e594, lpOverlapped=0x0 | out: lpBuffer=0x22e4838*, lpNumberOfBytesRead=0x28e594*=0x1000, lpOverlapped=0x0) returned 1
[0075.536] ReadFile (in: hFile=0x40, lpBuffer=0x22e4838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28e700, lpOverlapped=0x0 | out: lpBuffer=0x22e4838*, lpNumberOfBytesRead=0x28e700*=0x1000, lpOverlapped=0x0) returned 1
[0075.538] ReadFile (in: hFile=0x40, lpBuffer=0x22e4838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28e5f4, lpOverlapped=0x0 | out: lpBuffer=0x22e4838*, lpNumberOfBytesRead=0x28e5f4*=0x1000, lpOverlapped=0x0) returned 1
[0075.538] ReadFile (in: hFile=0x40, lpBuffer=0x22e4838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28e5f4, lpOverlapped=0x0 | out: lpBuffer=0x22e4838*, lpNumberOfBytesRead=0x28e5f4*=0xc8e, lpOverlapped=0x0) returned 1
[0075.538] ReadFile (in: hFile=0x40, lpBuffer=0x22e4838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28e6b8, lpOverlapped=0x0 | out: lpBuffer=0x22e4838*, lpNumberOfBytesRead=0x28e6b8*=0x0, lpOverlapped=0x0) returned 1
[0075.539] CloseHandle (hObject=0x40) returned 1
[0075.539] CloseHandle (hObject=0x1f0) returned 1
[0075.540] GetCurrentProcess () returned 0xffffffff
[0075.540] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28ea94 | out: TokenHandle=0x28ea94*=0x1f0) returned 1
[0075.541] CloseHandle (hObject=0x1f0) returned 1
[0075.541] GetCurrentProcess () returned 0xffffffff
[0075.542] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28ea94 | out: TokenHandle=0x28ea94*=0x1f0) returned 1
[0075.542] CloseHandle (hObject=0x1f0) returned 1
[0075.551] GetCurrentProcess () returned 0xffffffff
[0075.551] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28e948 | out: TokenHandle=0x28e948*=0x1f0) returned 1
[0075.552] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe.config" (normalized: "c:\\users\\keecfmwgj\\desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x28e940 | out: lpFileInformation=0x28e940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0075.552] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe.config", nBufferLength=0x105, lpBuffer=0x28e3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe.config", lpFilePart=0x0) returned 0x66
[0075.552] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe.config" (normalized: "c:\\users\\keecfmwgj\\desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x28e948 | out: lpFileInformation=0x28e948*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0075.553] CloseHandle (hObject=0x1f0) returned 1
[0075.553] GetCurrentProcess () returned 0xffffffff
[0075.553] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28ea94 | out: TokenHandle=0x28ea94*=0x1f0) returned 1
[0075.554] CloseHandle (hObject=0x1f0) returned 1
[0075.555] GetCurrentProcess () returned 0xffffffff
[0075.555] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28ea94 | out: TokenHandle=0x28ea94*=0x1f0) returned 1
[0075.556] CloseHandle (hObject=0x1f0) returned 1
[0075.584] GetCurrentProcess () returned 0xffffffff
[0075.584] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28e8ac | out: TokenHandle=0x28e8ac*=0x1f0) returned 1
[0075.594] CloseHandle (hObject=0x1f0) returned 1
[0075.594] GetCurrentProcess () returned 0xffffffff
[0075.594] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28e8c4 | out: TokenHandle=0x28e8c4*=0x1f0) returned 1
[0075.603] CloseHandle (hObject=0x1f0) returned 1
[0075.609] GetSystemMetrics (nIndex=75) returned 1
[0075.617] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0
[0076.618] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75620000
[0076.623] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AddDllDirectory", cchWideChar=15, lpMultiByteStr=0x28eb90, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AddDllDirectory", lpUsedDefaultChar=0x0) returned 15
[0076.624] GetProcAddress (hModule=0x75620000, lpProcName="AddDllDirectory") returned 0x74dd1e91
[0076.624] LoadLibraryExW (lpLibFileName="comctl32.dll", hFile=0x0, dwFlags=0x800) returned 0x717d0000
[0076.670] AdjustWindowRectEx (in: lpRect=0x28ecf8, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x28ecf8) returned 1
[0076.678] GetCurrentProcess () returned 0xffffffff
[0076.678] GetCurrentThread () returned 0xfffffffe
[0076.678] GetCurrentProcess () returned 0xffffffff
[0076.679] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x28ec10, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x28ec10*=0x40) returned 1
[0076.682] GetCurrentThreadId () returned 0x9d4
[0076.700] GetCurrentActCtx (in: lphActCtx=0x28eb70 | out: lphActCtx=0x28eb70*=0x0) returned 1
[0076.700] ActivateActCtx (in: hActCtx=0x71cd14, lpCookie=0x28eb80 | out: hActCtx=0x71cd14, lpCookie=0x28eb80) returned 1
[0076.703] GetModuleHandleW (lpModuleName="user32.dll") returned 0x74f70000
[0076.703] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x28ea28, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWxnÒB\x80$DþÊq@ï(", lpUsedDefaultChar=0x0) returned 14
[0076.703] GetProcAddress (hModule=0x74f70000, lpProcName="DefWindowProcW") returned 0x771825dd
[0076.704] GetStockObject (i=5) returned 0x1900015
[0076.709] GetModuleHandleW (lpModuleName=0x0) returned 0x2c0000
[0076.716] CoTaskMemAlloc (cb=0x5c) returned 0x72a040
[0076.716] RegisterClassW (lpWndClass=0x28ea18) returned 0xc12d
[0076.717] CoTaskMemFree (pv=0x72a040)
[0076.717] GetModuleHandleW (lpModuleName=0x0) returned 0x2c0000
[0076.718] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r14_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x2c0000, lpParam=0x0) returned 0xa0066
[0076.719] SetWindowLongW (hWnd=0xa0066, nIndex=-4, dwNewLong=1998071261) returned 4327638
[0076.721] GetWindowLongW (hWnd=0xa0066, nIndex=-4) returned 1998071261
[0076.727] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x28e32c | out: phkResult=0x28e32c*=0x230) returned 0x0
[0076.728] RegQueryValueExW (in: hKey=0x230, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x28e34c, lpData=0x0, lpcbData=0x28e348*=0x0 | out: lpType=0x28e34c*=0x0, lpData=0x0, lpcbData=0x28e348*=0x0) returned 0x2
[0076.728] RegQueryValueExW (in: hKey=0x230, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x28e34c, lpData=0x0, lpcbData=0x28e348*=0x0 | out: lpType=0x28e34c*=0x0, lpData=0x0, lpcbData=0x28e348*=0x0) returned 0x2
[0076.728] RegCloseKey (hKey=0x230) returned 0x0
[0076.734] SetWindowLongW (hWnd=0xa0066, nIndex=-4, dwNewLong=4327678) returned 1998071261
[0076.735] GetWindowLongW (hWnd=0xa0066, nIndex=-4) returned 4327678
[0076.735] GetWindowLongW (hWnd=0xa0066, nIndex=-16) returned 113311744
[0076.736] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc079
[0076.737] CallWindowProcW (lpPrevWndFunc=0x771825dd, hWnd=0xa0066, Msg=0x24, wParam=0x0, lParam=0x28e604) returned 0x0
[0076.737] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc076
[0076.738] CallWindowProcW (lpPrevWndFunc=0x771825dd, hWnd=0xa0066, Msg=0x81, wParam=0x0, lParam=0x28e5f8) returned 0x1
[0076.738] CallWindowProcW (lpPrevWndFunc=0x771825dd, hWnd=0xa0066, Msg=0x83, wParam=0x0, lParam=0x28e5e4) returned 0x0
[0076.739] CallWindowProcW (lpPrevWndFunc=0x771825dd, hWnd=0xa0066, Msg=0x1, wParam=0x0, lParam=0x28e5f8) returned 0x0
[0076.739] GetClientRect (in: hWnd=0xa0066, lpRect=0x28e360 | out: lpRect=0x28e360) returned 1
[0076.739] GetWindowRect (in: hWnd=0xa0066, lpRect=0x28e360 | out: lpRect=0x28e360) returned 1
[0076.741] GetParent (hWnd=0xa0066) returned 0x0
[0076.741] DeactivateActCtx (dwFlags=0x0, ulCookie=0x18e60001) returned 1
[0076.923] GetSystemDefaultLCID () returned 0x409
[0076.923] GetStockObject (i=17) returned 0x18a0025
[0076.927] GetObjectW (in: h=0x18a0025, c=92, pv=0x28e868 | out: pv=0x28e868) returned 92
[0076.929] GetDC (hWnd=0x0) returned 0x1f010191
[0078.056] GdiplusStartup (in: token=0x156298, input=0x28de30, output=0x28de80 | out: token=0x156298, output=0x28de80) returned 0x0
[0078.089] CoTaskMemAlloc (cb=0x5c) returned 0x72a040
[0078.103] GdipCreateFontFromLogfontW (hdc=0x1f010191, logfont=0x72a040, font=0x28e930) returned 0x0
[0089.323] CoTaskMemFree (pv=0x72a040)
[0089.325] CoTaskMemAlloc (cb=0x5c) returned 0x72a040
[0089.325] CoTaskMemFree (pv=0x72a040)
[0089.326] CoTaskMemAlloc (cb=0x5c) returned 0x72a040
[0089.326] CoTaskMemFree (pv=0x72a040)
[0089.327] GdipGetFontUnit (font=0x4322230, unit=0x28e8f8) returned 0x0
[0089.328] GdipGetFontSize (font=0x4322230, size=0x28e8fc) returned 0x0
[0089.328] GdipGetFontStyle (font=0x4322230, style=0x28e8f4) returned 0x0
[0089.329] GdipGetFamily (font=0x4322230, family=0x28e8f0) returned 0x0
[0089.330] GdipGetFontSize (font=0x4322230, size=0x230124c) returned 0x0
[0089.331] ReleaseDC (hWnd=0x0, hDC=0x1f010191) returned 1
[0089.332] GetDC (hWnd=0x0) returned 0x14010175
[0089.335] GdipCreateFromHDC (hdc=0x14010175, graphics=0x28e90c) returned 0x0
[0089.338] GdipGetDpiY (graphics=0x75cb6d0, dpi=0x2301328) returned 0x0
[0089.338] GdipGetFontHeight (font=0x4322230, graphics=0x75cb6d0, height=0x28e904) returned 0x0
[0089.339] GdipGetEmHeight (family=0x64df6b0, style=0, EmHeight=0x28e90c) returned 0x0
[0089.339] GdipGetLineSpacing (family=0x64df6b0, style=0, LineSpacing=0x28e90c) returned 0x0
[0089.340] GdipDeleteGraphics (graphics=0x75cb6d0) returned 0x0
[0089.340] ReleaseDC (hWnd=0x0, hDC=0x14010175) returned 1
[0089.342] GdipCreateFont (fontFamily=0x64df6b0, emSize=0x41040000, style=0, unit=0x3, font=0x2301344) returned 0x0
[0089.342] GdipGetFontSize (font=0x7440e68, size=0x2301348) returned 0x0
[0089.342] GdipDeleteFont (font=0x4322230) returned 0x0
[0089.345] GetDC (hWnd=0x0) returned 0x14010175
[0089.345] GdipCreateFromHDC (hdc=0x14010175, graphics=0x28e980) returned 0x0
[0089.345] GdipGetFontHeight (font=0x7440e68, graphics=0x75cb6d0, height=0x28e978) returned 0x0
[0089.345] GdipDeleteGraphics (graphics=0x75cb6d0) returned 0x0
[0089.345] ReleaseDC (hWnd=0x0, hDC=0x14010175) returned 1
[0089.346] GetSystemMetrics (nIndex=5) returned 1
[0089.346] GetSystemMetrics (nIndex=6) returned 1
[0089.348] AdjustWindowRectEx (in: lpRect=0x28eaa8, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x28eaa8) returned 1
[0089.357] AdjustWindowRectEx (in: lpRect=0x28eaac, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28eaac) returned 1
[0089.359] AdjustWindowRectEx (in: lpRect=0x28eaa8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28eaa8) returned 1
[0089.360] AdjustWindowRectEx (in: lpRect=0x28eaa8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28eaa8) returned 1
[0089.363] GetDC (hWnd=0x0) returned 0x14010175
[0089.363] GdipCreateFromHDC (hdc=0x14010175, graphics=0x28e980) returned 0x0
[0089.363] GdipGetFontHeight (font=0x7440e68, graphics=0x75cb6d0, height=0x28e978) returned 0x0
[0089.363] GdipDeleteGraphics (graphics=0x75cb6d0) returned 0x0
[0089.363] ReleaseDC (hWnd=0x0, hDC=0x14010175) returned 1
[0089.363] GetSystemMetrics (nIndex=5) returned 1
[0089.363] GetSystemMetrics (nIndex=6) returned 1
[0089.363] AdjustWindowRectEx (in: lpRect=0x28eaa8, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x28eaa8) returned 1
[0089.367] AdjustWindowRectEx (in: lpRect=0x28eab0, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28eab0) returned 1
[0089.368] AdjustWindowRectEx (in: lpRect=0x28eab0, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28eab0) returned 1
[0089.369] AdjustWindowRectEx (in: lpRect=0x28eab0, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28eab0) returned 1
[0089.376] GetSystemMetrics (nIndex=5) returned 1
[0089.376] GetSystemMetrics (nIndex=6) returned 1
[0089.376] AdjustWindowRectEx (in: lpRect=0x28ea0c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x28ea0c) returned 1
[0089.384] GetSystemMetrics (nIndex=5) returned 1
[0089.384] GetSystemMetrics (nIndex=6) returned 1
[0089.384] AdjustWindowRectEx (in: lpRect=0x28e9a4, dwStyle=0x56010044, bMenu=0, dwExStyle=0x200 | out: lpRect=0x28e9a4) returned 1
[0089.387] AdjustWindowRectEx (in: lpRect=0x28e9a4, dwStyle=0x56010044, bMenu=0, dwExStyle=0x200 | out: lpRect=0x28e9a4) returned 1
[0089.409] AdjustWindowRectEx (in: lpRect=0x28ea0c, dwStyle=0x56010044, bMenu=0, dwExStyle=0x200 | out: lpRect=0x28ea0c) returned 1
[0089.420] GdipCreateFontFamilyFromName (name="Times New Roman", fontCollection=0x0, fontFamily=0x28ea88) returned 0x0
[0089.424] GdipCreateFont (fontFamily=0x64dec10, emSize=0x41900000, style=0, unit=0x3, font=0x230224c) returned 0x0
[0089.425] GdipGetFontSize (font=0x7440e90, size=0x2302250) returned 0x0
[0089.429] AdjustWindowRectEx (in: lpRect=0x28ea0c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28ea0c) returned 1
[0089.449] GetProcessWindowStation () returned 0x60
[0089.461] GetUserObjectInformationA (in: hObj=0x60, nIndex=1, pvInfo=0x2302988, nLength=0xc, lpnLengthNeeded=0x28e8e8 | out: pvInfo=0x2302988, lpnLengthNeeded=0x28e8e8) returned 1
[0089.468] SetConsoleCtrlHandler (HandlerRoutine=0x420926, Add=1) returned 1
[0089.469] GetModuleHandleW (lpModuleName=0x0) returned 0x2c0000
[0089.470] GetModuleHandleW (lpModuleName=0x0) returned 0x2c0000
[0089.477] GetClassInfoW (in: hInstance=0x2c0000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWndClass=0x23029ec | out: lpWndClass=0x23029ec) returned 0
[0089.482] CoTaskMemAlloc (cb=0x58) returned 0x7011c0
[0089.482] RegisterClassW (lpWndClass=0x28e838) returned 0xc1cc
[0089.483] CoTaskMemFree (pv=0x7011c0)
[0089.485] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x2c0000, lpParam=0x0) returned 0x50070
[0089.490] NtdllDefWindowProc_W () returned 0x1
[0089.493] NtdllDefWindowProc_W () returned 0x0
[0089.494] NtdllDefWindowProc_W () returned 0x0
[0089.494] NtdllDefWindowProc_W () returned 0x0
[0089.494] NtdllDefWindowProc_W () returned 0x0
[0089.498] GetSysColor (nIndex=10) returned 0xb4b4b4
[0089.498] GetSysColor (nIndex=2) returned 0xd1b499
[0089.498] GetSysColor (nIndex=9) returned 0x0
[0089.499] GetSysColor (nIndex=12) returned 0xababab
[0089.499] GetSysColor (nIndex=15) returned 0xf0f0f0
[0089.499] GetSysColor (nIndex=20) returned 0xffffff
[0089.499] GetSysColor (nIndex=16) returned 0xa0a0a0
[0089.499] GetSysColor (nIndex=15) returned 0xf0f0f0
[0089.499] GetSysColor (nIndex=16) returned 0xa0a0a0
[0089.499] GetSysColor (nIndex=21) returned 0x696969
[0089.499] GetSysColor (nIndex=22) returned 0xe3e3e3
[0089.499] GetSysColor (nIndex=20) returned 0xffffff
[0089.499] GetSysColor (nIndex=18) returned 0x0
[0089.499] GetSysColor (nIndex=1) returned 0x0
[0089.499] GetSysColor (nIndex=27) returned 0xead1b9
[0089.499] GetSysColor (nIndex=28) returned 0xf2e4d7
[0089.499] GetSysColor (nIndex=17) returned 0x6d6d6d
[0089.499] GetSysColor (nIndex=13) returned 0xff9933
[0089.499] GetSysColor (nIndex=14) returned 0xffffff
[0089.499] GetSysColor (nIndex=26) returned 0xcc6600
[0089.499] GetSysColor (nIndex=11) returned 0xfcf7f4
[0089.499] GetSysColor (nIndex=3) returned 0xdbcdbf
[0089.499] GetSysColor (nIndex=19) returned 0x544e43
[0089.499] GetSysColor (nIndex=24) returned 0xe1ffff
[0089.500] GetSysColor (nIndex=23) returned 0x0
[0089.500] GetSysColor (nIndex=4) returned 0xf0f0f0
[0089.500] GetSysColor (nIndex=30) returned 0xf0f0f0
[0089.500] GetSysColor (nIndex=29) returned 0xff9933
[0089.500] GetSysColor (nIndex=7) returned 0x0
[0089.500] GetSysColor (nIndex=0) returned 0xc8c8c8
[0089.500] GetSysColor (nIndex=5) returned 0xffffff
[0089.500] GetSysColor (nIndex=6) returned 0x646464
[0089.500] GetSysColor (nIndex=8) returned 0x0
[0089.500] AdjustWindowRectEx (in: lpRect=0x28ea0c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28ea0c) returned 1
[0089.528] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x28ea88) returned 0x0
[0089.528] GdipCreateFont (fontFamily=0x64df6b0, emSize=0x41040000, style=1, unit=0x3, font=0x230408c) returned 0x0
[0089.528] GdipGetFontSize (font=0x7440eb8, size=0x2304090) returned 0x0
[0089.541] AdjustWindowRectEx (in: lpRect=0x28ea38, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28ea38) returned 1
[0089.541] AdjustWindowRectEx (in: lpRect=0x28ea38, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28ea38) returned 1
[0089.547] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x28ea88) returned 0x0
[0089.547] GdipCreateFont (fontFamily=0x64df6b0, emSize=0x41040000, style=1, unit=0x3, font=0x2304364) returned 0x0
[0089.547] GdipGetFontSize (font=0x7440ee0, size=0x2304368) returned 0x0
[0089.551] AdjustWindowRectEx (in: lpRect=0x28ea38, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28ea38) returned 1
[0089.551] AdjustWindowRectEx (in: lpRect=0x28ea38, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28ea38) returned 1
[0089.553] GetSystemMetrics (nIndex=5) returned 1
[0089.553] GetSystemMetrics (nIndex=6) returned 1
[0089.554] AdjustWindowRectEx (in: lpRect=0x28ea0c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x28ea0c) returned 1
[0089.554] GetSystemMetrics (nIndex=5) returned 1
[0089.554] GetSystemMetrics (nIndex=6) returned 1
[0089.554] AdjustWindowRectEx (in: lpRect=0x28e9a4, dwStyle=0x56010044, bMenu=0, dwExStyle=0x200 | out: lpRect=0x28e9a4) returned 1
[0089.554] AdjustWindowRectEx (in: lpRect=0x28e9a4, dwStyle=0x56010044, bMenu=0, dwExStyle=0x200 | out: lpRect=0x28e9a4) returned 1
[0089.554] AdjustWindowRectEx (in: lpRect=0x28ea0c, dwStyle=0x56010044, bMenu=0, dwExStyle=0x200 | out: lpRect=0x28ea0c) returned 1
[0089.554] AdjustWindowRectEx (in: lpRect=0x28ea38, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28ea38) returned 1
[0089.557] AdjustWindowRectEx (in: lpRect=0x28ea24, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28ea24) returned 1
[0089.561] AdjustWindowRectEx (in: lpRect=0x28ea38, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28ea38) returned 1
[0089.561] AdjustWindowRectEx (in: lpRect=0x28ea38, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28ea38) returned 1
[0089.561] AdjustWindowRectEx (in: lpRect=0x28ea38, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28ea38) returned 1
[0089.561] AdjustWindowRectEx (in: lpRect=0x28ea38, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28ea38) returned 1
[0089.597] EtwEventRegister () returned 0x0
[0089.609] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28e514) returned 1
[0089.610] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe.config" (normalized: "c:\\users\\keecfmwgj\\desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x28e7d8 | out: lpFileInformation=0x28e7d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0089.610] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28e510) returned 1
[0090.367] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x18200, lpName=0x0) returned 0x244
[0090.367] memcpy (in: _Dst=0x3f0000, _Src=0x32d9560, _Size=0x18200 | out: _Dst=0x3f0000) returned 0x3f0000
[0090.369] CloseHandle (hObject=0x244) returned 1
[0090.577] AdjustWindowRectEx (in: lpRect=0x28ea6c, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x28ea6c) returned 1
[0090.577] GetSystemMetrics (nIndex=59) returned 1460
[0090.577] GetSystemMetrics (nIndex=60) returned 920
[0090.577] GetSystemMetrics (nIndex=34) returned 132
[0090.577] GetSystemMetrics (nIndex=35) returned 38
[0090.577] AdjustWindowRectEx (in: lpRect=0x28e96c, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x28e96c) returned 1
[0090.578] GetCurrentThreadId () returned 0x9d4
[0090.578] GetCurrentThreadId () returned 0x9d4
[0090.584] GetCurrentThreadId () returned 0x9d4
[0090.584] GetCurrentThreadId () returned 0x9d4
[0090.584] GetCurrentThreadId () returned 0x9d4
[0090.584] GetCurrentThreadId () returned 0x9d4
[0090.584] GetCurrentThreadId () returned 0x9d4
[0090.584] GetCurrentThreadId () returned 0x9d4
[0090.586] AdjustWindowRectEx (in: lpRect=0x28e864, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28e864) returned 1
[0090.593] GdipGetFamilyName (in: family=0x64dec10, name=0x28e750, language=0x409 | out: name="Times New Roman") returned 0x0
[0090.595] CreateCompatibleDC (hdc=0x0) returned 0x14010b5d
[0090.597] GetCurrentObject (hdc=0x14010b5d, type=0x1) returned 0x1b00017
[0090.597] GetCurrentObject (hdc=0x14010b5d, type=0x2) returned 0x1900010
[0090.597] GetCurrentObject (hdc=0x14010b5d, type=0x7) returned 0x185000f
[0090.597] GetCurrentObject (hdc=0x14010b5d, type=0x6) returned 0x18a002e
[0090.599] SaveDC (hdc=0x14010b5d) returned 1
[0090.600] GetDeviceCaps (hdc=0x14010b5d, index=90) returned 96
[0090.601] CoTaskMemAlloc (cb=0x5c) returned 0x72a040
[0090.601] CreateFontIndirectW (lplf=0x72a040) returned 0x170a071a
[0090.602] CoTaskMemFree (pv=0x72a040)
[0090.602] GetObjectW (in: h=0x170a071a, c=92, pv=0x28e714 | out: pv=0x28e714) returned 92
[0090.603] GetCurrentObject (hdc=0x14010b5d, type=0x6) returned 0x18a002e
[0090.604] GetObjectW (in: h=0x18a002e, c=92, pv=0x28e67c | out: pv=0x28e67c) returned 92
[0090.605] SelectObject (hdc=0x14010b5d, h=0x170a071a) returned 0x18a002e
[0090.606] GetMapMode (hdc=0x14010b5d) returned 1
[0090.606] GetTextMetricsW (in: hdc=0x14010b5d, lptm=0x28e744 | out: lptm=0x28e744) returned 1
[0090.613] DrawTextExW (in: hdc=0x14010b5d, lpchText="Login System", cchText=12, lprc=0x28e850, format=0x2400, lpdtp=0x234e2ac | out: lpchText="Login System", lprc=0x28e850) returned 27
[0090.667] GetCurrentThreadId () returned 0x9d4
[0090.667] GetCurrentThreadId () returned 0x9d4
[0090.667] GetCurrentThreadId () returned 0x9d4
[0090.667] GetCurrentThreadId () returned 0x9d4
[0090.667] GetCurrentThreadId () returned 0x9d4
[0090.668] GetCurrentThreadId () returned 0x9d4
[0090.668] GetCurrentThreadId () returned 0x9d4
[0090.668] GetCurrentThreadId () returned 0x9d4
[0090.678] CreateCompatibleDC (hdc=0x0) returned 0x1d0106da
[0090.679] GetDC (hWnd=0x0) returned 0x14010175
[0090.680] GdipCreateFromHDC (hdc=0x14010175, graphics=0x28e884) returned 0x0
[0090.681] CoTaskMemAlloc (cb=0x5c) returned 0x72a040
[0090.681] GdipGetLogFontW (font=0x7440e68, graphics=0x75cb6d0, logfontW=0x72a040) returned 0x0
[0090.682] CoTaskMemFree (pv=0x72a040)
[0090.682] CoTaskMemAlloc (cb=0x5c) returned 0x72a040
[0090.682] CoTaskMemFree (pv=0x72a040)
[0090.683] CoTaskMemAlloc (cb=0x5c) returned 0x72a040
[0090.683] CoTaskMemFree (pv=0x72a040)
[0090.683] GdipDeleteGraphics (graphics=0x75cb6d0) returned 0x0
[0090.683] ReleaseDC (hWnd=0x0, hDC=0x14010175) returned 1
[0090.683] CoTaskMemAlloc (cb=0x5c) returned 0x72a040
[0090.684] CreateFontIndirectW (lplf=0x72a040) returned 0x2c0a018b
[0090.684] CoTaskMemFree (pv=0x72a040)
[0090.684] SelectObject (hdc=0x1d0106da, h=0x2c0a018b) returned 0x18a002e
[0090.685] GetTextMetricsW (in: hdc=0x1d0106da, lptm=0x28e990 | out: lptm=0x28e990) returned 1
[0090.685] GetTextExtentPoint32W (in: hdc=0x1d0106da, lpString="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", c=52, psizl=0x234ebc4 | out: psizl=0x234ebc4) returned 1
[0090.685] SelectObject (hdc=0x1d0106da, h=0x18a002e) returned 0x2c0a018b
[0090.686] DeleteDC (hdc=0x1d0106da) returned 1
[0090.686] AdjustWindowRectEx (in: lpRect=0x28e6f8, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x28e6f8) returned 1
[0090.686] AdjustWindowRectEx (in: lpRect=0x28e91c, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x28e91c) returned 1
[0090.686] AdjustWindowRectEx (in: lpRect=0x28e670, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x28e670) returned 1
[0090.686] AdjustWindowRectEx (in: lpRect=0x28e754, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x28e754) returned 1
[0090.687] GetSystemMetrics (nIndex=34) returned 132
[0090.687] GetSystemMetrics (nIndex=35) returned 38
[0090.687] AdjustWindowRectEx (in: lpRect=0x28e90c, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28e90c) returned 1
[0090.687] AdjustWindowRectEx (in: lpRect=0x28e770, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28e770) returned 1
[0090.687] AdjustWindowRectEx (in: lpRect=0x28e90c, dwStyle=0x56010044, bMenu=0, dwExStyle=0x200 | out: lpRect=0x28e90c) returned 1
[0090.687] AdjustWindowRectEx (in: lpRect=0x28e770, dwStyle=0x56010044, bMenu=0, dwExStyle=0x200 | out: lpRect=0x28e770) returned 1
[0090.687] AdjustWindowRectEx (in: lpRect=0x28e90c, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28e90c) returned 1
[0090.687] AdjustWindowRectEx (in: lpRect=0x28e770, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28e770) returned 1
[0090.687] AdjustWindowRectEx (in: lpRect=0x28e90c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28e90c) returned 1
[0090.687] AdjustWindowRectEx (in: lpRect=0x28e770, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28e770) returned 1
[0090.687] AdjustWindowRectEx (in: lpRect=0x28e5c8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28e5c8) returned 1
[0090.687] AdjustWindowRectEx (in: lpRect=0x28e90c, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28e90c) returned 1
[0090.688] AdjustWindowRectEx (in: lpRect=0x28e770, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28e770) returned 1
[0090.688] AdjustWindowRectEx (in: lpRect=0x28e90c, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28e90c) returned 1
[0090.688] AdjustWindowRectEx (in: lpRect=0x28e770, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28e770) returned 1
[0090.688] AdjustWindowRectEx (in: lpRect=0x28e90c, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28e90c) returned 1
[0090.688] AdjustWindowRectEx (in: lpRect=0x28e770, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28e770) returned 1
[0090.688] AdjustWindowRectEx (in: lpRect=0x28e90c, dwStyle=0x56010044, bMenu=0, dwExStyle=0x200 | out: lpRect=0x28e90c) returned 1
[0090.688] AdjustWindowRectEx (in: lpRect=0x28e770, dwStyle=0x56010044, bMenu=0, dwExStyle=0x200 | out: lpRect=0x28e770) returned 1
[0137.123] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2e00, lpName=0x0) returned 0x174
[0137.124] memcpy (in: _Dst=0x600000, _Src=0x237be24, _Size=0x2e00 | out: _Dst=0x600000) returned 0x600000
[0137.124] CloseHandle (hObject=0x174) returned 1
[0137.174] CoTaskMemAlloc (cb=0x20c) returned 0x74d4b8
[0137.174] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x74d4b8 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned 0x25
[0137.174] CoTaskMemFree (pv=0x74d4b8)
[0137.175] GetLongPathNameW (in: lpszShortPath="C:\\Users\\KEECFM~1\\", lpszLongPath=0x28d740, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\kEecfMwgj\\") returned 0x13
[0137.178] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x28d754, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x26
[0137.450] GdipLoadImageFromStream (stream=0x620030, image=0x28e150) returned 0x0
[0137.985] GdipImageForceValidation (image=0x75cb6d0) returned 0x0
[0138.001] GdipGetImageType (image=0x75cb6d0, type=0x28e14c) returned 0x0
[0138.001] GdipGetImageRawFormat (image=0x75cb6d0, format=0x28e0c0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0
[0138.035] GdipGetImageWidth (image=0x75cb6d0, width=0x28e70c) returned 0x0
[0138.052] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.053] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.053] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=0, color=0x28e6d8) returned 0x0
[0138.082] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.082] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.082] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=1, color=0x28e6d8) returned 0x0
[0138.082] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.082] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.082] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=2, color=0x28e6d8) returned 0x0
[0138.082] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.082] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.083] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=3, color=0x28e6d8) returned 0x0
[0138.083] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.083] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.083] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=4, color=0x28e6d8) returned 0x0
[0138.083] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.083] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.083] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=5, color=0x28e6d8) returned 0x0
[0138.083] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.083] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.083] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=6, color=0x28e6d8) returned 0x0
[0138.083] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.083] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.083] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=7, color=0x28e6d8) returned 0x0
[0138.083] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.084] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.084] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=8, color=0x28e6d8) returned 0x0
[0138.084] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.084] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.084] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=9, color=0x28e6d8) returned 0x0
[0138.084] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.084] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.084] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=10, color=0x28e6d8) returned 0x0
[0138.084] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.084] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.084] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=11, color=0x28e6d8) returned 0x0
[0138.084] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.084] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.084] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=12, color=0x28e6d8) returned 0x0
[0138.084] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.085] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.085] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=13, color=0x28e6d8) returned 0x0
[0138.085] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.085] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.085] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=14, color=0x28e6d8) returned 0x0
[0138.085] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.085] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.085] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=15, color=0x28e6d8) returned 0x0
[0138.085] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.085] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.085] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=16, color=0x28e6d8) returned 0x0
[0138.085] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.085] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.085] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=17, color=0x28e6d8) returned 0x0
[0138.085] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.086] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.086] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=18, color=0x28e6d8) returned 0x0
[0138.090] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.090] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.090] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=19, color=0x28e6d8) returned 0x0
[0138.090] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.090] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.090] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=20, color=0x28e6d8) returned 0x0
[0138.090] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.090] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.090] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=21, color=0x28e6d8) returned 0x0
[0138.091] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.091] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.091] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=22, color=0x28e6d8) returned 0x0
[0138.091] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.091] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.091] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=23, color=0x28e6d8) returned 0x0
[0138.091] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.091] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.091] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=24, color=0x28e6d8) returned 0x0
[0138.091] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.091] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.091] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=25, color=0x28e6d8) returned 0x0
[0138.091] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.091] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.091] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=26, color=0x28e6d8) returned 0x0
[0138.092] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.092] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.092] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=27, color=0x28e6d8) returned 0x0
[0138.092] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.092] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.092] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=28, color=0x28e6d8) returned 0x0
[0138.092] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.092] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.092] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=29, color=0x28e6d8) returned 0x0
[0138.092] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.092] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.092] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=30, color=0x28e6d8) returned 0x0
[0138.092] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.092] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.092] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=31, color=0x28e6d8) returned 0x0
[0138.093] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.093] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.093] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=32, color=0x28e6d8) returned 0x0
[0138.093] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.093] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.093] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=33, color=0x28e6d8) returned 0x0
[0138.093] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.093] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.093] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=34, color=0x28e6d8) returned 0x0
[0138.093] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.093] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.093] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=35, color=0x28e6d8) returned 0x0
[0138.093] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.093] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.093] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=36, color=0x28e6d8) returned 0x0
[0138.094] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.094] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.094] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=37, color=0x28e6d8) returned 0x0
[0138.094] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.094] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.094] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=38, color=0x28e6d8) returned 0x0
[0138.094] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.094] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.094] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=39, color=0x28e6d8) returned 0x0
[0138.094] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.094] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.094] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=40, color=0x28e6d8) returned 0x0
[0138.094] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.094] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.094] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=41, color=0x28e6d8) returned 0x0
[0138.095] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.095] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.095] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=42, color=0x28e6d8) returned 0x0
[0138.095] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.095] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.095] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=43, color=0x28e6d8) returned 0x0
[0138.095] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.095] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.095] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=44, color=0x28e6d8) returned 0x0
[0138.095] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.095] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.095] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=45, color=0x28e6d8) returned 0x0
[0138.095] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.096] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.096] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=46, color=0x28e6d8) returned 0x0
[0138.096] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.096] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.096] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=47, color=0x28e6d8) returned 0x0
[0138.096] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.096] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.096] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=48, color=0x28e6d8) returned 0x0
[0138.096] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.096] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.096] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=49, color=0x28e6d8) returned 0x0
[0138.096] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.096] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.096] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=50, color=0x28e6d8) returned 0x0
[0138.097] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.097] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.097] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=51, color=0x28e6d8) returned 0x0
[0138.097] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.097] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.097] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=52, color=0x28e6d8) returned 0x0
[0138.097] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.097] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.097] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=53, color=0x28e6d8) returned 0x0
[0138.097] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.097] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.097] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=54, color=0x28e6d8) returned 0x0
[0138.097] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.097] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.097] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=55, color=0x28e6d8) returned 0x0
[0138.098] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.098] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.098] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=56, color=0x28e6d8) returned 0x0
[0138.098] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.098] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.098] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=57, color=0x28e6d8) returned 0x0
[0138.098] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.098] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.098] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=58, color=0x28e6d8) returned 0x0
[0138.098] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.098] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.098] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=59, color=0x28e6d8) returned 0x0
[0138.098] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.098] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.098] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=60, color=0x28e6d8) returned 0x0
[0138.099] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.099] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.099] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=61, color=0x28e6d8) returned 0x0
[0138.099] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.099] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.099] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=62, color=0x28e6d8) returned 0x0
[0138.099] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.099] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.099] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=63, color=0x28e6d8) returned 0x0
[0138.099] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.099] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.099] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=64, color=0x28e6d8) returned 0x0
[0138.099] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.099] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.099] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=65, color=0x28e6d8) returned 0x0
[0138.100] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.100] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.100] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=66, color=0x28e6d8) returned 0x0
[0138.100] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.100] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.100] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=67, color=0x28e6d8) returned 0x0
[0138.100] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.100] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.100] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=68, color=0x28e6d8) returned 0x0
[0138.100] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.100] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.100] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=69, color=0x28e6d8) returned 0x0
[0138.100] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.100] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.101] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=70, color=0x28e6d8) returned 0x0
[0138.101] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.101] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.101] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=71, color=0x28e6d8) returned 0x0
[0138.101] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.101] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.101] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=72, color=0x28e6d8) returned 0x0
[0138.101] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.101] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.101] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=73, color=0x28e6d8) returned 0x0
[0138.101] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.101] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.101] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=74, color=0x28e6d8) returned 0x0
[0138.101] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.101] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.102] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=75, color=0x28e6d8) returned 0x0
[0138.102] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.102] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.102] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=76, color=0x28e6d8) returned 0x0
[0138.102] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.102] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.102] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=77, color=0x28e6d8) returned 0x0
[0138.102] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.102] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.102] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=78, color=0x28e6d8) returned 0x0
[0138.102] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.102] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.102] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=79, color=0x28e6d8) returned 0x0
[0138.102] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.102] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.103] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=80, color=0x28e6d8) returned 0x0
[0138.103] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.103] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.103] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=81, color=0x28e6d8) returned 0x0
[0138.103] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.103] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.103] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=82, color=0x28e6d8) returned 0x0
[0138.103] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.103] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.103] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=83, color=0x28e6d8) returned 0x0
[0138.103] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.103] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.103] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=84, color=0x28e6d8) returned 0x0
[0138.103] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.103] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.104] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=85, color=0x28e6d8) returned 0x0
[0138.104] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.104] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.104] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=86, color=0x28e6d8) returned 0x0
[0138.104] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.104] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.104] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=87, color=0x28e6d8) returned 0x0
[0138.104] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.104] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.104] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=88, color=0x28e6d8) returned 0x0
[0138.104] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.104] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.104] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=89, color=0x28e6d8) returned 0x0
[0138.104] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.104] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.104] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=90, color=0x28e6d8) returned 0x0
[0138.104] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.104] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.104] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=91, color=0x28e6d8) returned 0x0
[0138.105] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.105] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.105] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=92, color=0x28e6d8) returned 0x0
[0138.105] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.105] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.105] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=93, color=0x28e6d8) returned 0x0
[0138.105] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.105] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.105] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=94, color=0x28e6d8) returned 0x0
[0138.105] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.105] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.105] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=95, color=0x28e6d8) returned 0x0
[0138.105] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.105] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.105] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=96, color=0x28e6d8) returned 0x0
[0138.105] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.105] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.106] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=97, color=0x28e6d8) returned 0x0
[0138.106] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.106] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.106] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=98, color=0x28e6d8) returned 0x0
[0138.106] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.106] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.106] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=99, color=0x28e6d8) returned 0x0
[0138.106] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.106] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.106] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=100, color=0x28e6d8) returned 0x0
[0138.106] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.106] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.106] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=101, color=0x28e6d8) returned 0x0
[0138.106] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.106] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.106] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=102, color=0x28e6d8) returned 0x0
[0138.106] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.106] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.107] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=103, color=0x28e6d8) returned 0x0
[0138.107] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.107] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.107] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=104, color=0x28e6d8) returned 0x0
[0138.107] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.107] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.107] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=105, color=0x28e6d8) returned 0x0
[0138.107] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.107] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.107] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=106, color=0x28e6d8) returned 0x0
[0138.107] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.107] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.107] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=107, color=0x28e6d8) returned 0x0
[0138.107] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.107] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.107] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=108, color=0x28e6d8) returned 0x0
[0138.107] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.108] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.108] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=109, color=0x28e6d8) returned 0x0
[0138.108] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.108] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.108] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=110, color=0x28e6d8) returned 0x0
[0138.108] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.108] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.108] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=111, color=0x28e6d8) returned 0x0
[0138.108] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.108] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.108] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=112, color=0x28e6d8) returned 0x0
[0138.108] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.108] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.108] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=113, color=0x28e6d8) returned 0x0
[0138.108] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.108] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.108] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=114, color=0x28e6d8) returned 0x0
[0138.108] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.109] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.109] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=115, color=0x28e6d8) returned 0x0
[0138.109] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.109] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.109] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=116, color=0x28e6d8) returned 0x0
[0138.109] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.109] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.109] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=117, color=0x28e6d8) returned 0x0
[0138.109] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.109] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.109] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=118, color=0x28e6d8) returned 0x0
[0138.109] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.109] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.109] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=119, color=0x28e6d8) returned 0x0
[0138.109] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.109] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.109] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=120, color=0x28e6d8) returned 0x0
[0138.110] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.110] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.110] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=121, color=0x28e6d8) returned 0x0
[0138.110] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.110] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.110] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=122, color=0x28e6d8) returned 0x0
[0138.110] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.110] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.110] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=123, color=0x28e6d8) returned 0x0
[0138.110] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.110] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.110] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=124, color=0x28e6d8) returned 0x0
[0138.110] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.110] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.110] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=125, color=0x28e6d8) returned 0x0
[0138.110] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.110] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.110] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=126, color=0x28e6d8) returned 0x0
[0138.111] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.111] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.111] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=127, color=0x28e6d8) returned 0x0
[0138.111] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.111] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.111] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=128, color=0x28e6d8) returned 0x0
[0138.111] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.111] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.111] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=129, color=0x28e6d8) returned 0x0
[0138.111] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.111] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.111] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=130, color=0x28e6d8) returned 0x0
[0138.111] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.111] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.111] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=131, color=0x28e6d8) returned 0x0
[0138.111] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.111] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.111] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=132, color=0x28e6d8) returned 0x0
[0138.112] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.112] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.112] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=133, color=0x28e6d8) returned 0x0
[0138.112] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.112] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.112] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=134, color=0x28e6d8) returned 0x0
[0138.112] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.112] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.112] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=135, color=0x28e6d8) returned 0x0
[0138.112] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.112] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.112] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=136, color=0x28e6d8) returned 0x0
[0138.112] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.112] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.112] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=137, color=0x28e6d8) returned 0x0
[0138.112] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.113] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.113] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=138, color=0x28e6d8) returned 0x0
[0138.113] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.113] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.113] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=139, color=0x28e6d8) returned 0x0
[0138.113] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.113] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.113] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=140, color=0x28e6d8) returned 0x0
[0138.113] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.113] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.113] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=141, color=0x28e6d8) returned 0x0
[0138.113] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.113] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.113] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=142, color=0x28e6d8) returned 0x0
[0138.113] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.114] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.114] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=143, color=0x28e6d8) returned 0x0
[0138.114] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.114] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.114] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=144, color=0x28e6d8) returned 0x0
[0138.114] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.114] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.114] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=145, color=0x28e6d8) returned 0x0
[0138.114] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.114] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.114] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=146, color=0x28e6d8) returned 0x0
[0138.114] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.114] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.114] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=147, color=0x28e6d8) returned 0x0
[0138.114] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.114] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.114] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=148, color=0x28e6d8) returned 0x0
[0138.115] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.115] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.115] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=149, color=0x28e6d8) returned 0x0
[0138.115] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.115] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.115] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=150, color=0x28e6d8) returned 0x0
[0138.115] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.115] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.115] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=151, color=0x28e6d8) returned 0x0
[0138.115] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.115] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.115] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=152, color=0x28e6d8) returned 0x0
[0138.115] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.115] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.115] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=153, color=0x28e6d8) returned 0x0
[0138.115] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.116] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.116] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=154, color=0x28e6d8) returned 0x0
[0138.116] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.116] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.116] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=155, color=0x28e6d8) returned 0x0
[0138.116] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.116] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.116] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=156, color=0x28e6d8) returned 0x0
[0138.116] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.116] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.116] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=157, color=0x28e6d8) returned 0x0
[0138.116] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.116] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.116] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=158, color=0x28e6d8) returned 0x0
[0138.116] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.117] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.117] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=159, color=0x28e6d8) returned 0x0
[0138.117] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.117] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.117] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=160, color=0x28e6d8) returned 0x0
[0138.117] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.117] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.117] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=161, color=0x28e6d8) returned 0x0
[0138.117] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.117] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.117] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=162, color=0x28e6d8) returned 0x0
[0138.117] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.117] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.117] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=163, color=0x28e6d8) returned 0x0
[0138.117] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.117] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.117] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=164, color=0x28e6d8) returned 0x0
[0138.118] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.118] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.118] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=165, color=0x28e6d8) returned 0x0
[0138.118] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.118] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.118] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=166, color=0x28e6d8) returned 0x0
[0138.118] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.118] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.118] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=167, color=0x28e6d8) returned 0x0
[0138.118] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.118] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.118] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=168, color=0x28e6d8) returned 0x0
[0138.118] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.118] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.118] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=169, color=0x28e6d8) returned 0x0
[0138.118] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.118] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.118] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=170, color=0x28e6d8) returned 0x0
[0138.119] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.119] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.119] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=171, color=0x28e6d8) returned 0x0
[0138.119] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.119] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.119] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=172, color=0x28e6d8) returned 0x0
[0138.119] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.119] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.119] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=173, color=0x28e6d8) returned 0x0
[0138.119] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.119] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.119] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=174, color=0x28e6d8) returned 0x0
[0138.119] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.119] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.119] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=175, color=0x28e6d8) returned 0x0
[0138.119] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.119] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.119] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=176, color=0x28e6d8) returned 0x0
[0138.120] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.120] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.120] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=177, color=0x28e6d8) returned 0x0
[0138.120] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.120] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.120] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=178, color=0x28e6d8) returned 0x0
[0138.120] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.120] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.120] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=179, color=0x28e6d8) returned 0x0
[0138.120] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.120] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.120] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=180, color=0x28e6d8) returned 0x0
[0138.120] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.120] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.120] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=181, color=0x28e6d8) returned 0x0
[0138.120] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.120] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.120] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=182, color=0x28e6d8) returned 0x0
[0138.121] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.121] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.121] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=183, color=0x28e6d8) returned 0x0
[0138.121] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.121] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.121] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=184, color=0x28e6d8) returned 0x0
[0138.121] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.121] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.121] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=185, color=0x28e6d8) returned 0x0
[0138.121] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.121] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.121] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=186, color=0x28e6d8) returned 0x0
[0138.121] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.121] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.121] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=187, color=0x28e6d8) returned 0x0
[0138.121] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.121] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.121] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=188, color=0x28e6d8) returned 0x0
[0138.122] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.122] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.122] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=189, color=0x28e6d8) returned 0x0
[0138.122] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.122] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.122] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=190, color=0x28e6d8) returned 0x0
[0138.122] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.122] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.122] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=191, color=0x28e6d8) returned 0x0
[0138.122] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.122] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.122] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=192, color=0x28e6d8) returned 0x0
[0138.122] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.122] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.122] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=193, color=0x28e6d8) returned 0x0
[0138.122] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.122] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.122] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=194, color=0x28e6d8) returned 0x0
[0138.123] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.123] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.123] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=195, color=0x28e6d8) returned 0x0
[0138.123] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.123] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.123] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=196, color=0x28e6d8) returned 0x0
[0138.123] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.123] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.123] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=197, color=0x28e6d8) returned 0x0
[0138.123] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.123] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.123] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=198, color=0x28e6d8) returned 0x0
[0138.123] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.123] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.123] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=199, color=0x28e6d8) returned 0x0
[0138.123] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.123] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.124] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=200, color=0x28e6d8) returned 0x0
[0138.124] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.124] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.124] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=201, color=0x28e6d8) returned 0x0
[0138.124] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.124] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.124] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=202, color=0x28e6d8) returned 0x0
[0138.124] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.124] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.124] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=203, color=0x28e6d8) returned 0x0
[0138.124] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.124] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.124] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=204, color=0x28e6d8) returned 0x0
[0138.124] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.124] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.124] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=205, color=0x28e6d8) returned 0x0
[0138.124] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.124] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.125] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=206, color=0x28e6d8) returned 0x0
[0138.125] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.125] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.125] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=207, color=0x28e6d8) returned 0x0
[0138.125] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.125] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.125] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=208, color=0x28e6d8) returned 0x0
[0138.125] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.125] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.125] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=209, color=0x28e6d8) returned 0x0
[0138.125] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.125] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.125] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=210, color=0x28e6d8) returned 0x0
[0138.125] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.125] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.125] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=211, color=0x28e6d8) returned 0x0
[0138.125] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.126] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.126] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=212, color=0x28e6d8) returned 0x0
[0138.126] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.126] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.126] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=213, color=0x28e6d8) returned 0x0
[0138.126] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.126] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.126] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=214, color=0x28e6d8) returned 0x0
[0138.126] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.126] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.126] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=215, color=0x28e6d8) returned 0x0
[0138.126] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.126] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.126] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=216, color=0x28e6d8) returned 0x0
[0138.126] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.126] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.126] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=217, color=0x28e6d8) returned 0x0
[0138.126] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.127] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.127] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=218, color=0x28e6d8) returned 0x0
[0138.127] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.127] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.127] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=219, color=0x28e6d8) returned 0x0
[0138.127] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.127] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.127] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=220, color=0x28e6d8) returned 0x0
[0138.127] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.127] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.127] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=221, color=0x28e6d8) returned 0x0
[0138.127] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.128] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.128] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=222, color=0x28e6d8) returned 0x0
[0138.128] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.128] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.128] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=223, color=0x28e6d8) returned 0x0
[0138.128] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.128] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.128] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=224, color=0x28e6d8) returned 0x0
[0138.128] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.128] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.128] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=225, color=0x28e6d8) returned 0x0
[0138.128] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.128] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.128] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=226, color=0x28e6d8) returned 0x0
[0138.128] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.128] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.128] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=227, color=0x28e6d8) returned 0x0
[0138.128] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.129] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.129] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=228, color=0x28e6d8) returned 0x0
[0138.129] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.129] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.129] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=229, color=0x28e6d8) returned 0x0
[0138.129] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.129] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.129] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=230, color=0x28e6d8) returned 0x0
[0138.129] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.129] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.129] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=231, color=0x28e6d8) returned 0x0
[0138.129] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.129] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.129] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=232, color=0x28e6d8) returned 0x0
[0138.129] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.129] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.129] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=233, color=0x28e6d8) returned 0x0
[0138.130] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.130] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.130] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=234, color=0x28e6d8) returned 0x0
[0138.130] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.130] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.130] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=235, color=0x28e6d8) returned 0x0
[0138.130] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.130] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.130] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=236, color=0x28e6d8) returned 0x0
[0138.130] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.130] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.130] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=237, color=0x28e6d8) returned 0x0
[0138.130] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.130] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.130] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=238, color=0x28e6d8) returned 0x0
[0138.130] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.130] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.130] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=239, color=0x28e6d8) returned 0x0
[0138.131] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.131] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.131] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=240, color=0x28e6d8) returned 0x0
[0138.131] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.131] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.132] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=241, color=0x28e6d8) returned 0x0
[0138.132] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.132] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.132] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=242, color=0x28e6d8) returned 0x0
[0138.132] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.132] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.132] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=243, color=0x28e6d8) returned 0x0
[0138.132] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.132] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.132] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=244, color=0x28e6d8) returned 0x0
[0138.132] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.132] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.132] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=245, color=0x28e6d8) returned 0x0
[0138.132] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.132] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.132] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=246, color=0x28e6d8) returned 0x0
[0138.132] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.133] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.133] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=247, color=0x28e6d8) returned 0x0
[0138.133] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.133] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.133] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=248, color=0x28e6d8) returned 0x0
[0138.133] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.133] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.133] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=0, y=249, color=0x28e6d8) returned 0x0
[0138.268] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.268] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.268] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=46, color=0x28e6d8) returned 0x0
[0138.268] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.268] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.268] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=47, color=0x28e6d8) returned 0x0
[0138.268] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.269] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.269] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=48, color=0x28e6d8) returned 0x0
[0138.269] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.269] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.269] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=49, color=0x28e6d8) returned 0x0
[0138.269] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.269] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.269] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=50, color=0x28e6d8) returned 0x0
[0138.269] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.269] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.269] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=51, color=0x28e6d8) returned 0x0
[0138.269] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.269] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.269] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=52, color=0x28e6d8) returned 0x0
[0138.270] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.270] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.270] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=53, color=0x28e6d8) returned 0x0
[0138.270] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.270] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.270] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=54, color=0x28e6d8) returned 0x0
[0138.270] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.270] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.270] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=55, color=0x28e6d8) returned 0x0
[0138.270] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.270] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.270] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=56, color=0x28e6d8) returned 0x0
[0138.270] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.270] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.270] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=57, color=0x28e6d8) returned 0x0
[0138.271] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.271] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.271] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=58, color=0x28e6d8) returned 0x0
[0138.271] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.271] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.271] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=59, color=0x28e6d8) returned 0x0
[0138.271] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.271] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.271] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=60, color=0x28e6d8) returned 0x0
[0138.271] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.271] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.271] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=61, color=0x28e6d8) returned 0x0
[0138.271] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.272] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.272] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=62, color=0x28e6d8) returned 0x0
[0138.272] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.272] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.272] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=63, color=0x28e6d8) returned 0x0
[0138.272] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.272] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.272] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=64, color=0x28e6d8) returned 0x0
[0138.272] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.272] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.272] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=65, color=0x28e6d8) returned 0x0
[0138.272] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.272] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.272] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=66, color=0x28e6d8) returned 0x0
[0138.273] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.273] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.273] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=67, color=0x28e6d8) returned 0x0
[0138.273] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.273] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.273] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=68, color=0x28e6d8) returned 0x0
[0138.273] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.273] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.273] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=69, color=0x28e6d8) returned 0x0
[0138.273] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.273] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.273] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=70, color=0x28e6d8) returned 0x0
[0138.273] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.274] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.274] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=71, color=0x28e6d8) returned 0x0
[0138.274] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.274] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.274] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=72, color=0x28e6d8) returned 0x0
[0138.274] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.274] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.274] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=73, color=0x28e6d8) returned 0x0
[0138.274] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.274] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.274] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=74, color=0x28e6d8) returned 0x0
[0138.274] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.274] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.275] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=75, color=0x28e6d8) returned 0x0
[0138.275] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.275] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.275] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=76, color=0x28e6d8) returned 0x0
[0138.275] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.275] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.275] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=77, color=0x28e6d8) returned 0x0
[0138.275] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.275] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.275] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=78, color=0x28e6d8) returned 0x0
[0138.275] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.275] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.275] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=79, color=0x28e6d8) returned 0x0
[0138.275] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.276] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.276] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=80, color=0x28e6d8) returned 0x0
[0138.276] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.276] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.276] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=81, color=0x28e6d8) returned 0x0
[0138.276] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.276] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.276] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=82, color=0x28e6d8) returned 0x0
[0138.276] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.276] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.276] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=83, color=0x28e6d8) returned 0x0
[0138.276] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.276] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.277] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=84, color=0x28e6d8) returned 0x0
[0138.277] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.277] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.277] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=85, color=0x28e6d8) returned 0x0
[0138.277] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.277] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.277] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=86, color=0x28e6d8) returned 0x0
[0138.277] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.277] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.277] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=87, color=0x28e6d8) returned 0x0
[0138.277] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.277] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.277] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=88, color=0x28e6d8) returned 0x0
[0138.277] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.277] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.278] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=89, color=0x28e6d8) returned 0x0
[0138.278] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.278] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.278] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=90, color=0x28e6d8) returned 0x0
[0138.278] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.278] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.278] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=91, color=0x28e6d8) returned 0x0
[0138.278] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.278] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.278] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=92, color=0x28e6d8) returned 0x0
[0138.278] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.278] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.278] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=93, color=0x28e6d8) returned 0x0
[0138.279] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.279] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.279] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=94, color=0x28e6d8) returned 0x0
[0138.279] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.279] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.279] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=95, color=0x28e6d8) returned 0x0
[0138.279] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.279] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.279] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=96, color=0x28e6d8) returned 0x0
[0138.279] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.279] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.279] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=97, color=0x28e6d8) returned 0x0
[0138.279] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.279] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.279] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=98, color=0x28e6d8) returned 0x0
[0138.279] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.279] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.279] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=99, color=0x28e6d8) returned 0x0
[0138.280] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.280] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.280] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=100, color=0x28e6d8) returned 0x0
[0138.280] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.280] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.280] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=101, color=0x28e6d8) returned 0x0
[0138.280] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.280] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.280] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=102, color=0x28e6d8) returned 0x0
[0138.280] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.280] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.280] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=103, color=0x28e6d8) returned 0x0
[0138.280] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.280] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.280] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=104, color=0x28e6d8) returned 0x0
[0138.280] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.281] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.281] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=105, color=0x28e6d8) returned 0x0
[0138.281] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.281] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.281] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=106, color=0x28e6d8) returned 0x0
[0138.281] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.281] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.281] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=107, color=0x28e6d8) returned 0x0
[0138.281] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.281] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.281] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=108, color=0x28e6d8) returned 0x0
[0138.281] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.281] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.281] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=109, color=0x28e6d8) returned 0x0
[0138.281] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.281] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.281] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=110, color=0x28e6d8) returned 0x0
[0138.282] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.282] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.282] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=111, color=0x28e6d8) returned 0x0
[0138.282] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.282] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.282] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=112, color=0x28e6d8) returned 0x0
[0138.282] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.282] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.282] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=113, color=0x28e6d8) returned 0x0
[0138.282] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.282] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.282] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=114, color=0x28e6d8) returned 0x0
[0138.282] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.282] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.282] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=115, color=0x28e6d8) returned 0x0
[0138.282] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.283] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.283] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=116, color=0x28e6d8) returned 0x0
[0138.283] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.283] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.283] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=117, color=0x28e6d8) returned 0x0
[0138.283] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.283] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.283] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=118, color=0x28e6d8) returned 0x0
[0138.283] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.283] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.283] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=119, color=0x28e6d8) returned 0x0
[0138.283] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.283] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.283] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=120, color=0x28e6d8) returned 0x0
[0138.283] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.283] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.284] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=121, color=0x28e6d8) returned 0x0
[0138.284] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.284] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.284] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=122, color=0x28e6d8) returned 0x0
[0138.284] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.284] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.284] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=123, color=0x28e6d8) returned 0x0
[0138.284] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.284] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.284] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=124, color=0x28e6d8) returned 0x0
[0138.284] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.284] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.284] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=125, color=0x28e6d8) returned 0x0
[0138.284] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.284] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.284] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=126, color=0x28e6d8) returned 0x0
[0138.284] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.284] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.285] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=127, color=0x28e6d8) returned 0x0
[0138.285] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.285] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.285] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=128, color=0x28e6d8) returned 0x0
[0138.285] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.285] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.285] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=129, color=0x28e6d8) returned 0x0
[0138.285] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.285] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.285] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=130, color=0x28e6d8) returned 0x0
[0138.285] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.285] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.285] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=131, color=0x28e6d8) returned 0x0
[0138.285] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.285] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.285] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=132, color=0x28e6d8) returned 0x0
[0138.286] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.286] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.286] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=133, color=0x28e6d8) returned 0x0
[0138.286] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.286] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.286] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=134, color=0x28e6d8) returned 0x0
[0138.286] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.286] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.286] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=135, color=0x28e6d8) returned 0x0
[0138.286] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.286] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.286] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=136, color=0x28e6d8) returned 0x0
[0138.286] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.286] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.286] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=137, color=0x28e6d8) returned 0x0
[0138.286] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.286] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.286] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=138, color=0x28e6d8) returned 0x0
[0138.287] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.287] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.287] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=139, color=0x28e6d8) returned 0x0
[0138.287] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.287] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.287] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=140, color=0x28e6d8) returned 0x0
[0138.287] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.291] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.291] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=141, color=0x28e6d8) returned 0x0
[0138.291] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.291] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.291] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=142, color=0x28e6d8) returned 0x0
[0138.291] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.292] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.292] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=143, color=0x28e6d8) returned 0x0
[0138.292] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.292] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.292] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=144, color=0x28e6d8) returned 0x0
[0138.292] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.292] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.292] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=145, color=0x28e6d8) returned 0x0
[0138.292] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.292] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.292] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=146, color=0x28e6d8) returned 0x0
[0138.292] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.292] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.292] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=147, color=0x28e6d8) returned 0x0
[0138.292] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.292] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.292] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=148, color=0x28e6d8) returned 0x0
[0138.293] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.293] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.293] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=149, color=0x28e6d8) returned 0x0
[0138.293] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.293] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.293] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=150, color=0x28e6d8) returned 0x0
[0138.293] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.293] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.293] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=151, color=0x28e6d8) returned 0x0
[0138.293] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.293] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.293] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=152, color=0x28e6d8) returned 0x0
[0138.293] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.293] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.293] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=153, color=0x28e6d8) returned 0x0
[0138.293] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.293] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.293] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=154, color=0x28e6d8) returned 0x0
[0138.294] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.294] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.294] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=155, color=0x28e6d8) returned 0x0
[0138.294] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.294] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.294] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=156, color=0x28e6d8) returned 0x0
[0138.294] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.294] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.294] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=157, color=0x28e6d8) returned 0x0
[0138.294] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.294] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.294] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=158, color=0x28e6d8) returned 0x0
[0138.294] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.294] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.294] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=159, color=0x28e6d8) returned 0x0
[0138.294] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.295] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.295] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=160, color=0x28e6d8) returned 0x0
[0138.295] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.295] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.295] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=161, color=0x28e6d8) returned 0x0
[0138.295] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.295] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.295] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=162, color=0x28e6d8) returned 0x0
[0138.295] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.295] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.295] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=163, color=0x28e6d8) returned 0x0
[0138.295] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.295] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.295] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=164, color=0x28e6d8) returned 0x0
[0138.295] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.295] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.295] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=165, color=0x28e6d8) returned 0x0
[0138.296] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.296] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.296] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=166, color=0x28e6d8) returned 0x0
[0138.296] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.296] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.296] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=167, color=0x28e6d8) returned 0x0
[0138.296] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.296] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.296] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=168, color=0x28e6d8) returned 0x0
[0138.296] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.296] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.296] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=169, color=0x28e6d8) returned 0x0
[0138.296] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.296] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.296] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=170, color=0x28e6d8) returned 0x0
[0138.296] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.296] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.296] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=171, color=0x28e6d8) returned 0x0
[0138.297] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.297] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.297] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=172, color=0x28e6d8) returned 0x0
[0138.297] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.297] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.297] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=173, color=0x28e6d8) returned 0x0
[0138.297] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.297] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.297] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=174, color=0x28e6d8) returned 0x0
[0138.297] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.297] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.297] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=175, color=0x28e6d8) returned 0x0
[0138.297] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.297] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.297] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=176, color=0x28e6d8) returned 0x0
[0138.298] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.298] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.298] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=177, color=0x28e6d8) returned 0x0
[0138.298] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.298] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.298] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=178, color=0x28e6d8) returned 0x0
[0138.298] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.298] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.298] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=179, color=0x28e6d8) returned 0x0
[0138.298] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.298] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.298] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=180, color=0x28e6d8) returned 0x0
[0138.300] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.300] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.300] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=181, color=0x28e6d8) returned 0x0
[0138.300] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.300] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.300] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=182, color=0x28e6d8) returned 0x0
[0138.300] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.300] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.300] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=183, color=0x28e6d8) returned 0x0
[0138.300] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.300] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.300] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=184, color=0x28e6d8) returned 0x0
[0138.300] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.300] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.300] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=185, color=0x28e6d8) returned 0x0
[0138.301] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.301] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.301] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=186, color=0x28e6d8) returned 0x0
[0138.301] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.301] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.301] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=187, color=0x28e6d8) returned 0x0
[0138.301] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.301] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.301] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=188, color=0x28e6d8) returned 0x0
[0138.301] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.301] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.301] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=189, color=0x28e6d8) returned 0x0
[0138.301] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.301] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.301] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=190, color=0x28e6d8) returned 0x0
[0138.302] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.302] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.302] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=191, color=0x28e6d8) returned 0x0
[0138.302] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.302] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.302] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=192, color=0x28e6d8) returned 0x0
[0138.302] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.302] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.302] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=193, color=0x28e6d8) returned 0x0
[0138.302] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.302] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.302] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=194, color=0x28e6d8) returned 0x0
[0138.302] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.302] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.302] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=195, color=0x28e6d8) returned 0x0
[0138.305] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.305] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.305] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=196, color=0x28e6d8) returned 0x0
[0138.305] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.305] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.305] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=197, color=0x28e6d8) returned 0x0
[0138.305] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.305] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.305] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=198, color=0x28e6d8) returned 0x0
[0138.305] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.306] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.306] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=199, color=0x28e6d8) returned 0x0
[0138.306] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.306] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.306] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=200, color=0x28e6d8) returned 0x0
[0138.306] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.306] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.306] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=201, color=0x28e6d8) returned 0x0
[0138.306] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.306] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.306] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=202, color=0x28e6d8) returned 0x0
[0138.306] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.306] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.306] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=203, color=0x28e6d8) returned 0x0
[0138.306] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.306] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.307] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=204, color=0x28e6d8) returned 0x0
[0138.307] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.307] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.307] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=205, color=0x28e6d8) returned 0x0
[0138.307] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.307] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.307] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=206, color=0x28e6d8) returned 0x0
[0138.307] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.307] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.307] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=207, color=0x28e6d8) returned 0x0
[0138.307] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.307] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.307] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=208, color=0x28e6d8) returned 0x0
[0138.307] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.307] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.307] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=209, color=0x28e6d8) returned 0x0
[0138.308] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.308] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.308] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=210, color=0x28e6d8) returned 0x0
[0138.308] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.308] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.308] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=211, color=0x28e6d8) returned 0x0
[0138.308] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.308] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.308] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=212, color=0x28e6d8) returned 0x0
[0138.308] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.308] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.308] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=213, color=0x28e6d8) returned 0x0
[0138.308] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.308] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.308] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=214, color=0x28e6d8) returned 0x0
[0138.308] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.308] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.308] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=215, color=0x28e6d8) returned 0x0
[0138.308] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.309] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.309] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=216, color=0x28e6d8) returned 0x0
[0138.309] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.309] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.309] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=217, color=0x28e6d8) returned 0x0
[0138.309] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.309] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.309] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=218, color=0x28e6d8) returned 0x0
[0138.309] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.309] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.309] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=219, color=0x28e6d8) returned 0x0
[0138.309] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.309] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.309] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=220, color=0x28e6d8) returned 0x0
[0138.309] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.309] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.309] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=221, color=0x28e6d8) returned 0x0
[0138.309] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.309] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.310] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=222, color=0x28e6d8) returned 0x0
[0138.310] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.310] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.310] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=223, color=0x28e6d8) returned 0x0
[0138.310] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.310] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.310] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=224, color=0x28e6d8) returned 0x0
[0138.310] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.310] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.310] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=225, color=0x28e6d8) returned 0x0
[0138.310] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.310] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.310] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=226, color=0x28e6d8) returned 0x0
[0138.310] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.310] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.310] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=227, color=0x28e6d8) returned 0x0
[0138.310] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.311] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.311] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=228, color=0x28e6d8) returned 0x0
[0138.311] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.311] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.311] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=229, color=0x28e6d8) returned 0x0
[0138.311] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.311] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.311] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=230, color=0x28e6d8) returned 0x0
[0138.311] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.311] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.311] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=231, color=0x28e6d8) returned 0x0
[0138.311] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.311] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.311] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=232, color=0x28e6d8) returned 0x0
[0138.311] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.311] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.311] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=233, color=0x28e6d8) returned 0x0
[0138.311] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.312] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.312] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=234, color=0x28e6d8) returned 0x0
[0138.312] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.312] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.312] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=235, color=0x28e6d8) returned 0x0
[0138.312] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.312] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.312] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=236, color=0x28e6d8) returned 0x0
[0138.312] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.312] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.312] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=237, color=0x28e6d8) returned 0x0
[0138.312] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.312] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.312] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=238, color=0x28e6d8) returned 0x0
[0138.312] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.312] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.312] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=239, color=0x28e6d8) returned 0x0
[0138.312] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.312] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.313] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=240, color=0x28e6d8) returned 0x0
[0138.313] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.313] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.313] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=241, color=0x28e6d8) returned 0x0
[0138.313] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.313] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.313] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=242, color=0x28e6d8) returned 0x0
[0138.313] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.313] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.313] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=243, color=0x28e6d8) returned 0x0
[0138.313] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.313] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.313] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=244, color=0x28e6d8) returned 0x0
[0138.313] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.313] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.313] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=245, color=0x28e6d8) returned 0x0
[0138.313] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.314] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.314] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=246, color=0x28e6d8) returned 0x0
[0138.314] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.314] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.314] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=247, color=0x28e6d8) returned 0x0
[0138.314] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.314] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.314] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=248, color=0x28e6d8) returned 0x0
[0138.314] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.314] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.314] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=249, color=0x28e6d8) returned 0x0
[0138.314] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.314] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.314] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=250, color=0x28e6d8) returned 0x0
[0138.314] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.314] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.314] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=251, color=0x28e6d8) returned 0x0
[0138.314] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.314] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.315] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=252, color=0x28e6d8) returned 0x0
[0138.315] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.315] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.315] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=253, color=0x28e6d8) returned 0x0
[0138.315] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.315] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.315] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=254, color=0x28e6d8) returned 0x0
[0138.315] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.315] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.315] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=255, color=0x28e6d8) returned 0x0
[0138.315] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.315] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.315] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=256, color=0x28e6d8) returned 0x0
[0138.315] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.315] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.315] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=257, color=0x28e6d8) returned 0x0
[0138.315] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.315] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.315] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=258, color=0x28e6d8) returned 0x0
[0138.316] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.316] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.316] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=259, color=0x28e6d8) returned 0x0
[0138.316] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.316] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.316] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=260, color=0x28e6d8) returned 0x0
[0138.316] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.316] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.316] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=261, color=0x28e6d8) returned 0x0
[0138.316] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.316] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.316] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=262, color=0x28e6d8) returned 0x0
[0138.316] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.316] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.316] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=263, color=0x28e6d8) returned 0x0
[0138.316] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.317] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.317] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=264, color=0x28e6d8) returned 0x0
[0138.317] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.317] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.317] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=265, color=0x28e6d8) returned 0x0
[0138.317] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.317] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.317] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=266, color=0x28e6d8) returned 0x0
[0138.317] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.317] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.317] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=267, color=0x28e6d8) returned 0x0
[0138.317] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.317] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.317] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=268, color=0x28e6d8) returned 0x0
[0138.318] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.318] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.318] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=269, color=0x28e6d8) returned 0x0
[0138.318] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.318] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.318] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=270, color=0x28e6d8) returned 0x0
[0138.318] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.318] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.318] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=271, color=0x28e6d8) returned 0x0
[0138.318] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.318] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.318] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=272, color=0x28e6d8) returned 0x0
[0138.318] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.318] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.319] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=273, color=0x28e6d8) returned 0x0
[0138.319] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.319] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.319] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=274, color=0x28e6d8) returned 0x0
[0138.319] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.319] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.319] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=275, color=0x28e6d8) returned 0x0
[0138.319] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.319] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.319] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=276, color=0x28e6d8) returned 0x0
[0138.319] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.319] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.319] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=277, color=0x28e6d8) returned 0x0
[0138.319] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.319] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.319] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=278, color=0x28e6d8) returned 0x0
[0138.319] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.319] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.320] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=279, color=0x28e6d8) returned 0x0
[0138.320] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.320] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.320] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=280, color=0x28e6d8) returned 0x0
[0138.320] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.320] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.320] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=281, color=0x28e6d8) returned 0x0
[0138.320] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.320] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.320] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=282, color=0x28e6d8) returned 0x0
[0138.320] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.320] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.320] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=283, color=0x28e6d8) returned 0x0
[0138.320] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.320] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.320] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=284, color=0x28e6d8) returned 0x0
[0138.320] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.320] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.320] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=285, color=0x28e6d8) returned 0x0
[0138.321] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.321] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.321] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=286, color=0x28e6d8) returned 0x0
[0138.321] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.321] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.321] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=287, color=0x28e6d8) returned 0x0
[0138.321] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.321] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.321] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=288, color=0x28e6d8) returned 0x0
[0138.321] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.321] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.321] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=289, color=0x28e6d8) returned 0x0
[0138.321] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.321] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.321] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=290, color=0x28e6d8) returned 0x0
[0138.321] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.321] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.321] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=291, color=0x28e6d8) returned 0x0
[0138.322] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.322] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.322] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=292, color=0x28e6d8) returned 0x0
[0138.322] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.322] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.322] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=293, color=0x28e6d8) returned 0x0
[0138.322] GdipGetImageWidth (image=0x75cb6d0, width=0x28e6c8) returned 0x0
[0138.322] GdipGetImageHeight (image=0x75cb6d0, height=0x28e6c8) returned 0x0
[0138.322] GdipBitmapGetPixel (bitmap=0x75cb6d0, x=216, y=294, color=0x28e6d8) returned 0x0
[0138.413] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6aa00, lpName=0x0) returned 0x250
[0138.413] memcpy (in: _Dst=0x5dd0000, _Src=0x34f7210, _Size=0x6aa00 | out: _Dst=0x5dd0000) returned 0x5dd0000
[0138.419] CloseHandle (hObject=0x250) returned 1
[0139.111] CoTaskMemAlloc (cb=0xd) returned 0x74d728
[0139.111] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x23a1e30, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0139.111] LoadLibraryA (lpLibFileName="kernel32") returned 0x75620000
[0139.112] CoTaskMemFree (pv=0x74d728)
[0139.123] CoTaskMemAlloc (cb=0x11) returned 0x744a88
[0139.123] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResumeThread", cchWideChar=12, lpMultiByteStr=0x23a1e68, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResumeThread", lpUsedDefaultChar=0x0) returned 12
[0139.123] GetProcAddress (hModule=0x75620000, lpProcName="ResumeThread") returned 0x756343a7
[0139.123] CoTaskMemFree (pv=0x744a88)
[0139.137] CoTaskMemAlloc (cb=0xd) returned 0x74d740
[0139.137] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x23a1f24, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0139.137] LoadLibraryA (lpLibFileName="kernel32") returned 0x75620000
[0139.137] CoTaskMemFree (pv=0x74d740)
[0139.137] CoTaskMemAlloc (cb=0x1a) returned 0x747338
[0139.137] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64SetThreadContext", cchWideChar=21, lpMultiByteStr=0x23a1f5c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64SetThreadContext", lpUsedDefaultChar=0x0) returned 21
[0139.138] GetProcAddress (hModule=0x75620000, lpProcName="Wow64SetThreadContext") returned 0x756b5933
[0139.138] CoTaskMemFree (pv=0x747338)
[0139.150] CoTaskMemAlloc (cb=0xd) returned 0x74d728
[0139.150] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x23a2028, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0139.151] LoadLibraryA (lpLibFileName="kernel32") returned 0x75620000
[0139.151] CoTaskMemFree (pv=0x74d728)
[0139.151] CoTaskMemAlloc (cb=0x15) returned 0x744a88
[0139.151] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetThreadContext", cchWideChar=16, lpMultiByteStr=0x23a2060, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetThreadContext", lpUsedDefaultChar=0x0) returned 16
[0139.151] GetProcAddress (hModule=0x75620000, lpProcName="SetThreadContext") returned 0x756b5933
[0139.151] CoTaskMemFree (pv=0x744a88)
[0139.154] CoTaskMemAlloc (cb=0xd) returned 0x74d728
[0139.154] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x23a2128, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0139.154] LoadLibraryA (lpLibFileName="kernel32") returned 0x75620000
[0139.154] CoTaskMemFree (pv=0x74d728)
[0139.155] CoTaskMemAlloc (cb=0x1a) returned 0x747338
[0139.155] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64GetThreadContext", cchWideChar=21, lpMultiByteStr=0x23a2160, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64GetThreadContext", lpUsedDefaultChar=0x0) returned 21
[0139.155] GetProcAddress (hModule=0x75620000, lpProcName="Wow64GetThreadContext") returned 0x7565799c
[0139.155] CoTaskMemFree (pv=0x747338)
[0139.157] CoTaskMemAlloc (cb=0xd) returned 0x74d728
[0139.157] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x23a222c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0139.157] LoadLibraryA (lpLibFileName="kernel32") returned 0x75620000
[0139.158] CoTaskMemFree (pv=0x74d728)
[0139.158] CoTaskMemAlloc (cb=0x15) returned 0x744a88
[0139.158] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetThreadContext", cchWideChar=16, lpMultiByteStr=0x23a2264, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThreadContext", lpUsedDefaultChar=0x0) returned 16
[0139.158] GetProcAddress (hModule=0x75620000, lpProcName="GetThreadContext") returned 0x7565799c
[0139.158] CoTaskMemFree (pv=0x744a88)
[0139.160] CoTaskMemAlloc (cb=0xd) returned 0x74d728
[0139.160] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x23a2320, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0139.160] LoadLibraryA (lpLibFileName="kernel32") returned 0x75620000
[0139.160] CoTaskMemFree (pv=0x74d728)
[0139.160] CoTaskMemAlloc (cb=0x13) returned 0x744ae8
[0139.160] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VirtualAllocEx", cchWideChar=14, lpMultiByteStr=0x23a2358, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VirtualAllocEx", lpUsedDefaultChar=0x0) returned 14
[0139.161] GetProcAddress (hModule=0x75620000, lpProcName="VirtualAllocEx") returned 0x7564d980
[0139.161] CoTaskMemFree (pv=0x744ae8)
[0139.173] CoTaskMemAlloc (cb=0xd) returned 0x74d740
[0139.173] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x23a2414, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0139.173] LoadLibraryA (lpLibFileName="kernel32") returned 0x75620000
[0139.174] CoTaskMemFree (pv=0x74d740)
[0139.174] CoTaskMemAlloc (cb=0x17) returned 0x744a88
[0139.174] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WriteProcessMemory", cchWideChar=18, lpMultiByteStr=0x23a244c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WriteProcessMemory", lpUsedDefaultChar=0x0) returned 18
[0139.174] GetProcAddress (hModule=0x75620000, lpProcName="WriteProcessMemory") returned 0x7564d9b0
[0139.174] CoTaskMemFree (pv=0x744a88)
[0139.185] CoTaskMemAlloc (cb=0xd) returned 0x74d728
[0139.185] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x23a2510, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0139.185] LoadLibraryA (lpLibFileName="kernel32") returned 0x75620000
[0139.185] CoTaskMemFree (pv=0x74d728)
[0139.185] CoTaskMemAlloc (cb=0x16) returned 0x744ae8
[0139.185] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ReadProcessMemory", cchWideChar=17, lpMultiByteStr=0x23a2548, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadProcessMemory", lpUsedDefaultChar=0x0) returned 17
[0139.185] GetProcAddress (hModule=0x75620000, lpProcName="ReadProcessMemory") returned 0x7564cfa4
[0139.185] CoTaskMemFree (pv=0x744ae8)
[0139.197] CoTaskMemAlloc (cb=0xa) returned 0x74d740
[0139.197] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ntdll", cchWideChar=5, lpMultiByteStr=0x23a2608, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ntdll", lpUsedDefaultChar=0x0) returned 5
[0139.197] LoadLibraryA (lpLibFileName="ntdll") returned 0x77150000
[0139.197] CoTaskMemFree (pv=0x74d740)
[0139.197] CoTaskMemAlloc (cb=0x19) returned 0x747338
[0139.198] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ZwUnmapViewOfSection", cchWideChar=20, lpMultiByteStr=0x23a2634, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ZwUnmapViewOfSection", lpUsedDefaultChar=0x0) returned 20
[0139.198] GetProcAddress (hModule=0x77150000, lpProcName="ZwUnmapViewOfSection") returned 0x7716fc70
[0139.198] CoTaskMemFree (pv=0x747338)
[0139.207] CoTaskMemAlloc (cb=0xd) returned 0x74d740
[0139.207] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x23a26fc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0139.207] LoadLibraryA (lpLibFileName="kernel32") returned 0x75620000
[0139.208] CoTaskMemFree (pv=0x74d740)
[0139.208] CoTaskMemAlloc (cb=0x13) returned 0x744ae8
[0139.208] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateProcessA", cchWideChar=14, lpMultiByteStr=0x23a2734, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateProcessA", lpUsedDefaultChar=0x0) returned 14
[0139.208] GetProcAddress (hModule=0x75620000, lpProcName="CreateProcessA") returned 0x75631072
[0139.208] CoTaskMemFree (pv=0x744ae8)
[0139.258] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe", nBufferLength=0x105, lpBuffer=0x28dcec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe", lpFilePart=0x0) returned 0x5f
[0139.270] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="egucnpqep") returned 0x0
[0139.307] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="egucnpqep") returned 0x250
[0139.356] GetCurrentProcess () returned 0xffffffff
[0139.357] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28e1d8 | out: TokenHandle=0x28e1d8*=0x268) returned 1
[0139.363] GetTokenInformation (in: TokenHandle=0x268, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x28e1e4 | out: TokenInformation=0x0, ReturnLength=0x28e1e4) returned 0
[0139.364] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x5d33878
[0139.364] GetTokenInformation (in: TokenHandle=0x268, TokenInformationClass=0x8, TokenInformation=0x5d33878, TokenInformationLength=0x4, ReturnLength=0x28e1e4 | out: TokenInformation=0x5d33878, ReturnLength=0x28e1e4) returned 1
[0139.383] LocalFree (hMem=0x5d33878) returned 0x0
[0139.385] DuplicateTokenEx (in: hExistingToken=0x268, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x28e1ec | out: phNewToken=0x28e1ec*=0x26c) returned 1
[0139.385] CheckTokenMembership (in: TokenHandle=0x26c, SidToCheck=0x23a48b4*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x28e1fc | out: IsMember=0x28e1fc) returned 1
[0139.385] CloseHandle (hObject=0x26c) returned 1
[0139.447] LocalAlloc (uFlags=0x0, uBytes=0x16) returned 0x744928
[0139.447] LocalAlloc (uFlags=0x0, uBytes=0x104) returned 0x733ed0
[0139.454] ShellExecuteExW (in: pExecInfo=0x23be0b0*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="powershell", lpParameters="Add-MpPreference -ExclusionPath \"C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe\"", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x23be0b0*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="powershell", lpParameters="Add-MpPreference -ExclusionPath \"C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe\"", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x3b8)) returned 1
[0149.076] LocalFree (hMem=0x744928) returned 0x0
[0149.076] LocalFree (hMem=0x733ed0) returned 0x0
[0149.081] CoTaskMemAlloc (cb=0x20c) returned 0x779c30
[0149.082] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x779c30 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0
[0149.082] CoTaskMemFree (pv=0x779c30)
[0149.082] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x28dcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22
[0149.090] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe", nBufferLength=0x105, lpBuffer=0x28dd64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe", lpFilePart=0x0) returned 0x2f
[0149.090] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28dfa4) returned 1
[0149.091] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\zwllfjvv.exe"), fInfoLevelId=0x0, lpFileInformation=0x28e268 | out: lpFileInformation=0x28e268*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0149.091] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28dfa0) returned 1
[0149.430] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe", nBufferLength=0x105, lpBuffer=0x28dd18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe", lpFilePart=0x0) returned 0x2f
[0149.479] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe", nBufferLength=0x105, lpBuffer=0x28dd28, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe", lpFilePart=0x0) returned 0x2f
[0149.499] SetNamedSecurityInfoW () returned 0x2
[0149.906] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe", nBufferLength=0x105, lpBuffer=0x28dd1c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe", lpFilePart=0x0) returned 0x5f
[0149.906] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe", nBufferLength=0x105, lpBuffer=0x28dd1c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe", lpFilePart=0x0) returned 0x2f
[0149.906] CopyFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\zwllfjvv.exe"), bFailIfExists=1) returned 1
[0149.975] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe", nBufferLength=0x105, lpBuffer=0x28dce0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe", lpFilePart=0x0) returned 0x2f
[0149.976] GetUserNameW (in: lpBuffer=0x28dfac, pcbBuffer=0x28e224 | out: lpBuffer="kEecfMwgj", pcbBuffer=0x28e224) returned 1
[0149.994] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe", dwFileAttributes=0x2007) returned 1
[0150.021] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x28e040, DesiredAccess=0x800, PolicyHandle=0x28e000 | out: PolicyHandle=0x28e000) returned 0x0
[0150.023] CoTaskMemAlloc (cb=0x8) returned 0x5d33878
[0150.024] CoTaskMemAlloc (cb=0x14) returned 0x744968
[0150.025] LsaLookupNames2 (in: PolicyHandle=0x744ac8, Flags=0x0, Count=0x1, Names="kEecfMwgj", ReferencedDomains=0x28e014, Sids=0x28e008 | out: ReferencedDomains=0x28e014, Sids=0x28e008) returned 0x0
[0150.027] CoTaskMemFree (pv=0x744968)
[0150.027] CoTaskMemFree (pv=0x5d33878)
[0150.063] LsaClose (ObjectHandle=0x744ac8) returned 0x0
[0150.064] LsaFreeMemory (Buffer=0x746770) returned 0x0
[0150.064] LsaFreeMemory (Buffer=0x6fd3f0) returned 0x0
[0150.065] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x28e040, DesiredAccess=0x800, PolicyHandle=0x28e000 | out: PolicyHandle=0x28e000) returned 0x0
[0150.065] CoTaskMemAlloc (cb=0x8) returned 0x5d33878
[0150.065] CoTaskMemAlloc (cb=0x14) returned 0x744968
[0150.066] LsaLookupNames2 (in: PolicyHandle=0x744ac8, Flags=0x0, Count=0x1, Names="kEecfMwgj", ReferencedDomains=0x28e014, Sids=0x28e008 | out: ReferencedDomains=0x28e014, Sids=0x28e008) returned 0x0
[0150.066] CoTaskMemFree (pv=0x744968)
[0150.066] CoTaskMemFree (pv=0x5d33878)
[0150.066] LsaClose (ObjectHandle=0x744ac8) returned 0x0
[0150.067] LsaFreeMemory (Buffer=0x746770) returned 0x0
[0150.067] LsaFreeMemory (Buffer=0x6fd3f0) returned 0x0
[0150.072] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x28e030, DesiredAccess=0x800, PolicyHandle=0x28dff0 | out: PolicyHandle=0x28dff0) returned 0x0
[0150.073] CoTaskMemAlloc (cb=0x8) returned 0x5d33878
[0150.073] CoTaskMemAlloc (cb=0x14) returned 0x744968
[0150.073] LsaLookupNames2 (in: PolicyHandle=0x744ac8, Flags=0x0, Count=0x1, Names="kEecfMwgj", ReferencedDomains=0x28e004, Sids=0x28dff8 | out: ReferencedDomains=0x28e004, Sids=0x28dff8) returned 0x0
[0150.074] CoTaskMemFree (pv=0x744968)
[0150.074] CoTaskMemFree (pv=0x5d33878)
[0150.074] LsaClose (ObjectHandle=0x744ac8) returned 0x0
[0150.074] LsaFreeMemory (Buffer=0x746770) returned 0x0
[0150.074] LsaFreeMemory (Buffer=0x6fd3f0) returned 0x0
[0150.075] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x28e040, DesiredAccess=0x800, PolicyHandle=0x28e000 | out: PolicyHandle=0x28e000) returned 0x0
[0150.075] CoTaskMemAlloc (cb=0x8) returned 0x5d33878
[0150.075] CoTaskMemAlloc (cb=0x14) returned 0x744968
[0150.076] LsaLookupNames2 (in: PolicyHandle=0x744ac8, Flags=0x0, Count=0x1, Names="kEecfMwgj", ReferencedDomains=0x28e014, Sids=0x28e008 | out: ReferencedDomains=0x28e014, Sids=0x28e008) returned 0x0
[0150.076] CoTaskMemFree (pv=0x744968)
[0150.076] CoTaskMemFree (pv=0x5d33878)
[0150.076] LsaClose (ObjectHandle=0x744ac8) returned 0x0
[0150.077] LsaFreeMemory (Buffer=0x746770) returned 0x0
[0150.077] LsaFreeMemory (Buffer=0x6fd3f0) returned 0x0
[0150.079] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x28e040, DesiredAccess=0x800, PolicyHandle=0x28e000 | out: PolicyHandle=0x28e000) returned 0x0
[0150.102] CoTaskMemAlloc (cb=0x8) returned 0x5d33878
[0150.102] CoTaskMemAlloc (cb=0x14) returned 0x744968
[0150.102] LsaLookupNames2 (in: PolicyHandle=0x744ac8, Flags=0x0, Count=0x1, Names="kEecfMwgj", ReferencedDomains=0x28e014, Sids=0x28e008 | out: ReferencedDomains=0x28e014, Sids=0x28e008) returned 0x0
[0150.102] CoTaskMemFree (pv=0x744968)
[0150.102] CoTaskMemFree (pv=0x5d33878)
[0150.103] LsaClose (ObjectHandle=0x744ac8) returned 0x0
[0150.103] LsaFreeMemory (Buffer=0x746770) returned 0x0
[0150.103] LsaFreeMemory (Buffer=0x6fd3f0) returned 0x0
[0150.104] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x28e040, DesiredAccess=0x800, PolicyHandle=0x28e000 | out: PolicyHandle=0x28e000) returned 0x0
[0150.104] CoTaskMemAlloc (cb=0x8) returned 0x5d33878
[0150.104] CoTaskMemAlloc (cb=0x14) returned 0x744968
[0150.104] LsaLookupNames2 (in: PolicyHandle=0x744ac8, Flags=0x0, Count=0x1, Names="kEecfMwgj", ReferencedDomains=0x28e014, Sids=0x28e008 | out: ReferencedDomains=0x28e014, Sids=0x28e008) returned 0x0
[0150.105] CoTaskMemFree (pv=0x744968)
[0150.105] CoTaskMemFree (pv=0x5d33878)
[0150.105] LsaClose (ObjectHandle=0x744ac8) returned 0x0
[0150.105] LsaFreeMemory (Buffer=0x746770) returned 0x0
[0150.105] LsaFreeMemory (Buffer=0x6fd3f0) returned 0x0
[0150.106] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x28e030, DesiredAccess=0x800, PolicyHandle=0x28dff0 | out: PolicyHandle=0x28dff0) returned 0x0
[0150.106] CoTaskMemAlloc (cb=0x8) returned 0x5d33878
[0150.106] CoTaskMemAlloc (cb=0x14) returned 0x744968
[0150.106] LsaLookupNames2 (in: PolicyHandle=0x744ac8, Flags=0x0, Count=0x1, Names="kEecfMwgj", ReferencedDomains=0x28e004, Sids=0x28dff8 | out: ReferencedDomains=0x28e004, Sids=0x28dff8) returned 0x0
[0150.107] CoTaskMemFree (pv=0x744968)
[0150.107] CoTaskMemFree (pv=0x5d33878)
[0150.107] LsaClose (ObjectHandle=0x744ac8) returned 0x0
[0150.107] LsaFreeMemory (Buffer=0x746770) returned 0x0
[0150.107] LsaFreeMemory (Buffer=0x6fd3f0) returned 0x0
[0150.108] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x28e040, DesiredAccess=0x800, PolicyHandle=0x28e000 | out: PolicyHandle=0x28e000) returned 0x0
[0150.108] CoTaskMemAlloc (cb=0x8) returned 0x5d33878
[0150.108] CoTaskMemAlloc (cb=0x14) returned 0x744968
[0150.108] LsaLookupNames2 (in: PolicyHandle=0x744ac8, Flags=0x0, Count=0x1, Names="kEecfMwgj", ReferencedDomains=0x28e014, Sids=0x28e008 | out: ReferencedDomains=0x28e014, Sids=0x28e008) returned 0x0
[0150.109] CoTaskMemFree (pv=0x744968)
[0150.109] CoTaskMemFree (pv=0x5d33878)
[0150.109] LsaClose (ObjectHandle=0x744ac8) returned 0x0
[0150.109] LsaFreeMemory (Buffer=0x746770) returned 0x0
[0150.109] LsaFreeMemory (Buffer=0x6fd3f0) returned 0x0
[0150.110] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x28e040, DesiredAccess=0x800, PolicyHandle=0x28e000 | out: PolicyHandle=0x28e000) returned 0x0
[0150.110] CoTaskMemAlloc (cb=0x8) returned 0x5d33878
[0150.110] CoTaskMemAlloc (cb=0x14) returned 0x744968
[0150.110] LsaLookupNames2 (in: PolicyHandle=0x744ac8, Flags=0x0, Count=0x1, Names="kEecfMwgj", ReferencedDomains=0x28e014, Sids=0x28e008 | out: ReferencedDomains=0x28e014, Sids=0x28e008) returned 0x0
[0150.111] CoTaskMemFree (pv=0x744968)
[0150.111] CoTaskMemFree (pv=0x5d33878)
[0150.111] LsaClose (ObjectHandle=0x744ac8) returned 0x0
[0150.111] LsaFreeMemory (Buffer=0x746770) returned 0x0
[0150.111] LsaFreeMemory (Buffer=0x6fd3f0) returned 0x0
[0150.111] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe", nBufferLength=0x105, lpBuffer=0x28dcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe", lpFilePart=0x0) returned 0x2f
[0150.111] SetNamedSecurityInfoW () returned 0x0
[0150.135] GetCurrentProcess () returned 0xffffffff
[0150.136] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28e148 | out: TokenHandle=0x28e148*=0x388) returned 1
[0150.136] GetTokenInformation (in: TokenHandle=0x388, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x28e154 | out: TokenInformation=0x0, ReturnLength=0x28e154) returned 0
[0150.137] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x5d33878
[0150.137] GetTokenInformation (in: TokenHandle=0x388, TokenInformationClass=0x8, TokenInformation=0x5d33878, TokenInformationLength=0x4, ReturnLength=0x28e154 | out: TokenInformation=0x5d33878, ReturnLength=0x28e154) returned 1
[0150.137] LocalFree (hMem=0x5d33878) returned 0x0
[0150.137] DuplicateTokenEx (in: hExistingToken=0x388, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x28e15c | out: phNewToken=0x28e15c*=0x278) returned 1
[0150.137] CheckTokenMembership (in: TokenHandle=0x278, SidToCheck=0x23c779c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x28e16c | out: IsMember=0x28e16c) returned 1
[0150.137] CloseHandle (hObject=0x278) returned 1
[0150.138] LocalAlloc (uFlags=0x0, uBytes=0x16) returned 0x744ac8
[0150.138] LocalAlloc (uFlags=0x0, uBytes=0xa4) returned 0x7315f0
[0150.138] ShellExecuteExW (in: pExecInfo=0x23c7a98*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="powershell", lpParameters="Add-MpPreference -ExclusionPath \"C:\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe\"", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x23c7a98*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="powershell", lpParameters="Add-MpPreference -ExclusionPath \"C:\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe\"", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x3cc)) returned 1
[0150.267] LocalFree (hMem=0x744ac8) returned 0x0
[0150.268] LocalFree (hMem=0x7315f0) returned 0x0
[0150.271] GetCurrentProcess () returned 0xffffffff
[0150.271] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28e194 | out: TokenHandle=0x28e194*=0x278) returned 1
[0150.271] GetCurrentProcess () returned 0xffffffff
[0150.272] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28e174 | out: TokenHandle=0x28e174*=0x364) returned 1
[0150.273] GetTokenInformation (in: TokenHandle=0x278, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x28e1a8 | out: TokenInformation=0x0, ReturnLength=0x28e1a8) returned 0
[0150.273] LocalAlloc (uFlags=0x0, uBytes=0x24) returned 0x752808
[0150.273] GetTokenInformation (in: TokenHandle=0x278, TokenInformationClass=0x1, TokenInformation=0x752808, TokenInformationLength=0x24, ReturnLength=0x28e1a8 | out: TokenInformation=0x752808, ReturnLength=0x28e1a8) returned 1
[0150.274] LocalFree (hMem=0x752808) returned 0x0
[0150.274] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x28e0d0, DesiredAccess=0x800, PolicyHandle=0x28e090 | out: PolicyHandle=0x28e090) returned 0x0
[0150.276] LsaLookupSids (in: PolicyHandle=0x744ac8, Count=0x1, Sids=0x23c7d6c*=0x23c7d10*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), ReferencedDomains=0x28e0ac, Names=0x28e0a0 | out: ReferencedDomains=0x28e0ac, Names=0x28e0a0) returned 0x0
[0150.278] LsaClose (ObjectHandle=0x744ac8) returned 0x0
[0150.278] LsaFreeMemory (Buffer=0x746770) returned 0x0
[0150.278] LsaFreeMemory (Buffer=0x752808) returned 0x0
[0150.279] CloseHandle (hObject=0x364) returned 1
[0150.283] CoTaskMemAlloc (cb=0x20c) returned 0x779c30
[0150.283] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x779c30 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned 0x25
[0150.283] CoTaskMemFree (pv=0x779c30)
[0150.283] GetLongPathNameW (in: lpszShortPath="C:\\Users\\KEECFM~1\\", lpszLongPath=0x28dcbc, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\kEecfMwgj\\") returned 0x13
[0150.284] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x28dcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x26
[0150.284] CoTaskMemAlloc (cb=0x20c) returned 0x779c30
[0150.284] GetTempFileNameW (in: lpPathName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", lpPrefixString="tmp", uUnique=0x0, lpTempFileName=0x779c30 | out: lpTempFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9370.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\tmp9370.tmp")) returned 0x9370
[0150.286] CoTaskMemFree (pv=0x779c30)
[0150.291] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9370.tmp", nBufferLength=0x105, lpBuffer=0x28db84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9370.tmp", lpFilePart=0x0) returned 0x31
[0150.291] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28e09c) returned 1
[0150.291] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9370.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\tmp9370.tmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x364
[0150.292] GetFileType (hFile=0x364) returned 0x1
[0150.292] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28e098) returned 1
[0150.292] GetFileType (hFile=0x364) returned 0x1
[0150.294] WriteFile (in: hFile=0x364, lpBuffer=0x23cbc10*, nNumberOfBytesToWrite=0x63c, lpNumberOfBytesWritten=0x28e128, lpOverlapped=0x0 | out: lpBuffer=0x23cbc10*, lpNumberOfBytesWritten=0x28e128*=0x63c, lpOverlapped=0x0) returned 1
[0150.295] CloseHandle (hObject=0x364) returned 1
[0150.296] LocalAlloc (uFlags=0x0, uBytes=0x1a) returned 0x7a0b30
[0150.296] LocalAlloc (uFlags=0x0, uBytes=0xb0) returned 0x737830
[0150.296] ShellExecuteExW (in: pExecInfo=0x23cceac*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/Create /TN \"Updates\\zwLLFjVv\" /XML \"C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9370.tmp\"", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x23cceac*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/Create /TN \"Updates\\zwLLFjVv\" /XML \"C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9370.tmp\"", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x384)) returned 1
[0150.359] LocalFree (hMem=0x7a0b30) returned 0x0
[0150.360] LocalFree (hMem=0x737830) returned 0x0
[0150.364] GetCurrentProcess () returned 0xffffffff
[0150.364] GetCurrentProcess () returned 0xffffffff
[0150.365] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x384, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x28e188, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x28e188*=0x3c8) returned 1
[0150.366] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x28e180*=0x3c8, lpdwindex=0x28dfa4 | out: lpdwindex=0x28dfa4) returned 0x0
[0153.642] CloseHandle (hObject=0x3c8) returned 1
[0153.642] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9370.tmp", nBufferLength=0x105, lpBuffer=0x28dce0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9370.tmp", lpFilePart=0x0) returned 0x31
[0153.642] DeleteFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9370.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\tmp9370.tmp")) returned 1
[0154.315] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x36600, lpName=0x0) returned 0x268
[0154.316] memcpy (in: _Dst=0x4b30000, _Src=0x33cc2e8, _Size=0x36600 | out: _Dst=0x4b30000) returned 0x4b30000
[0154.319] CloseHandle (hObject=0x268) returned 1
[0154.429] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe", nBufferLength=0x105, lpBuffer=0x28dc34, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe", lpFilePart=0x0) returned 0x5f
[0154.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x28d6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e
[0154.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe", cchWideChar=95, lpMultiByteStr=0x28def4, cbMultiByte=97, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe", lpUsedDefaultChar=0x0) returned 95
[0154.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x28def0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="¼â%\x02C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe", lpUsedDefaultChar=0x0) returned 0
[0154.675] CreateProcessA (in: lpApplicationName="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x28dfb4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x28e1b8 | out: lpCommandLine="", lpProcessInformation=0x28e1b8*(hProcess=0x278, hThread=0x268, dwProcessId=0x8b8, dwThreadId=0xa20)) returned 1
[0154.728] CoTaskMemFree (pv=0x0)
[0154.777] GetThreadContext (in: hThread=0x268, lpContext=0x2380390 | out: lpContext=0x2380390*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x37990e, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0154.778] ReadProcessMemory (in: hProcess=0x278, lpBaseAddress=0x7efde008, lpBuffer=0x28e248, nSize=0x4, lpNumberOfBytesRead=0x28e280 | out: lpBuffer=0x28e248*, lpNumberOfBytesRead=0x28e280*=0x4) returned 1
[0154.781] VirtualAllocEx (hProcess=0x278, lpAddress=0x400000, dwSize=0x3a000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0154.783] WriteProcessMemory (in: hProcess=0x278, lpBaseAddress=0x400000, lpBuffer=0x3437128*, nSize=0x200, lpNumberOfBytesWritten=0x28e280 | out: lpBuffer=0x3437128*, lpNumberOfBytesWritten=0x28e280*=0x200) returned 1
[0154.790] WriteProcessMemory (in: hProcess=0x278, lpBaseAddress=0x402000, lpBuffer=0x346b948*, nSize=0x33e00, lpNumberOfBytesWritten=0x28e280 | out: lpBuffer=0x346b948*, lpNumberOfBytesWritten=0x28e280*=0x33e00) returned 1
[0154.853] WriteProcessMemory (in: hProcess=0x278, lpBaseAddress=0x436000, lpBuffer=0x2380668*, nSize=0x600, lpNumberOfBytesWritten=0x28e280 | out: lpBuffer=0x2380668*, lpNumberOfBytesWritten=0x28e280*=0x600) returned 1
[0154.860] WriteProcessMemory (in: hProcess=0x278, lpBaseAddress=0x438000, lpBuffer=0x2380c74*, nSize=0x200, lpNumberOfBytesWritten=0x28e280 | out: lpBuffer=0x2380c74*, lpNumberOfBytesWritten=0x28e280*=0x200) returned 1
[0154.867] WriteProcessMemory (in: hProcess=0x278, lpBaseAddress=0x7efde008, lpBuffer=0x2380e80*, nSize=0x4, lpNumberOfBytesWritten=0x28e280 | out: lpBuffer=0x2380e80*, lpNumberOfBytesWritten=0x28e280*=0x4) returned 1
[0154.868] SetThreadContext (hThread=0x268, lpContext=0x2380390*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x435cce, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0154.868] ResumeThread (hThread=0x268) returned 0x1
[0155.386] CoGetContextToken (in: pToken=0x28e630 | out: pToken=0x28e630) returned 0x0
[0155.386] CObjectContext::QueryInterface () returned 0x0
[0155.386] CObjectContext::GetCurrentThreadType () returned 0x0
[0155.386] Release () returned 0x0
[0155.388] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0x6d4180*=0xac, lpdwindex=0x28e4dc | out: lpdwindex=0x28e4dc) returned 0x0
Thread:
id = 2
os_tid = 0x9d8
Thread:
id = 3
os_tid = 0x9dc
[0067.215] CoGetContextToken (in: pToken=0x1fef65c | out: pToken=0x1fef65c) returned 0x800401f0
[0067.215] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0154.199] CloseHandle (hObject=0x388) returned 1
[0154.199] CloseHandle (hObject=0x3cc) returned 1
[0154.201] CloseHandle (hObject=0x3b8) returned 1
[0154.202] CloseHandle (hObject=0x384) returned 1
[0154.203] CloseHandle (hObject=0x278) returned 1
[0154.203] CloseHandle (hObject=0x268) returned 1
[0155.435] SetWindowLongW (hWnd=0xa0066, nIndex=-4, dwNewLong=1998071261) returned 4327678
[0155.437] SetClassLongW (hWnd=0xa0066, nIndex=-24, dwNewLong=1998071261) returned 0x4208d6
[0155.438] PostMessageW (hWnd=0xa0066, Msg=0x10, wParam=0x0, lParam=0x0) returned 1
[0155.439] GetModuleHandleW (lpModuleName=0x0) returned 0x2c0000
[0155.439] UnregisterClassW (lpClassName="WindowsForms10.Window.8.app.0.141b42a_r14_ad1", hInstance=0x2c0000) returned 0
[0155.443] IsWindow (hWnd=0x50070) returned 1
[0155.444] GetModuleHandleW (lpModuleName="user32.dll") returned 0x74f70000
[0155.445] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x1fef3dc, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW`oÒB\x80$DþÊq\\öþ\x01\x01", lpUsedDefaultChar=0x0) returned 14
[0155.445] GetProcAddress (hModule=0x74f70000, lpProcName="DefWindowProcW") returned 0x771825dd
[0155.446] SetWindowLongW (hWnd=0x50070, nIndex=-4, dwNewLong=1998071261) returned 4327758
[0155.446] SetClassLongW (hWnd=0x50070, nIndex=-24, dwNewLong=1998071261) returned 0x42094e
[0155.446] IsWindow (hWnd=0x50070) returned 1
[0155.447] DestroyWindow (hWnd=0x50070) returned 0
[0155.447] PostMessageW (hWnd=0x50070, Msg=0x10, wParam=0x0, lParam=0x0) returned 1
[0155.447] SetConsoleCtrlHandler (HandlerRoutine=0x420926, Add=0) returned 1
[0155.448] EtwEventUnregister () returned 0x0
[0155.471] GdipDeleteFont (font=0x7440ee0) returned 0x0
[0155.471] GdipDeleteFont (font=0x7440eb8) returned 0x0
[0155.472] GdipDeleteFont (font=0x7440e90) returned 0x0
[0155.499] GdipDeleteFont (font=0x7440e68) returned 0x0
[0155.500] GdipDisposeImage (image=0x75cb6d0) returned 0x0
[0155.507] CloseHandle (hObject=0x40) returned 1
[0155.509] DeleteObject (ho=0x170a071a) returned 1
[0155.545] DeleteDC (hdc=0x14010b5d) returned 1
[0155.548] DeleteObject (ho=0x2c0a018b) returned 1
[0155.549] RestoreDC (hdc=0x0, nSavedDC=-1) returned 0
[0155.552] CloseHandle (hObject=0x250) returned 1
[0155.553] RegCloseKey (hKey=0x80000004) returned 0x0
Thread:
id = 4
os_tid = 0x9e0
Thread:
id = 5
os_tid = 0xa2c
Thread:
id = 6
os_tid = 0xa38
Thread:
id = 7
os_tid = 0xa3c
Thread:
id = 8
os_tid = 0xa68
[0139.323] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0139.391] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x7f5effc | out: lpLuid=0x7f5effc*(LowPart=0x14, HighPart=0)) returned 1
[0139.396] GetCurrentProcess () returned 0xffffffff
[0139.397] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x7f5eff8 | out: TokenHandle=0x7f5eff8*=0x278) returned 1
[0139.397] AdjustTokenPrivileges (in: TokenHandle=0x278, DisableAllPrivileges=0, NewState=0x23a4b4c*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
[0139.398] CloseHandle (hObject=0x278) returned 1
[0139.407] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3561c30, Length=0x20000, ResultLength=0x7f5f6e0 | out: SystemInformation=0x3561c30, ResultLength=0x7f5f6e0*=0xc288) returned 0x0
[0151.178] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3561c30, Length=0x20000, ResultLength=0x7f5f6e0 | out: SystemInformation=0x3561c30, ResultLength=0x7f5f6e0*=0xc980) returned 0x0
[0153.607] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3561c30, Length=0x20000, ResultLength=0x7f5f6e0 | out: SystemInformation=0x3561c30, ResultLength=0x7f5f6e0*=0xc858) returned 0x0
Thread:
id = 9
os_tid = 0xab0
Thread:
id = 11
os_tid = 0xb60
Thread:
id = 15
os_tid = 0x87c
Thread:
id = 23
os_tid = 0x820
[0155.139] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0155.140] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3561c30, Length=0x20000, ResultLength=0x7e2f060 | out: SystemInformation=0x3561c30, ResultLength=0x7e2f060*=0xca20) returned 0x0
Thread:
id = 24
os_tid = 0x9a0
Process:
id = "2"
image_name = "powershell.exe"
filename = "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe"
page_root = "0x3e0e4000"
os_pid = "0xab8"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0x9d0"
cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" Add-MpPreference -ExclusionPath \"C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe\""
cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f2de" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1476
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1477
start_va = 0x30000
end_va = 0x9afff
monitored = 0
entry_point = 0x3d330
region_type = mapped_file
name = "powershell.exe"
filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")
Region:
id = 1478
start_va = 0xa0000
end_va = 0xa1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000a0000"
filename = ""
Region:
id = 1479
start_va = 0xb0000
end_va = 0xb0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1480
start_va = 0xc0000
end_va = 0xc3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 1481
start_va = 0xd0000
end_va = 0xd0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 1482
start_va = 0x110000
end_va = 0x14ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000110000"
filename = ""
Region:
id = 1483
start_va = 0x2a0000
end_va = 0x2dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002a0000"
filename = ""
Region:
id = 1484
start_va = 0x76f70000
end_va = 0x77118fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1485
start_va = 0x77150000
end_va = 0x772cffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 1486
start_va = 0x7efb0000
end_va = 0x7efd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efb0000"
filename = ""
Region:
id = 1487
start_va = 0x7efdb000
end_va = 0x7efddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdb000"
filename = ""
Region:
id = 1488
start_va = 0x7efde000
end_va = 0x7efdefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efde000"
filename = ""
Region:
id = 1489
start_va = 0x7efdf000
end_va = 0x7efdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdf000"
filename = ""
Region:
id = 1490
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 1491
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1492
start_va = 0x7fff0000
end_va = 0x7fffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 1493
start_va = 0x2e0000
end_va = 0x4effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002e0000"
filename = ""
Region:
id = 1494
start_va = 0x74a40000
end_va = 0x74a7efff
monitored = 0
entry_point = 0x74a6e088
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 1495
start_va = 0x749e0000
end_va = 0x74a3bfff
monitored = 0
entry_point = 0x74a1f9f4
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 1496
start_va = 0x749d0000
end_va = 0x749d7fff
monitored = 0
entry_point = 0x749d20f8
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 1497
start_va = 0x76e50000
end_va = 0x76f6efff
monitored = 0
entry_point = 0x76e65340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1498
start_va = 0x75620000
end_va = 0x7572ffff
monitored = 0
entry_point = 0x75633283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1499
start_va = 0x76e50000
end_va = 0x76f6efff
monitored = 0
entry_point = 0x76e65340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1500
start_va = 0x76e50000
end_va = 0x76f6efff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076e50000"
filename = ""
Region:
id = 1501
start_va = 0x76d50000
end_va = 0x76e49fff
monitored = 0
entry_point = 0x76d6a2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1502
start_va = 0x76d50000
end_va = 0x76e49fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076d50000"
filename = ""
Region:
id = 1503
start_va = 0x4f0000
end_va = 0x77ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004f0000"
filename = ""
Region:
id = 1504
start_va = 0x75620000
end_va = 0x7572ffff
monitored = 0
entry_point = 0x75633283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1505
start_va = 0x74dc0000
end_va = 0x74e06fff
monitored = 0
entry_point = 0x74dc74c1
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 1506
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1507
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 1508
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 1509
start_va = 0x20000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 1510
start_va = 0x150000
end_va = 0x1b6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1511
start_va = 0x767e0000
end_va = 0x7687ffff
monitored = 0
entry_point = 0x767f49e5
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 1512
start_va = 0x752c0000
end_va = 0x7536bfff
monitored = 0
entry_point = 0x752ca472
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 1513
start_va = 0x74e10000
end_va = 0x74e28fff
monitored = 0
entry_point = 0x74e14975
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 1514
start_va = 0x76450000
end_va = 0x7653ffff
monitored = 0
entry_point = 0x76460569
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 1515
start_va = 0x74ca0000
end_va = 0x74cfffff
monitored = 0
entry_point = 0x74cba3b3
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 1516
start_va = 0x74c90000
end_va = 0x74c9bfff
monitored = 0
entry_point = 0x74c910e1
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 1517
start_va = 0x71330000
end_va = 0x71343fff
monitored = 0
entry_point = 0x71331da9
region_type = mapped_file
name = "atl.dll"
filename = "\\Windows\\SysWOW64\\atl.dll" (normalized: "c:\\windows\\syswow64\\atl.dll")
Region:
id = 1519
start_va = 0x74f70000
end_va = 0x7506ffff
monitored = 0
entry_point = 0x74f8b6ed
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 1520
start_va = 0x76ae0000
end_va = 0x76b6ffff
monitored = 0
entry_point = 0x76af6343
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 1521
start_va = 0x77120000
end_va = 0x77129fff
monitored = 0
entry_point = 0x771236a0
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")
Region:
id = 1522
start_va = 0x76740000
end_va = 0x767dcfff
monitored = 0
entry_point = 0x76773fd7
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")
Region:
id = 1523
start_va = 0x75370000
end_va = 0x754cbfff
monitored = 0
entry_point = 0x753bba3d
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 1524
start_va = 0x76a50000
end_va = 0x76adefff
monitored = 0
entry_point = 0x76a53fb1
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 1525
start_va = 0x74b40000
end_va = 0x74b89fff
monitored = 1
entry_point = 0x74b42e54
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll")
Region:
id = 1526
start_va = 0x780000
end_va = 0x94ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000780000"
filename = ""
Region:
id = 1527
start_va = 0xe0000
end_va = 0xfdfff
monitored = 0
entry_point = 0xf158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1528
start_va = 0x2e0000
end_va = 0x467fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002e0000"
filename = ""
Region:
id = 1529
start_va = 0x470000
end_va = 0x4effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000470000"
filename = ""
Region:
id = 1530
start_va = 0xe0000
end_va = 0xfdfff
monitored = 0
entry_point = 0xf158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1531
start_va = 0x769f0000
end_va = 0x76a4ffff
monitored = 0
entry_point = 0x76a0158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1532
start_va = 0x76380000
end_va = 0x7644bfff
monitored = 0
entry_point = 0x7638168b
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 1533
start_va = 0x4f0000
end_va = 0x670fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004f0000"
filename = ""
Region:
id = 1534
start_va = 0x680000
end_va = 0x77ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000680000"
filename = ""
Region:
id = 1535
start_va = 0x950000
end_va = 0x1d4ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000950000"
filename = ""
Region:
id = 1536
start_va = 0xa0000
end_va = 0xa2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "powershell.exe.mui"
filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui")
Region:
id = 1537
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000e0000"
filename = ""
Region:
id = 1538
start_va = 0xf0000
end_va = 0xf0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 1539
start_va = 0x780000
end_va = 0x93ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000780000"
filename = ""
Region:
id = 1540
start_va = 0x940000
end_va = 0x94ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000940000"
filename = ""
Region:
id = 1545
start_va = 0x1d50000
end_va = 0x1f5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001d50000"
filename = ""
Region:
id = 1574
start_va = 0x74ab0000
end_va = 0x74b3cfff
monitored = 1
entry_point = 0x74ac2860
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")
Region:
id = 1575
start_va = 0x72d00000
end_va = 0x72d02fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-synch-l1-2-0.dll"
filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")
Region:
id = 1581
start_va = 0x76540000
end_va = 0x76596fff
monitored = 0
entry_point = 0x76559ba6
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 1582
start_va = 0x73ca0000
end_va = 0x73ca8fff
monitored = 0
entry_point = 0x73ca1220
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 1583
start_va = 0x71ca0000
end_va = 0x7244efff
monitored = 1
entry_point = 0x71cbd0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 1584
start_va = 0x71ca0000
end_va = 0x7244efff
monitored = 1
entry_point = 0x71cbd0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 1585
start_va = 0x71ca0000
end_va = 0x7244efff
monitored = 1
entry_point = 0x71cbd0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 1603
start_va = 0x74a90000
end_va = 0x74aa3fff
monitored = 0
entry_point = 0x74a9ac00
region_type = mapped_file
name = "vcruntime140_clr0400.dll"
filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")
Region:
id = 1604
start_va = 0x71bf0000
end_va = 0x71c9afff
monitored = 0
entry_point = 0x71c85f20
region_type = mapped_file
name = "ucrtbase_clr0400.dll"
filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")
Region:
id = 1622
start_va = 0x100000
end_va = 0x100fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000100000"
filename = ""
Region:
id = 1623
start_va = 0x1c0000
end_va = 0x1cffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001c0000"
filename = ""
Region:
id = 1624
start_va = 0x1d0000
end_va = 0x1dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 1625
start_va = 0x1e0000
end_va = 0x1effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 1626
start_va = 0x1f0000
end_va = 0x1fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 1627
start_va = 0x200000
end_va = 0x20ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 1628
start_va = 0x210000
end_va = 0x21ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000210000"
filename = ""
Region:
id = 1629
start_va = 0x220000
end_va = 0x220fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000220000"
filename = ""
Region:
id = 1630
start_va = 0x230000
end_va = 0x230fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000230000"
filename = ""
Region:
id = 1631
start_va = 0x240000
end_va = 0x29ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000240000"
filename = ""
Region:
id = 1632
start_va = 0x780000
end_va = 0x8affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000780000"
filename = ""
Region:
id = 1633
start_va = 0x930000
end_va = 0x93ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 1634
start_va = 0x810000
end_va = 0x84ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000810000"
filename = ""
Region:
id = 1635
start_va = 0x870000
end_va = 0x8affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000870000"
filename = ""
Region:
id = 1636
start_va = 0x1e10000
end_va = 0x1e4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e10000"
filename = ""
Region:
id = 1637
start_va = 0x1f20000
end_va = 0x1f5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f20000"
filename = ""
Region:
id = 1638
start_va = 0x7efd8000
end_va = 0x7efdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd8000"
filename = ""
Region:
id = 1656
start_va = 0x240000
end_va = 0x24ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000240000"
filename = ""
Region:
id = 1657
start_va = 0x260000
end_va = 0x29ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000260000"
filename = ""
Region:
id = 1686
start_va = 0x1f60000
end_va = 0x3f5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f60000"
filename = ""
Region:
id = 1699
start_va = 0x240000
end_va = 0x25ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000240000"
filename = ""
Region:
id = 1700
start_va = 0x1d70000
end_va = 0x1daffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001d70000"
filename = ""
Region:
id = 1701
start_va = 0x1ee0000
end_va = 0x1f1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ee0000"
filename = ""
Region:
id = 1702
start_va = 0x7efd5000
end_va = 0x7efd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd5000"
filename = ""
Region:
id = 1714
start_va = 0x3f90000
end_va = 0x3fcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003f90000"
filename = ""
Region:
id = 1715
start_va = 0x4040000
end_va = 0x407ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004040000"
filename = ""
Region:
id = 1716
start_va = 0x7efad000
end_va = 0x7efaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efad000"
filename = ""
Region:
id = 1757
start_va = 0x4080000
end_va = 0x434efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1758
start_va = 0x6fe30000
end_va = 0x7123afff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")
Region:
id = 1759
start_va = 0x780000
end_va = 0x78ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000780000"
filename = ""
Region:
id = 1760
start_va = 0x4350000
end_va = 0x447ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004350000"
filename = ""
Region:
id = 1763
start_va = 0x790000
end_va = 0x79ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000790000"
filename = ""
Region:
id = 1793
start_va = 0x6f3d0000
end_va = 0x6fe24fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")
Region:
id = 1847
start_va = 0x6dd40000
end_va = 0x6e557fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.core.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")
Region:
id = 1901
start_va = 0x712a0000
end_va = 0x7132efff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "microsoft.powershell.consolehost.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.Pb378ec07#\\731848746c032af3ce33577b793c9b9c\\Microsoft.PowerShell.ConsoleHost.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.pb378ec07#\\731848746c032af3ce33577b793c9b9c\\microsoft.powershell.consolehost.ni.dll")
Region:
id = 1903
start_va = 0x73a70000
end_va = 0x73a86fff
monitored = 0
entry_point = 0x73a73573
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")
Region:
id = 1904
start_va = 0x7a0000
end_va = 0x7dbfff
monitored = 0
entry_point = 0x7a128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1905
start_va = 0x7a0000
end_va = 0x7dbfff
monitored = 0
entry_point = 0x7a128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1906
start_va = 0x7a0000
end_va = 0x7dbfff
monitored = 0
entry_point = 0x7a128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1907
start_va = 0x7a0000
end_va = 0x7dbfff
monitored = 0
entry_point = 0x7a128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1908
start_va = 0x7a0000
end_va = 0x7dbfff
monitored = 0
entry_point = 0x7a128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1912
start_va = 0x73a30000
end_va = 0x73a6afff
monitored = 0
entry_point = 0x73a3128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1984
start_va = 0x6b3e0000
end_va = 0x6cec2fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.management.automation.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Manaa57fc8cc#\\a68aa6199c81feadf8c95a4ea0254b2c\\System.Management.Automation.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.manaa57fc8cc#\\a68aa6199c81feadf8c95a4ea0254b2c\\system.management.automation.ni.dll")
Region:
id = 2331
start_va = 0x7a0000
end_va = 0x801fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorrc.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll")
Region:
id = 2332
start_va = 0x1dd0000
end_va = 0x1e0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001dd0000"
filename = ""
Region:
id = 2333
start_va = 0x4390000
end_va = 0x43cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004390000"
filename = ""
Region:
id = 2334
start_va = 0x43f0000
end_va = 0x442ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000043f0000"
filename = ""
Region:
id = 2335
start_va = 0x4440000
end_va = 0x447ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004440000"
filename = ""
Region:
id = 2336
start_va = 0x4480000
end_va = 0x44bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004480000"
filename = ""
Region:
id = 2337
start_va = 0x7efa7000
end_va = 0x7efa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa7000"
filename = ""
Region:
id = 2338
start_va = 0x7efaa000
end_va = 0x7efacfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efaa000"
filename = ""
Region:
id = 2349
start_va = 0x71980000
end_va = 0x71992fff
monitored = 1
entry_point = 0x7198d900
region_type = mapped_file
name = "nlssorting.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")
Region:
id = 2350
start_va = 0x44c0000
end_va = 0x4791fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nlp"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp")
Region:
id = 2353
start_va = 0x6acd0000
end_va = 0x6b3dbfff
monitored = 1
entry_point = 0x6b2ef392
region_type = mapped_file
name = "system.management.automation.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Management.Automation\\v4.0_3.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.management.automation\\v4.0_3.0.0.0__31bf3856ad364e35\\system.management.automation.dll")
Region:
id = 2355
start_va = 0x6acd0000
end_va = 0x6b3dbfff
monitored = 1
entry_point = 0x6b2ef392
region_type = mapped_file
name = "system.management.automation.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Management.Automation\\v4.0_3.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.management.automation\\v4.0_3.0.0.0__31bf3856ad364e35\\system.management.automation.dll")
Region:
id = 2356
start_va = 0x47a0000
end_va = 0x485ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui")
Region:
id = 2359
start_va = 0x754e0000
end_va = 0x754e4fff
monitored = 0
entry_point = 0x754e1438
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")
Region:
id = 2360
start_va = 0x6acd0000
end_va = 0x6b3dbfff
monitored = 1
entry_point = 0x6b2ef392
region_type = mapped_file
name = "system.management.automation.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Management.Automation\\v4.0_3.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.management.automation\\v4.0_3.0.0.0__31bf3856ad364e35\\system.management.automation.dll")
Region:
id = 2361
start_va = 0x6a5c0000
end_va = 0x6accbfff
monitored = 1
entry_point = 0x6abdf392
region_type = mapped_file
name = "system.management.automation.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Management.Automation\\v4.0_3.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.management.automation\\v4.0_3.0.0.0__31bf3856ad364e35\\system.management.automation.dll")
Region:
id = 2469
start_va = 0x8e0000
end_va = 0x91ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008e0000"
filename = ""
Region:
id = 2470
start_va = 0x48d0000
end_va = 0x490ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048d0000"
filename = ""
Region:
id = 2471
start_va = 0x7efa4000
end_va = 0x7efa6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa4000"
filename = ""
Region:
id = 2478
start_va = 0x75730000
end_va = 0x76379fff
monitored = 0
entry_point = 0x757b1601
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 2479
start_va = 0x850000
end_va = 0x850fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000850000"
filename = ""
Region:
id = 2482
start_va = 0x76c70000
end_va = 0x76c9efff
monitored = 0
entry_point = 0x76c72a35
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\SysWOW64\\wintrust.dll" (normalized: "c:\\windows\\syswow64\\wintrust.dll")
Region:
id = 2485
start_va = 0x49d0000
end_va = 0x4a0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049d0000"
filename = ""
Region:
id = 2486
start_va = 0x4a60000
end_va = 0x4a9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a60000"
filename = ""
Region:
id = 2487
start_va = 0x7efa1000
end_va = 0x7efa3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa1000"
filename = ""
Region:
id = 2491
start_va = 0x754f0000
end_va = 0x75610fff
monitored = 0
entry_point = 0x754f158e
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")
Region:
id = 2492
start_va = 0x74d50000
end_va = 0x74d5bfff
monitored = 0
entry_point = 0x74d5238e
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")
Region:
id = 2495
start_va = 0x1ea0000
end_va = 0x1edffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ea0000"
filename = ""
Region:
id = 2496
start_va = 0x4ad0000
end_va = 0x4b0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ad0000"
filename = ""
Region:
id = 2497
start_va = 0x7ef9e000
end_va = 0x7efa0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef9e000"
filename = ""
Region:
id = 2506
start_va = 0x860000
end_va = 0x867fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "microsoft.powershell.utility.psm1"
filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1")
Region:
id = 2507
start_va = 0x4890000
end_va = 0x48cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004890000"
filename = ""
Region:
id = 2508
start_va = 0x4920000
end_va = 0x495ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004920000"
filename = ""
Region:
id = 2509
start_va = 0x7efa7000
end_va = 0x7efa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa7000"
filename = ""
Region:
id = 2515
start_va = 0x713e0000
end_va = 0x713e7fff
monitored = 0
entry_point = 0x713e3bf5
region_type = mapped_file
name = "msisip.dll"
filename = "\\Windows\\SysWOW64\\msisip.dll" (normalized: "c:\\windows\\syswow64\\msisip.dll")
Region:
id = 2523
start_va = 0x4b10000
end_va = 0x4f0ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004b10000"
filename = ""
Region:
id = 2524
start_va = 0x8b0000
end_va = 0x8b7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "microsoft.powershell.utility.psm1"
filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1")
Region:
id = 2525
start_va = 0x4b10000
end_va = 0x4f0ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004b10000"
filename = ""
Region:
id = 2526
start_va = 0x4400000
end_va = 0x443ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004400000"
filename = ""
Region:
id = 2527
start_va = 0x4990000
end_va = 0x49cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004990000"
filename = ""
Region:
id = 2528
start_va = 0x713c0000
end_va = 0x713d5fff
monitored = 0
entry_point = 0x713c13df
region_type = mapped_file
name = "wshext.dll"
filename = "\\Windows\\SysWOW64\\wshext.dll" (normalized: "c:\\windows\\syswow64\\wshext.dll")
Region:
id = 2529
start_va = 0x7ef9b000
end_va = 0x7ef9dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef9b000"
filename = ""
Region:
id = 2533
start_va = 0x6ebc0000
end_va = 0x6ec43fff
monitored = 0
entry_point = 0x6ebc19a9
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 2534
start_va = 0x8b0000
end_va = 0x8cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008b0000"
filename = ""
Region:
id = 2535
start_va = 0x713b0000
end_va = 0x713b9fff
monitored = 0
entry_point = 0x713b4ab0
region_type = mapped_file
name = "pwrshsip.dll"
filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\pwrshsip.dll" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\pwrshsip.dll")
Region:
id = 2536
start_va = 0x4b10000
end_va = 0x4c0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b10000"
filename = ""
Region:
id = 2544
start_va = 0x4ce0000
end_va = 0x4d1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ce0000"
filename = ""
Region:
id = 2545
start_va = 0x4d30000
end_va = 0x4d6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d30000"
filename = ""
Region:
id = 2546
start_va = 0x7ef98000
end_va = 0x7ef9afff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef98000"
filename = ""
Region:
id = 2629
start_va = 0x860000
end_va = 0x86ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 2640
start_va = 0x8b0000
end_va = 0x8b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 2641
start_va = 0x8c0000
end_va = 0x8cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 2642
start_va = 0x8d0000
end_va = 0x8d6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 2647
start_va = 0x8b0000
end_va = 0x8b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 2648
start_va = 0x8d0000
end_va = 0x8d6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 2655
start_va = 0x8b0000
end_va = 0x8b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 2656
start_va = 0x8b0000
end_va = 0x8b6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 2657
start_va = 0x8b0000
end_va = 0x8b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 2658
start_va = 0x8b0000
end_va = 0x8b6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 2659
start_va = 0x8b0000
end_va = 0x8b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 2660
start_va = 0x8b0000
end_va = 0x8b6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 2665
start_va = 0x4380000
end_va = 0x43bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004380000"
filename = ""
Region:
id = 2666
start_va = 0x4c90000
end_va = 0x4ccffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c90000"
filename = ""
Region:
id = 2667
start_va = 0x7ef98000
end_va = 0x7ef9afff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef98000"
filename = ""
Region:
id = 2669
start_va = 0x4ce0000
end_va = 0x4d1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ce0000"
filename = ""
Region:
id = 2670
start_va = 0x4db0000
end_va = 0x4deffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004db0000"
filename = ""
Region:
id = 2671
start_va = 0x4e40000
end_va = 0x4e7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e40000"
filename = ""
Region:
id = 2672
start_va = 0x4f10000
end_va = 0x4f4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004f10000"
filename = ""
Region:
id = 2673
start_va = 0x7ef92000
end_va = 0x7ef94fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef92000"
filename = ""
Region:
id = 2674
start_va = 0x7ef95000
end_va = 0x7ef97fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef95000"
filename = ""
Thread:
id = 10
os_tid = 0xabc
Thread:
id = 14
os_tid = 0xa8c
Thread:
id = 16
os_tid = 0x9f8
Thread:
id = 17
os_tid = 0x894
Thread:
id = 82
os_tid = 0x9ac
Thread:
id = 83
os_tid = 0x218
Thread:
id = 92
os_tid = 0xb48
Thread:
id = 94
os_tid = 0x5e8
Thread:
id = 96
os_tid = 0x9e4
Thread:
id = 98
os_tid = 0x8c4
Thread:
id = 101
os_tid = 0x8c0
Thread:
id = 103
os_tid = 0x9c8
Thread:
id = 107
os_tid = 0x9bc
Thread:
id = 109
os_tid = 0x9b4
Thread:
id = 110
os_tid = 0x9b0
Process:
id = "3"
image_name = "powershell.exe"
filename = "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe"
page_root = "0x3cdda000"
os_pid = "0xb64"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0x9d0"
cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" Add-MpPreference -ExclusionPath \"C:\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe\""
cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f2de" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1546
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1547
start_va = 0x30000
end_va = 0x9afff
monitored = 0
entry_point = 0x3d330
region_type = mapped_file
name = "powershell.exe"
filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")
Region:
id = 1548
start_va = 0xa0000
end_va = 0xa1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000a0000"
filename = ""
Region:
id = 1549
start_va = 0xb0000
end_va = 0xb0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1550
start_va = 0xc0000
end_va = 0xc3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 1551
start_va = 0xd0000
end_va = 0xd0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 1552
start_va = 0x130000
end_va = 0x16ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000130000"
filename = ""
Region:
id = 1553
start_va = 0x200000
end_va = 0x23ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 1554
start_va = 0x76f70000
end_va = 0x77118fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1555
start_va = 0x77150000
end_va = 0x772cffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 1556
start_va = 0x7efb0000
end_va = 0x7efd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efb0000"
filename = ""
Region:
id = 1557
start_va = 0x7efdb000
end_va = 0x7efddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdb000"
filename = ""
Region:
id = 1558
start_va = 0x7efde000
end_va = 0x7efdefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efde000"
filename = ""
Region:
id = 1559
start_va = 0x7efdf000
end_va = 0x7efdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdf000"
filename = ""
Region:
id = 1560
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 1561
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1562
start_va = 0x7fff0000
end_va = 0x7fffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 1563
start_va = 0x240000
end_va = 0x34ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000240000"
filename = ""
Region:
id = 1564
start_va = 0x74a40000
end_va = 0x74a7efff
monitored = 0
entry_point = 0x74a6e088
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 1565
start_va = 0x749e0000
end_va = 0x74a3bfff
monitored = 0
entry_point = 0x74a1f9f4
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 1566
start_va = 0x749d0000
end_va = 0x749d7fff
monitored = 0
entry_point = 0x749d20f8
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 1567
start_va = 0x76e50000
end_va = 0x76f6efff
monitored = 0
entry_point = 0x76e65340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1568
start_va = 0x75620000
end_va = 0x7572ffff
monitored = 0
entry_point = 0x75633283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1569
start_va = 0x76e50000
end_va = 0x76f6efff
monitored = 0
entry_point = 0x76e65340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1570
start_va = 0x76e50000
end_va = 0x76f6efff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076e50000"
filename = ""
Region:
id = 1571
start_va = 0x76d50000
end_va = 0x76e49fff
monitored = 0
entry_point = 0x76d6a2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1572
start_va = 0x76d50000
end_va = 0x76e49fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076d50000"
filename = ""
Region:
id = 1573
start_va = 0x350000
end_va = 0x4dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000350000"
filename = ""
Region:
id = 1576
start_va = 0x75620000
end_va = 0x7572ffff
monitored = 0
entry_point = 0x75633283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1577
start_va = 0x74dc0000
end_va = 0x74e06fff
monitored = 0
entry_point = 0x74dc74c1
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 1578
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1579
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 1580
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 1639
start_va = 0x20000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 1640
start_va = 0x170000
end_va = 0x1d6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1641
start_va = 0x767e0000
end_va = 0x7687ffff
monitored = 0
entry_point = 0x767f49e5
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 1642
start_va = 0x752c0000
end_va = 0x7536bfff
monitored = 0
entry_point = 0x752ca472
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 1643
start_va = 0x74e10000
end_va = 0x74e28fff
monitored = 0
entry_point = 0x74e14975
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 1644
start_va = 0x76450000
end_va = 0x7653ffff
monitored = 0
entry_point = 0x76460569
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 1645
start_va = 0x74ca0000
end_va = 0x74cfffff
monitored = 0
entry_point = 0x74cba3b3
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 1646
start_va = 0x74c90000
end_va = 0x74c9bfff
monitored = 0
entry_point = 0x74c910e1
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 1647
start_va = 0x71330000
end_va = 0x71343fff
monitored = 0
entry_point = 0x71331da9
region_type = mapped_file
name = "atl.dll"
filename = "\\Windows\\SysWOW64\\atl.dll" (normalized: "c:\\windows\\syswow64\\atl.dll")
Region:
id = 1648
start_va = 0x74f70000
end_va = 0x7506ffff
monitored = 0
entry_point = 0x74f8b6ed
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 1649
start_va = 0x76ae0000
end_va = 0x76b6ffff
monitored = 0
entry_point = 0x76af6343
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 1650
start_va = 0x77120000
end_va = 0x77129fff
monitored = 0
entry_point = 0x771236a0
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")
Region:
id = 1651
start_va = 0x76740000
end_va = 0x767dcfff
monitored = 0
entry_point = 0x76773fd7
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")
Region:
id = 1652
start_va = 0x75370000
end_va = 0x754cbfff
monitored = 0
entry_point = 0x753bba3d
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 1653
start_va = 0x76a50000
end_va = 0x76adefff
monitored = 0
entry_point = 0x76a53fb1
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 1654
start_va = 0x74b40000
end_va = 0x74b89fff
monitored = 1
entry_point = 0x74b42e54
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll")
Region:
id = 1655
start_va = 0x4e0000
end_va = 0x6dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004e0000"
filename = ""
Region:
id = 1658
start_va = 0xe0000
end_va = 0xfdfff
monitored = 0
entry_point = 0xf158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1659
start_va = 0x4e0000
end_va = 0x667fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004e0000"
filename = ""
Region:
id = 1660
start_va = 0x6d0000
end_va = 0x6dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006d0000"
filename = ""
Region:
id = 1661
start_va = 0xe0000
end_va = 0xfdfff
monitored = 0
entry_point = 0xf158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1662
start_va = 0x769f0000
end_va = 0x76a4ffff
monitored = 0
entry_point = 0x76a0158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1663
start_va = 0x76380000
end_va = 0x7644bfff
monitored = 0
entry_point = 0x7638168b
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 1664
start_va = 0x6e0000
end_va = 0x860fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006e0000"
filename = ""
Region:
id = 1665
start_va = 0x870000
end_va = 0x1c6ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000870000"
filename = ""
Region:
id = 1666
start_va = 0xa0000
end_va = 0xa2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "powershell.exe.mui"
filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui")
Region:
id = 1667
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000e0000"
filename = ""
Region:
id = 1668
start_va = 0xf0000
end_va = 0xf0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 1669
start_va = 0x1c70000
end_va = 0x1e0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001c70000"
filename = ""
Region:
id = 1687
start_va = 0x1c70000
end_va = 0x1d8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001c70000"
filename = ""
Region:
id = 1688
start_va = 0x1e00000
end_va = 0x1e0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e00000"
filename = ""
Region:
id = 1703
start_va = 0x74ab0000
end_va = 0x74b3cfff
monitored = 1
entry_point = 0x74ac2860
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")
Region:
id = 1704
start_va = 0x72d00000
end_va = 0x72d02fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-synch-l1-2-0.dll"
filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")
Region:
id = 1705
start_va = 0x76540000
end_va = 0x76596fff
monitored = 0
entry_point = 0x76559ba6
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 1706
start_va = 0x73ca0000
end_va = 0x73ca8fff
monitored = 0
entry_point = 0x73ca1220
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 1707
start_va = 0x71ca0000
end_va = 0x7244efff
monitored = 1
entry_point = 0x71cbd0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 1708
start_va = 0x71ca0000
end_va = 0x7244efff
monitored = 1
entry_point = 0x71cbd0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 1709
start_va = 0x71ca0000
end_va = 0x7244efff
monitored = 1
entry_point = 0x71cbd0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 1717
start_va = 0x74a90000
end_va = 0x74aa3fff
monitored = 0
entry_point = 0x74a9ac00
region_type = mapped_file
name = "vcruntime140_clr0400.dll"
filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")
Region:
id = 1718
start_va = 0x71bf0000
end_va = 0x71c9afff
monitored = 0
entry_point = 0x71c85f20
region_type = mapped_file
name = "ucrtbase_clr0400.dll"
filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")
Region:
id = 1721
start_va = 0x100000
end_va = 0x100fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000100000"
filename = ""
Region:
id = 1722
start_va = 0x110000
end_va = 0x11ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000110000"
filename = ""
Region:
id = 1723
start_va = 0x120000
end_va = 0x12ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000120000"
filename = ""
Region:
id = 1724
start_va = 0x1e0000
end_va = 0x1effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 1725
start_va = 0x1f0000
end_va = 0x1fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 1726
start_va = 0x240000
end_va = 0x24ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000240000"
filename = ""
Region:
id = 1727
start_va = 0x2d0000
end_va = 0x34ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002d0000"
filename = ""
Region:
id = 1729
start_va = 0x250000
end_va = 0x25ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000250000"
filename = ""
Region:
id = 1730
start_va = 0x260000
end_va = 0x260fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000260000"
filename = ""
Region:
id = 1731
start_va = 0x270000
end_va = 0x270fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 1732
start_va = 0x1e10000
end_va = 0x1f3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e10000"
filename = ""
Region:
id = 1733
start_va = 0x1f40000
end_va = 0x215ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f40000"
filename = ""
Region:
id = 1734
start_va = 0x1cd0000
end_va = 0x1d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001cd0000"
filename = ""
Region:
id = 1735
start_va = 0x1d50000
end_va = 0x1d8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001d50000"
filename = ""
Region:
id = 1736
start_va = 0x1e30000
end_va = 0x1e6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e30000"
filename = ""
Region:
id = 1737
start_va = 0x1f00000
end_va = 0x1f3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f00000"
filename = ""
Region:
id = 1738
start_va = 0x7efd8000
end_va = 0x7efdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd8000"
filename = ""
Region:
id = 1739
start_va = 0x280000
end_va = 0x28ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000280000"
filename = ""
Region:
id = 1740
start_va = 0x2160000
end_va = 0x415ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002160000"
filename = ""
Region:
id = 1741
start_va = 0x280000
end_va = 0x29ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000280000"
filename = ""
Region:
id = 1742
start_va = 0x360000
end_va = 0x39ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000360000"
filename = ""
Region:
id = 1743
start_va = 0x3e0000
end_va = 0x4dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003e0000"
filename = ""
Region:
id = 1744
start_va = 0x1fa0000
end_va = 0x1fdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001fa0000"
filename = ""
Region:
id = 1745
start_va = 0x2120000
end_va = 0x215ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002120000"
filename = ""
Region:
id = 1746
start_va = 0x7efd5000
end_va = 0x7efd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd5000"
filename = ""
Region:
id = 1750
start_va = 0x1dc0000
end_va = 0x1dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001dc0000"
filename = ""
Region:
id = 1751
start_va = 0x1ea0000
end_va = 0x1edffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ea0000"
filename = ""
Region:
id = 1752
start_va = 0x7efad000
end_va = 0x7efaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efad000"
filename = ""
Region:
id = 1761
start_va = 0x4160000
end_va = 0x442efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1762
start_va = 0x6fe30000
end_va = 0x7123afff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")
Region:
id = 1764
start_va = 0x2a0000
end_va = 0x2affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002a0000"
filename = ""
Region:
id = 1765
start_va = 0x670000
end_va = 0x6bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000670000"
filename = ""
Region:
id = 1766
start_va = 0x2b0000
end_va = 0x2bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002b0000"
filename = ""
Region:
id = 1794
start_va = 0x6f3d0000
end_va = 0x6fe24fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")
Region:
id = 1833
start_va = 0x6dd40000
end_va = 0x6e557fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.core.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")
Region:
id = 1902
start_va = 0x712a0000
end_va = 0x7132efff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "microsoft.powershell.consolehost.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.Pb378ec07#\\731848746c032af3ce33577b793c9b9c\\Microsoft.PowerShell.ConsoleHost.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.pb378ec07#\\731848746c032af3ce33577b793c9b9c\\microsoft.powershell.consolehost.ni.dll")
Region:
id = 1909
start_va = 0x73a70000
end_va = 0x73a86fff
monitored = 0
entry_point = 0x73a73573
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")
Region:
id = 1910
start_va = 0x3a0000
end_va = 0x3dbfff
monitored = 0
entry_point = 0x3a128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1911
start_va = 0x3a0000
end_va = 0x3dbfff
monitored = 0
entry_point = 0x3a128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1913
start_va = 0x3a0000
end_va = 0x3dbfff
monitored = 0
entry_point = 0x3a128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1914
start_va = 0x3a0000
end_va = 0x3dbfff
monitored = 0
entry_point = 0x3a128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1915
start_va = 0x3a0000
end_va = 0x3dbfff
monitored = 0
entry_point = 0x3a128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1916
start_va = 0x73a30000
end_va = 0x73a6afff
monitored = 0
entry_point = 0x73a3128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1985
start_va = 0x6b3e0000
end_va = 0x6cec2fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.management.automation.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Manaa57fc8cc#\\a68aa6199c81feadf8c95a4ea0254b2c\\System.Management.Automation.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.manaa57fc8cc#\\a68aa6199c81feadf8c95a4ea0254b2c\\system.management.automation.ni.dll")
Region:
id = 2330
start_va = 0x1fe0000
end_va = 0x2041fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorrc.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll")
Region:
id = 2339
start_va = 0x1c90000
end_va = 0x1ccffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001c90000"
filename = ""
Region:
id = 2340
start_va = 0x2070000
end_va = 0x20affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002070000"
filename = ""
Region:
id = 2341
start_va = 0x44f0000
end_va = 0x452ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000044f0000"
filename = ""
Region:
id = 2342
start_va = 0x45a0000
end_va = 0x45dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000045a0000"
filename = ""
Region:
id = 2343
start_va = 0x7efa7000
end_va = 0x7efa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa7000"
filename = ""
Region:
id = 2344
start_va = 0x7efaa000
end_va = 0x7efacfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efaa000"
filename = ""
Region:
id = 2347
start_va = 0x71980000
end_va = 0x71992fff
monitored = 1
entry_point = 0x7198d900
region_type = mapped_file
name = "nlssorting.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")
Region:
id = 2348
start_va = 0x45e0000
end_va = 0x48b1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nlp"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp")
Region:
id = 2354
start_va = 0x6acd0000
end_va = 0x6b3dbfff
monitored = 1
entry_point = 0x6b2ef392
region_type = mapped_file
name = "system.management.automation.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Management.Automation\\v4.0_3.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.management.automation\\v4.0_3.0.0.0__31bf3856ad364e35\\system.management.automation.dll")
Region:
id = 2357
start_va = 0x4430000
end_va = 0x44effff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui")
Region:
id = 2358
start_va = 0x6a5c0000
end_va = 0x6accbfff
monitored = 1
entry_point = 0x6abdf392
region_type = mapped_file
name = "system.management.automation.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Management.Automation\\v4.0_3.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.management.automation\\v4.0_3.0.0.0__31bf3856ad364e35\\system.management.automation.dll")
Region:
id = 2364
start_va = 0x754e0000
end_va = 0x754e4fff
monitored = 0
entry_point = 0x754e1438
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")
Region:
id = 2472
start_va = 0x20b0000
end_va = 0x20effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000020b0000"
filename = ""
Region:
id = 2473
start_va = 0x48e0000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048e0000"
filename = ""
Region:
id = 2474
start_va = 0x7efa4000
end_va = 0x7efa6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa4000"
filename = ""
Region:
id = 2475
start_va = 0x75730000
end_va = 0x76379fff
monitored = 0
entry_point = 0x757b1601
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 2477
start_va = 0x2c0000
end_va = 0x2c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002c0000"
filename = ""
Region:
id = 2480
start_va = 0x76c70000
end_va = 0x76c9efff
monitored = 0
entry_point = 0x76c72a35
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\SysWOW64\\wintrust.dll" (normalized: "c:\\windows\\syswow64\\wintrust.dll")
Region:
id = 2488
start_va = 0x4960000
end_va = 0x499ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004960000"
filename = ""
Region:
id = 2489
start_va = 0x4a80000
end_va = 0x4abffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a80000"
filename = ""
Region:
id = 2490
start_va = 0x7efa1000
end_va = 0x7efa3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa1000"
filename = ""
Region:
id = 2493
start_va = 0x754f0000
end_va = 0x75610fff
monitored = 0
entry_point = 0x754f158e
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")
Region:
id = 2494
start_va = 0x74d50000
end_va = 0x74d5bfff
monitored = 0
entry_point = 0x74d5238e
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")
Region:
id = 2498
start_va = 0x49d0000
end_va = 0x4a0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049d0000"
filename = ""
Region:
id = 2499
start_va = 0x4b40000
end_va = 0x4b7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b40000"
filename = ""
Region:
id = 2500
start_va = 0x7ef9e000
end_va = 0x7efa0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef9e000"
filename = ""
Region:
id = 2510
start_va = 0x350000
end_va = 0x357fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "microsoft.powershell.utility.psm1"
filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1")
Region:
id = 2511
start_va = 0x4a30000
end_va = 0x4a6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a30000"
filename = ""
Region:
id = 2512
start_va = 0x4ac0000
end_va = 0x4afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ac0000"
filename = ""
Region:
id = 2513
start_va = 0x7efa7000
end_va = 0x7efa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa7000"
filename = ""
Region:
id = 2514
start_va = 0x713e0000
end_va = 0x713e7fff
monitored = 0
entry_point = 0x713e3bf5
region_type = mapped_file
name = "msisip.dll"
filename = "\\Windows\\SysWOW64\\msisip.dll" (normalized: "c:\\windows\\syswow64\\msisip.dll")
Region:
id = 2516
start_va = 0x4b80000
end_va = 0x4f7ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004b80000"
filename = ""
Region:
id = 2517
start_va = 0x3a0000
end_va = 0x3a7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "microsoft.powershell.utility.psm1"
filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1")
Region:
id = 2518
start_va = 0x4b80000
end_va = 0x4f7ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004b80000"
filename = ""
Region:
id = 2519
start_va = 0x4540000
end_va = 0x457ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004540000"
filename = ""
Region:
id = 2520
start_va = 0x4c20000
end_va = 0x4c5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c20000"
filename = ""
Region:
id = 2521
start_va = 0x713c0000
end_va = 0x713d5fff
monitored = 0
entry_point = 0x713c13df
region_type = mapped_file
name = "wshext.dll"
filename = "\\Windows\\SysWOW64\\wshext.dll" (normalized: "c:\\windows\\syswow64\\wshext.dll")
Region:
id = 2522
start_va = 0x7ef9b000
end_va = 0x7ef9dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef9b000"
filename = ""
Region:
id = 2530
start_va = 0x6ebc0000
end_va = 0x6ec43fff
monitored = 0
entry_point = 0x6ebc19a9
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 2531
start_va = 0x4c60000
end_va = 0x4e4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c60000"
filename = ""
Region:
id = 2532
start_va = 0x713b0000
end_va = 0x713b9fff
monitored = 0
entry_point = 0x713b4ab0
region_type = mapped_file
name = "pwrshsip.dll"
filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\pwrshsip.dll" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\pwrshsip.dll")
Region:
id = 2537
start_va = 0x4c60000
end_va = 0x4d5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c60000"
filename = ""
Region:
id = 2538
start_va = 0x4e40000
end_va = 0x4e4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e40000"
filename = ""
Region:
id = 2541
start_va = 0x4590000
end_va = 0x45cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004590000"
filename = ""
Region:
id = 2542
start_va = 0x4df0000
end_va = 0x4e2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004df0000"
filename = ""
Region:
id = 2543
start_va = 0x7ef98000
end_va = 0x7ef9afff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef98000"
filename = ""
Region:
id = 2628
start_va = 0x350000
end_va = 0x35ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000350000"
filename = ""
Region:
id = 2639
start_va = 0x3a0000
end_va = 0x3a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 2644
start_va = 0x3b0000
end_va = 0x3b6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 2645
start_va = 0x3a0000
end_va = 0x3a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 2646
start_va = 0x3b0000
end_va = 0x3b6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 2649
start_va = 0x3a0000
end_va = 0x3a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 2650
start_va = 0x3a0000
end_va = 0x3a6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 2651
start_va = 0x3a0000
end_va = 0x3a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 2652
start_va = 0x3a0000
end_va = 0x3a6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 2653
start_va = 0x3a0000
end_va = 0x3a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 2654
start_va = 0x3a0000
end_va = 0x3a6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 2661
start_va = 0x4d70000
end_va = 0x4daffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d70000"
filename = ""
Region:
id = 2662
start_va = 0x4e80000
end_va = 0x4ebffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e80000"
filename = ""
Region:
id = 2663
start_va = 0x7ef98000
end_va = 0x7ef9afff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef98000"
filename = ""
Region:
id = 2675
start_va = 0x2050000
end_va = 0x208ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002050000"
filename = ""
Region:
id = 2676
start_va = 0x4ba0000
end_va = 0x4bdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ba0000"
filename = ""
Region:
id = 2677
start_va = 0x4df0000
end_va = 0x4e2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004df0000"
filename = ""
Region:
id = 2678
start_va = 0x4fa0000
end_va = 0x4fdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004fa0000"
filename = ""
Region:
id = 2679
start_va = 0x7ef92000
end_va = 0x7ef94fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef92000"
filename = ""
Region:
id = 2680
start_va = 0x7ef95000
end_va = 0x7ef97fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef95000"
filename = ""
Thread:
id = 12
os_tid = 0xb68
Thread:
id = 19
os_tid = 0x884
Thread:
id = 20
os_tid = 0x880
Thread:
id = 21
os_tid = 0x29c
Thread:
id = 84
os_tid = 0x174
Thread:
id = 85
os_tid = 0xa0c
Thread:
id = 93
os_tid = 0xaa0
Thread:
id = 95
os_tid = 0x99c
Thread:
id = 97
os_tid = 0x8d0
Thread:
id = 99
os_tid = 0x8c8
Thread:
id = 100
os_tid = 0x8cc
Thread:
id = 102
os_tid = 0x8bc
Thread:
id = 106
os_tid = 0x9b8
Thread:
id = 108
os_tid = 0x9c0
Thread:
id = 111
os_tid = 0x9e8
Process:
id = "4"
image_name = "schtasks.exe"
filename = "c:\\windows\\syswow64\\schtasks.exe"
page_root = "0x3c8f7000"
os_pid = "0x5b8"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0x9d0"
cmd_line = "\"C:\\Windows\\System32\\schtasks.exe\" /Create /TN \"Updates\\zwLLFjVv\" /XML \"C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9370.tmp\""
cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f2de" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1586
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1587
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 1588
start_va = 0x40000
end_va = 0x40fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1589
start_va = 0x50000
end_va = 0x53fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 1590
start_va = 0x60000
end_va = 0x60fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000060000"
filename = ""
Region:
id = 1591
start_va = 0xc0000
end_va = 0xfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 1592
start_va = 0x140000
end_va = 0x16dfff
monitored = 1
entry_point = 0x157683
region_type = mapped_file
name = "schtasks.exe"
filename = "\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")
Region:
id = 1593
start_va = 0x2f0000
end_va = 0x32ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002f0000"
filename = ""
Region:
id = 1594
start_va = 0x76f70000
end_va = 0x77118fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1595
start_va = 0x77150000
end_va = 0x772cffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 1596
start_va = 0x7efb0000
end_va = 0x7efd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efb0000"
filename = ""
Region:
id = 1597
start_va = 0x7efdb000
end_va = 0x7efddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdb000"
filename = ""
Region:
id = 1598
start_va = 0x7efde000
end_va = 0x7efdefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efde000"
filename = ""
Region:
id = 1599
start_va = 0x7efdf000
end_va = 0x7efdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdf000"
filename = ""
Region:
id = 1600
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 1601
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1602
start_va = 0x7fff0000
end_va = 0x7fffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 1605
start_va = 0x170000
end_va = 0x1fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000170000"
filename = ""
Region:
id = 1606
start_va = 0x74a40000
end_va = 0x74a7efff
monitored = 0
entry_point = 0x74a6e088
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 1607
start_va = 0x749e0000
end_va = 0x74a3bfff
monitored = 0
entry_point = 0x74a1f9f4
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 1608
start_va = 0x749d0000
end_va = 0x749d7fff
monitored = 0
entry_point = 0x749d20f8
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 1609
start_va = 0x76e50000
end_va = 0x76f6efff
monitored = 0
entry_point = 0x76e65340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1610
start_va = 0x75620000
end_va = 0x7572ffff
monitored = 0
entry_point = 0x75633283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1611
start_va = 0x76e50000
end_va = 0x76f6efff
monitored = 0
entry_point = 0x76e65340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1612
start_va = 0x76e50000
end_va = 0x76f6efff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076e50000"
filename = ""
Region:
id = 1613
start_va = 0x76d50000
end_va = 0x76e49fff
monitored = 0
entry_point = 0x76d6a2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1614
start_va = 0x76d50000
end_va = 0x76e49fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076d50000"
filename = ""
Region:
id = 1615
start_va = 0x330000
end_va = 0x43ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000330000"
filename = ""
Region:
id = 1616
start_va = 0x75620000
end_va = 0x7572ffff
monitored = 0
entry_point = 0x75633283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1617
start_va = 0x74dc0000
end_va = 0x74e06fff
monitored = 0
entry_point = 0x74dc74c1
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 1618
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1619
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 1620
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 1670
start_va = 0x20000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 1671
start_va = 0x200000
end_va = 0x266fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1672
start_va = 0x752c0000
end_va = 0x7536bfff
monitored = 0
entry_point = 0x752ca472
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 1673
start_va = 0x74f70000
end_va = 0x7506ffff
monitored = 0
entry_point = 0x74f8b6ed
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 1674
start_va = 0x76ae0000
end_va = 0x76b6ffff
monitored = 0
entry_point = 0x76af6343
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 1675
start_va = 0x77120000
end_va = 0x77129fff
monitored = 0
entry_point = 0x771236a0
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")
Region:
id = 1676
start_va = 0x76740000
end_va = 0x767dcfff
monitored = 0
entry_point = 0x76773fd7
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")
Region:
id = 1677
start_va = 0x767e0000
end_va = 0x7687ffff
monitored = 0
entry_point = 0x767f49e5
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 1678
start_va = 0x74e10000
end_va = 0x74e28fff
monitored = 0
entry_point = 0x74e14975
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 1679
start_va = 0x76450000
end_va = 0x7653ffff
monitored = 0
entry_point = 0x76460569
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 1680
start_va = 0x74ca0000
end_va = 0x74cfffff
monitored = 0
entry_point = 0x74cba3b3
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 1681
start_va = 0x74c90000
end_va = 0x74c9bfff
monitored = 0
entry_point = 0x74c910e1
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 1682
start_va = 0x75370000
end_va = 0x754cbfff
monitored = 0
entry_point = 0x753bba3d
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 1683
start_va = 0x76a50000
end_va = 0x76adefff
monitored = 0
entry_point = 0x76a53fb1
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 1684
start_va = 0x76540000
end_va = 0x76596fff
monitored = 0
entry_point = 0x76559ba6
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 1685
start_va = 0x71320000
end_va = 0x71328fff
monitored = 0
entry_point = 0x71321830
region_type = mapped_file
name = "ktmw32.dll"
filename = "\\Windows\\SysWOW64\\ktmw32.dll" (normalized: "c:\\windows\\syswow64\\ktmw32.dll")
Region:
id = 1689
start_va = 0x70000
end_va = 0xbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000070000"
filename = ""
Region:
id = 1690
start_va = 0x440000
end_va = 0x5c7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000440000"
filename = ""
Region:
id = 1691
start_va = 0x70000
end_va = 0x8dfff
monitored = 0
entry_point = 0x8158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1692
start_va = 0xb0000
end_va = 0xbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000b0000"
filename = ""
Region:
id = 1693
start_va = 0x70000
end_va = 0x8dfff
monitored = 0
entry_point = 0x8158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1694
start_va = 0x769f0000
end_va = 0x76a4ffff
monitored = 0
entry_point = 0x76a0158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1695
start_va = 0x76380000
end_va = 0x7644bfff
monitored = 0
entry_point = 0x7638168b
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 1696
start_va = 0x5d0000
end_va = 0x750fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005d0000"
filename = ""
Region:
id = 1697
start_va = 0x760000
end_va = 0x1b5ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000760000"
filename = ""
Region:
id = 1698
start_va = 0x70000
end_va = 0x81fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "schtasks.exe.mui"
filename = "\\Windows\\SysWOW64\\en-US\\schtasks.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\schtasks.exe.mui")
Region:
id = 1710
start_va = 0x30000
end_va = 0x30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 1711
start_va = 0x90000
end_va = 0x90fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000090000"
filename = ""
Region:
id = 1712
start_va = 0x73ca0000
end_va = 0x73ca8fff
monitored = 0
entry_point = 0x73ca1220
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 1713
start_va = 0x1b60000
end_va = 0x1e2efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1719
start_va = 0x73bb0000
end_va = 0x73c2ffff
monitored = 0
entry_point = 0x73bc37c9
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 1720
start_va = 0x1e30000
end_va = 0x1edffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e30000"
filename = ""
Region:
id = 1728
start_va = 0x1ee0000
end_va = 0x1fbefff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001ee0000"
filename = ""
Region:
id = 1747
start_va = 0x1ff0000
end_va = 0x202ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ff0000"
filename = ""
Region:
id = 1748
start_va = 0x20d0000
end_va = 0x210ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000020d0000"
filename = ""
Region:
id = 1749
start_va = 0x7efd8000
end_va = 0x7efdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd8000"
filename = ""
Region:
id = 1753
start_va = 0xa0000
end_va = 0xa0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000a0000"
filename = ""
Region:
id = 1754
start_va = 0x76880000
end_va = 0x76902fff
monitored = 0
entry_point = 0x768823d2
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 1755
start_va = 0x100000
end_va = 0x100fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000100000"
filename = ""
Region:
id = 1756
start_va = 0x712a0000
end_va = 0x7131cfff
monitored = 0
entry_point = 0x712a166a
region_type = mapped_file
name = "taskschd.dll"
filename = "\\Windows\\SysWOW64\\taskschd.dll" (normalized: "c:\\windows\\syswow64\\taskschd.dll")
Thread:
id = 13
os_tid = 0x234
[0151.552] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x32fc30 | out: lpSystemTimeAsFileTime=0x32fc30*(dwLowDateTime=0xa14f20a0, dwHighDateTime=0x1d8a010))
[0151.552] GetCurrentProcessId () returned 0x5b8
[0151.552] GetCurrentThreadId () returned 0x234
[0151.552] GetTickCount () returned 0x19e968c
[0151.552] RtlQueryPerformanceCounter () returned 0x1
[0151.553] GetModuleHandleA (lpModuleName=0x0) returned 0x140000
[0151.553] __set_app_type (_Type=0x1)
[0151.553] __p__fmode () returned 0x753631f4
[0151.553] __p__commode () returned 0x753631fc
[0151.553] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x157881) returned 0x0
[0151.553] __wgetmainargs (in: _Argc=0x169e6c, _Argv=0x169e74, _Env=0x169e70, _DoWildCard=0, _StartInfo=0x169e80 | out: _Argc=0x169e6c, _Argv=0x169e74, _Env=0x169e70) returned 0
[0151.554] _onexit (_Func=0x160fe2) returned 0x160fe2
[0151.554] _onexit (_Func=0x160ff3) returned 0x160ff3
[0151.554] _onexit (_Func=0x161002) returned 0x161002
[0151.554] _onexit (_Func=0x16101e) returned 0x16101e
[0151.555] _onexit (_Func=0x16103a) returned 0x16103a
[0151.555] _onexit (_Func=0x161056) returned 0x161056
[0151.555] _onexit (_Func=0x161072) returned 0x161072
[0151.555] _onexit (_Func=0x16108e) returned 0x16108e
[0151.555] _onexit (_Func=0x1610aa) returned 0x1610aa
[0151.555] _onexit (_Func=0x1610c6) returned 0x1610c6
[0151.556] _onexit (_Func=0x1610e2) returned 0x1610e2
[0151.556] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0151.556] WinSqmIsOptedIn () returned 0x0
[0151.556] GetProcessHeap () returned 0x340000
[0151.556] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x10) returned 0x34f098
[0151.556] SetLastError (dwErrCode=0x0)
[0151.557] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0151.557] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0151.557] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b
[0151.557] VerifyVersionInfoW (in: lpVersionInformation=0x32f6a8, dwTypeMask=0x3, dwlConditionMask=0x1801b | out: lpVersionInformation=0x32f6a8) returned 1
[0151.557] GetProcessHeap () returned 0x340000
[0151.557] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x10) returned 0x354be8
[0151.557] lstrlenW (lpString="") returned 0
[0151.557] GetProcessHeap () returned 0x340000
[0151.557] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x2) returned 0x354fd0
[0151.557] GetProcessHeap () returned 0x340000
[0151.557] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x354fe0
[0151.557] GetProcessHeap () returned 0x340000
[0151.557] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x10) returned 0x354c00
[0151.557] GetProcessHeap () returned 0x340000
[0151.557] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x355000
[0151.557] GetProcessHeap () returned 0x340000
[0151.557] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x355020
[0151.557] GetProcessHeap () returned 0x340000
[0151.557] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x355040
[0151.557] GetProcessHeap () returned 0x340000
[0151.557] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x355060
[0151.557] GetProcessHeap () returned 0x340000
[0151.557] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x10) returned 0x354c18
[0151.557] GetProcessHeap () returned 0x340000
[0151.557] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x355080
[0151.557] GetProcessHeap () returned 0x340000
[0151.557] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x3550a0
[0151.558] GetProcessHeap () returned 0x340000
[0151.558] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x3550c0
[0151.558] GetProcessHeap () returned 0x340000
[0151.558] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x3550e0
[0151.558] GetProcessHeap () returned 0x340000
[0151.558] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x10) returned 0x354c30
[0151.558] GetProcessHeap () returned 0x340000
[0151.558] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x355100
[0151.558] GetProcessHeap () returned 0x340000
[0151.558] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x355120
[0151.558] GetProcessHeap () returned 0x340000
[0151.558] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x355158
[0151.558] GetProcessHeap () returned 0x340000
[0151.558] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x355178
[0151.558] SetThreadUILanguage (LangId=0x0) returned 0x409
[0151.558] SetLastError (dwErrCode=0x0)
[0151.559] GetProcessHeap () returned 0x340000
[0151.559] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x355198
[0151.559] GetProcessHeap () returned 0x340000
[0151.559] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x3551b8
[0151.559] GetProcessHeap () returned 0x340000
[0151.559] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x3551d8
[0151.559] GetProcessHeap () returned 0x340000
[0151.559] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x3551f8
[0151.559] GetProcessHeap () returned 0x340000
[0151.559] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x355218
[0151.559] GetProcessHeap () returned 0x340000
[0151.559] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x10) returned 0x354c48
[0151.559] _memicmp (_Buf1=0x354c48, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.559] GetProcessHeap () returned 0x340000
[0151.559] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x208) returned 0x355ac0
[0151.559] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x355ac0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20
[0151.559] LoadLibraryExA (lpLibFileName="VERSION.dll", hFile=0x0, dwFlags=0x0) returned 0x73ca0000
[0151.562] GetProcAddress (hModule=0x73ca0000, lpProcName="GetFileVersionInfoSizeW") returned 0x73ca19d9
[0151.562] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x744
[0151.562] GetProcessHeap () returned 0x340000
[0151.562] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x74e) returned 0x355cd0
[0151.562] GetProcAddress (hModule=0x73ca0000, lpProcName="GetFileVersionInfoW") returned 0x73ca19f4
[0151.562] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x74e, lpData=0x355cd0 | out: lpData=0x355cd0) returned 1
[0151.563] GetProcAddress (hModule=0x73ca0000, lpProcName="VerQueryValueW") returned 0x73ca1b51
[0151.563] VerQueryValueW (in: pBlock=0x355cd0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x32f7b0, puLen=0x32f7b4 | out: lplpBuffer=0x32f7b0*=0x35606c, puLen=0x32f7b4) returned 1
[0151.566] _memicmp (_Buf1=0x354c48, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.566] _vsnwprintf (in: _Buffer=0x355ac0, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0x32f798 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37
[0151.566] VerQueryValueW (in: pBlock=0x355cd0, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0x32f7c0, puLen=0x32f7bc | out: lplpBuffer=0x32f7c0*=0x355e98, puLen=0x32f7bc) returned 1
[0151.566] lstrlenW (lpString="schtasks.exe") returned 12
[0151.566] lstrlenW (lpString="schtasks.exe") returned 12
[0151.566] lstrlenW (lpString=".EXE") returned 4
[0151.566] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe"
[0151.568] lstrlenW (lpString="schtasks.exe") returned 12
[0151.568] lstrlenW (lpString=".EXE") returned 4
[0151.568] _memicmp (_Buf1=0x354c48, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.568] lstrlenW (lpString="schtasks") returned 8
[0151.568] GetProcessHeap () returned 0x340000
[0151.568] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x355258
[0151.568] GetProcessHeap () returned 0x340000
[0151.568] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x355278
[0151.568] GetProcessHeap () returned 0x340000
[0151.568] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x355298
[0151.568] GetProcessHeap () returned 0x340000
[0151.568] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x3552b8
[0151.568] GetProcessHeap () returned 0x340000
[0151.568] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x10) returned 0x354ca8
[0151.568] _memicmp (_Buf1=0x354ca8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.568] GetProcessHeap () returned 0x340000
[0151.568] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0xa0) returned 0x3566b0
[0151.568] GetProcessHeap () returned 0x340000
[0151.568] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x3552d8
[0151.568] GetProcessHeap () returned 0x340000
[0151.568] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x3552f8
[0151.568] GetProcessHeap () returned 0x340000
[0151.568] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x355318
[0151.568] GetProcessHeap () returned 0x340000
[0151.568] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x10) returned 0x354cc0
[0151.569] _memicmp (_Buf1=0x354cc0, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.569] GetProcessHeap () returned 0x340000
[0151.569] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x200) returned 0x356758
[0151.569] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x356758, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17
[0151.569] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23
[0151.569] GetProcessHeap () returned 0x340000
[0151.569] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x30) returned 0x356960
[0151.569] _vsnwprintf (in: _Buffer=0x3566b0, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0x32f79c | out: _Buffer="Type \"SCHTASKS /?\" for usage.") returned 29
[0151.569] GetProcessHeap () returned 0x340000
[0151.569] GetProcessHeap () returned 0x340000
[0151.569] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x355cd0) returned 1
[0151.569] GetProcessHeap () returned 0x340000
[0151.569] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x355cd0) returned 0x74e
[0151.570] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x355cd0 | out: hHeap=0x340000) returned 1
[0151.570] SetLastError (dwErrCode=0x0)
[0151.570] GetThreadLocale () returned 0x409
[0151.570] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.570] lstrlenW (lpString="?") returned 1
[0151.570] GetThreadLocale () returned 0x409
[0151.570] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.570] lstrlenW (lpString="create") returned 6
[0151.570] GetThreadLocale () returned 0x409
[0151.570] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.570] lstrlenW (lpString="delete") returned 6
[0151.570] GetThreadLocale () returned 0x409
[0151.570] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.570] lstrlenW (lpString="query") returned 5
[0151.570] GetThreadLocale () returned 0x409
[0151.570] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.570] lstrlenW (lpString="change") returned 6
[0151.570] GetThreadLocale () returned 0x409
[0151.570] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.570] lstrlenW (lpString="run") returned 3
[0151.570] GetThreadLocale () returned 0x409
[0151.570] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.570] lstrlenW (lpString="end") returned 3
[0151.570] GetThreadLocale () returned 0x409
[0151.571] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.571] lstrlenW (lpString="showsid") returned 7
[0151.571] GetThreadLocale () returned 0x409
[0151.571] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.571] SetLastError (dwErrCode=0x0)
[0151.571] SetLastError (dwErrCode=0x0)
[0151.571] lstrlenW (lpString="/Create") returned 7
[0151.571] lstrlenW (lpString="-/") returned 2
[0151.571] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0151.571] lstrlenW (lpString="?") returned 1
[0151.571] lstrlenW (lpString="?") returned 1
[0151.571] GetProcessHeap () returned 0x340000
[0151.571] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x10) returned 0x354cd8
[0151.571] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.571] GetProcessHeap () returned 0x340000
[0151.571] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0xa) returned 0x354cf0
[0151.571] lstrlenW (lpString="Create") returned 6
[0151.571] GetProcessHeap () returned 0x340000
[0151.571] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x10) returned 0x354d08
[0151.571] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.571] GetProcessHeap () returned 0x340000
[0151.571] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x355338
[0151.571] _vsnwprintf (in: _Buffer=0x354cf0, _BufferCount=0x4, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|?|") returned 3
[0151.571] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x9, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|Create|") returned 8
[0151.571] lstrlenW (lpString="|?|") returned 3
[0151.571] lstrlenW (lpString="|Create|") returned 8
[0151.571] SetLastError (dwErrCode=0x490)
[0151.571] lstrlenW (lpString="create") returned 6
[0151.571] lstrlenW (lpString="create") returned 6
[0151.572] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.572] GetProcessHeap () returned 0x340000
[0151.572] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x354cf0) returned 1
[0151.572] GetProcessHeap () returned 0x340000
[0151.572] RtlReAllocateHeap (Heap=0x340000, Flags=0xc, Ptr=0x354cf0, Size=0x14) returned 0x355358
[0151.572] lstrlenW (lpString="Create") returned 6
[0151.572] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.572] _vsnwprintf (in: _Buffer=0x355358, _BufferCount=0x9, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|create|") returned 8
[0151.572] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x9, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|Create|") returned 8
[0151.572] lstrlenW (lpString="|create|") returned 8
[0151.572] lstrlenW (lpString="|Create|") returned 8
[0151.572] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|"
[0151.572] SetLastError (dwErrCode=0x0)
[0151.572] SetLastError (dwErrCode=0x0)
[0151.572] SetLastError (dwErrCode=0x0)
[0151.572] lstrlenW (lpString="/TN") returned 3
[0151.572] lstrlenW (lpString="-/") returned 2
[0151.572] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0151.572] lstrlenW (lpString="?") returned 1
[0151.572] lstrlenW (lpString="?") returned 1
[0151.572] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.572] lstrlenW (lpString="TN") returned 2
[0151.572] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.572] _vsnwprintf (in: _Buffer=0x355358, _BufferCount=0x4, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|?|") returned 3
[0151.572] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|TN|") returned 4
[0151.572] lstrlenW (lpString="|?|") returned 3
[0151.572] lstrlenW (lpString="|TN|") returned 4
[0151.573] SetLastError (dwErrCode=0x490)
[0151.573] lstrlenW (lpString="create") returned 6
[0151.573] lstrlenW (lpString="create") returned 6
[0151.573] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.573] lstrlenW (lpString="TN") returned 2
[0151.573] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.573] _vsnwprintf (in: _Buffer=0x355358, _BufferCount=0x9, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|create|") returned 8
[0151.573] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|TN|") returned 4
[0151.573] lstrlenW (lpString="|create|") returned 8
[0151.573] lstrlenW (lpString="|TN|") returned 4
[0151.573] StrStrIW (lpFirst="|create|", lpSrch="|TN|") returned 0x0
[0151.573] SetLastError (dwErrCode=0x490)
[0151.573] lstrlenW (lpString="delete") returned 6
[0151.573] lstrlenW (lpString="delete") returned 6
[0151.573] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.573] lstrlenW (lpString="TN") returned 2
[0151.573] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.573] _vsnwprintf (in: _Buffer=0x355358, _BufferCount=0x9, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|delete|") returned 8
[0151.573] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|TN|") returned 4
[0151.573] lstrlenW (lpString="|delete|") returned 8
[0151.573] lstrlenW (lpString="|TN|") returned 4
[0151.573] StrStrIW (lpFirst="|delete|", lpSrch="|TN|") returned 0x0
[0151.573] SetLastError (dwErrCode=0x490)
[0151.573] lstrlenW (lpString="query") returned 5
[0151.573] lstrlenW (lpString="query") returned 5
[0151.573] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.573] lstrlenW (lpString="TN") returned 2
[0151.573] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.574] _vsnwprintf (in: _Buffer=0x355358, _BufferCount=0x8, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|query|") returned 7
[0151.574] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|TN|") returned 4
[0151.574] lstrlenW (lpString="|query|") returned 7
[0151.574] lstrlenW (lpString="|TN|") returned 4
[0151.574] StrStrIW (lpFirst="|query|", lpSrch="|TN|") returned 0x0
[0151.574] SetLastError (dwErrCode=0x490)
[0151.574] lstrlenW (lpString="change") returned 6
[0151.574] lstrlenW (lpString="change") returned 6
[0151.574] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.574] lstrlenW (lpString="TN") returned 2
[0151.574] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.574] _vsnwprintf (in: _Buffer=0x355358, _BufferCount=0x9, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|change|") returned 8
[0151.574] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|TN|") returned 4
[0151.574] lstrlenW (lpString="|change|") returned 8
[0151.574] lstrlenW (lpString="|TN|") returned 4
[0151.574] StrStrIW (lpFirst="|change|", lpSrch="|TN|") returned 0x0
[0151.574] SetLastError (dwErrCode=0x490)
[0151.574] lstrlenW (lpString="run") returned 3
[0151.574] lstrlenW (lpString="run") returned 3
[0151.574] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.574] lstrlenW (lpString="TN") returned 2
[0151.574] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.574] _vsnwprintf (in: _Buffer=0x355358, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|run|") returned 5
[0151.574] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|TN|") returned 4
[0151.574] lstrlenW (lpString="|run|") returned 5
[0151.574] lstrlenW (lpString="|TN|") returned 4
[0151.574] StrStrIW (lpFirst="|run|", lpSrch="|TN|") returned 0x0
[0151.574] SetLastError (dwErrCode=0x490)
[0151.574] lstrlenW (lpString="end") returned 3
[0151.575] lstrlenW (lpString="end") returned 3
[0151.575] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.575] lstrlenW (lpString="TN") returned 2
[0151.575] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.575] _vsnwprintf (in: _Buffer=0x355358, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|end|") returned 5
[0151.575] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|TN|") returned 4
[0151.575] lstrlenW (lpString="|end|") returned 5
[0151.575] lstrlenW (lpString="|TN|") returned 4
[0151.575] StrStrIW (lpFirst="|end|", lpSrch="|TN|") returned 0x0
[0151.575] SetLastError (dwErrCode=0x490)
[0151.575] lstrlenW (lpString="showsid") returned 7
[0151.575] lstrlenW (lpString="showsid") returned 7
[0151.575] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.575] GetProcessHeap () returned 0x340000
[0151.575] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x355358) returned 1
[0151.575] GetProcessHeap () returned 0x340000
[0151.575] RtlReAllocateHeap (Heap=0x340000, Flags=0xc, Ptr=0x355358, Size=0x16) returned 0x355378
[0151.575] lstrlenW (lpString="TN") returned 2
[0151.575] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.575] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0xa, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|showsid|") returned 9
[0151.575] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|TN|") returned 4
[0151.575] lstrlenW (lpString="|showsid|") returned 9
[0151.575] lstrlenW (lpString="|TN|") returned 4
[0151.575] StrStrIW (lpFirst="|showsid|", lpSrch="|TN|") returned 0x0
[0151.575] SetLastError (dwErrCode=0x490)
[0151.575] SetLastError (dwErrCode=0x490)
[0151.576] SetLastError (dwErrCode=0x0)
[0151.576] lstrlenW (lpString="/TN") returned 3
[0151.576] StrChrIW (lpStart="/TN", wMatch=0x3a) returned 0x0
[0151.576] SetLastError (dwErrCode=0x490)
[0151.576] SetLastError (dwErrCode=0x0)
[0151.576] lstrlenW (lpString="/TN") returned 3
[0151.576] GetProcessHeap () returned 0x340000
[0151.576] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x8) returned 0x356998
[0151.576] GetProcessHeap () returned 0x340000
[0151.576] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x355358
[0151.576] SetLastError (dwErrCode=0x0)
[0151.576] SetLastError (dwErrCode=0x0)
[0151.576] lstrlenW (lpString="Updates\\zwLLFjVv") returned 16
[0151.576] lstrlenW (lpString="-/") returned 2
[0151.576] StrChrIW (lpStart="-/", wMatch=0x55) returned 0x0
[0151.576] SetLastError (dwErrCode=0x490)
[0151.576] SetLastError (dwErrCode=0x490)
[0151.576] SetLastError (dwErrCode=0x0)
[0151.576] lstrlenW (lpString="Updates\\zwLLFjVv") returned 16
[0151.576] StrChrIW (lpStart="Updates\\zwLLFjVv", wMatch=0x3a) returned 0x0
[0151.576] SetLastError (dwErrCode=0x490)
[0151.576] SetLastError (dwErrCode=0x0)
[0151.576] lstrlenW (lpString="Updates\\zwLLFjVv") returned 16
[0151.576] GetProcessHeap () returned 0x340000
[0151.576] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x22) returned 0x3569a8
[0151.576] GetProcessHeap () returned 0x340000
[0151.576] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x355398
[0151.576] SetLastError (dwErrCode=0x0)
[0151.576] SetLastError (dwErrCode=0x0)
[0151.576] lstrlenW (lpString="/XML") returned 4
[0151.576] lstrlenW (lpString="-/") returned 2
[0151.576] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0151.576] lstrlenW (lpString="?") returned 1
[0151.577] lstrlenW (lpString="?") returned 1
[0151.577] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.577] lstrlenW (lpString="XML") returned 3
[0151.577] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.577] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x4, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|?|") returned 3
[0151.577] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|XML|") returned 5
[0151.577] lstrlenW (lpString="|?|") returned 3
[0151.577] lstrlenW (lpString="|XML|") returned 5
[0151.577] SetLastError (dwErrCode=0x490)
[0151.577] lstrlenW (lpString="create") returned 6
[0151.577] lstrlenW (lpString="create") returned 6
[0151.577] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.577] lstrlenW (lpString="XML") returned 3
[0151.577] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.577] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x9, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|create|") returned 8
[0151.577] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|XML|") returned 5
[0151.577] lstrlenW (lpString="|create|") returned 8
[0151.577] lstrlenW (lpString="|XML|") returned 5
[0151.577] StrStrIW (lpFirst="|create|", lpSrch="|XML|") returned 0x0
[0151.577] SetLastError (dwErrCode=0x490)
[0151.577] lstrlenW (lpString="delete") returned 6
[0151.577] lstrlenW (lpString="delete") returned 6
[0151.577] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.577] lstrlenW (lpString="XML") returned 3
[0151.577] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.577] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x9, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|delete|") returned 8
[0151.577] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|XML|") returned 5
[0151.577] lstrlenW (lpString="|delete|") returned 8
[0151.577] lstrlenW (lpString="|XML|") returned 5
[0151.577] StrStrIW (lpFirst="|delete|", lpSrch="|XML|") returned 0x0
[0151.577] SetLastError (dwErrCode=0x490)
[0151.578] lstrlenW (lpString="query") returned 5
[0151.578] lstrlenW (lpString="query") returned 5
[0151.578] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.578] lstrlenW (lpString="XML") returned 3
[0151.578] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.578] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x8, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|query|") returned 7
[0151.578] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|XML|") returned 5
[0151.578] lstrlenW (lpString="|query|") returned 7
[0151.578] lstrlenW (lpString="|XML|") returned 5
[0151.578] StrStrIW (lpFirst="|query|", lpSrch="|XML|") returned 0x0
[0151.578] SetLastError (dwErrCode=0x490)
[0151.578] lstrlenW (lpString="change") returned 6
[0151.578] lstrlenW (lpString="change") returned 6
[0151.578] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.578] lstrlenW (lpString="XML") returned 3
[0151.578] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.578] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x9, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|change|") returned 8
[0151.578] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|XML|") returned 5
[0151.578] lstrlenW (lpString="|change|") returned 8
[0151.578] lstrlenW (lpString="|XML|") returned 5
[0151.578] StrStrIW (lpFirst="|change|", lpSrch="|XML|") returned 0x0
[0151.578] SetLastError (dwErrCode=0x490)
[0151.578] lstrlenW (lpString="run") returned 3
[0151.578] lstrlenW (lpString="run") returned 3
[0151.578] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.578] lstrlenW (lpString="XML") returned 3
[0151.578] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.579] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|run|") returned 5
[0151.579] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|XML|") returned 5
[0151.579] lstrlenW (lpString="|run|") returned 5
[0151.579] lstrlenW (lpString="|XML|") returned 5
[0151.579] StrStrIW (lpFirst="|run|", lpSrch="|XML|") returned 0x0
[0151.579] SetLastError (dwErrCode=0x490)
[0151.579] lstrlenW (lpString="end") returned 3
[0151.579] lstrlenW (lpString="end") returned 3
[0151.579] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.579] lstrlenW (lpString="XML") returned 3
[0151.579] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.579] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|end|") returned 5
[0151.579] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|XML|") returned 5
[0151.579] lstrlenW (lpString="|end|") returned 5
[0151.579] lstrlenW (lpString="|XML|") returned 5
[0151.579] StrStrIW (lpFirst="|end|", lpSrch="|XML|") returned 0x0
[0151.579] SetLastError (dwErrCode=0x490)
[0151.579] lstrlenW (lpString="showsid") returned 7
[0151.579] lstrlenW (lpString="showsid") returned 7
[0151.579] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.579] lstrlenW (lpString="XML") returned 3
[0151.579] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.579] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0xa, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|showsid|") returned 9
[0151.579] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32f784 | out: _Buffer="|XML|") returned 5
[0151.579] lstrlenW (lpString="|showsid|") returned 9
[0151.579] lstrlenW (lpString="|XML|") returned 5
[0151.579] StrStrIW (lpFirst="|showsid|", lpSrch="|XML|") returned 0x0
[0151.579] SetLastError (dwErrCode=0x490)
[0151.579] SetLastError (dwErrCode=0x490)
[0151.579] SetLastError (dwErrCode=0x0)
[0151.579] lstrlenW (lpString="/XML") returned 4
[0151.580] StrChrIW (lpStart="/XML", wMatch=0x3a) returned 0x0
[0151.580] SetLastError (dwErrCode=0x490)
[0151.580] SetLastError (dwErrCode=0x0)
[0151.580] lstrlenW (lpString="/XML") returned 4
[0151.580] GetProcessHeap () returned 0x340000
[0151.580] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0xa) returned 0x354cf0
[0151.580] GetProcessHeap () returned 0x340000
[0151.580] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x3553b8
[0151.580] SetLastError (dwErrCode=0x0)
[0151.580] SetLastError (dwErrCode=0x0)
[0151.580] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9370.tmp") returned 49
[0151.580] lstrlenW (lpString="-/") returned 2
[0151.580] StrChrIW (lpStart="-/", wMatch=0x43) returned 0x0
[0151.580] SetLastError (dwErrCode=0x490)
[0151.580] SetLastError (dwErrCode=0x490)
[0151.580] SetLastError (dwErrCode=0x0)
[0151.580] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9370.tmp") returned 49
[0151.580] StrChrIW (lpStart="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9370.tmp", wMatch=0x3a) returned=":\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9370.tmp"
[0151.580] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9370.tmp") returned 49
[0151.580] GetProcessHeap () returned 0x340000
[0151.580] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x10) returned 0x354d20
[0151.580] _memicmp (_Buf1=0x354d20, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.580] GetProcessHeap () returned 0x340000
[0151.580] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0xc) returned 0x354d38
[0151.580] GetProcessHeap () returned 0x340000
[0151.580] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x10) returned 0x354d50
[0151.580] _memicmp (_Buf1=0x354d50, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.580] GetProcessHeap () returned 0x340000
[0151.580] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x68) returned 0x3569d8
[0151.580] SetLastError (dwErrCode=0x7a)
[0151.580] SetLastError (dwErrCode=0x0)
[0151.580] SetLastError (dwErrCode=0x0)
[0151.580] lstrlenW (lpString="C") returned 1
[0151.580] SetLastError (dwErrCode=0x490)
[0151.580] SetLastError (dwErrCode=0x0)
[0151.581] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9370.tmp") returned 49
[0151.581] GetProcessHeap () returned 0x340000
[0151.581] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x64) returned 0x356a48
[0151.581] GetProcessHeap () returned 0x340000
[0151.581] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x3553d8
[0151.581] SetLastError (dwErrCode=0x0)
[0151.581] GetProcessHeap () returned 0x340000
[0151.581] GetProcessHeap () returned 0x340000
[0151.581] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x356998) returned 1
[0151.581] GetProcessHeap () returned 0x340000
[0151.581] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x356998) returned 0x8
[0151.581] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x356998 | out: hHeap=0x340000) returned 1
[0151.581] GetProcessHeap () returned 0x340000
[0151.581] GetProcessHeap () returned 0x340000
[0151.581] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x355358) returned 1
[0151.581] GetProcessHeap () returned 0x340000
[0151.581] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x355358) returned 0x14
[0151.581] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x355358 | out: hHeap=0x340000) returned 1
[0151.581] GetProcessHeap () returned 0x340000
[0151.581] GetProcessHeap () returned 0x340000
[0151.581] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x3569a8) returned 1
[0151.581] GetProcessHeap () returned 0x340000
[0151.581] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x3569a8) returned 0x22
[0151.582] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x3569a8 | out: hHeap=0x340000) returned 1
[0151.582] GetProcessHeap () returned 0x340000
[0151.582] GetProcessHeap () returned 0x340000
[0151.582] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x355398) returned 1
[0151.582] GetProcessHeap () returned 0x340000
[0151.582] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x355398) returned 0x14
[0151.582] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x355398 | out: hHeap=0x340000) returned 1
[0151.582] GetProcessHeap () returned 0x340000
[0151.582] GetProcessHeap () returned 0x340000
[0151.582] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x354cf0) returned 1
[0151.582] GetProcessHeap () returned 0x340000
[0151.582] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x354cf0) returned 0xa
[0151.582] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x354cf0 | out: hHeap=0x340000) returned 1
[0151.582] GetProcessHeap () returned 0x340000
[0151.582] GetProcessHeap () returned 0x340000
[0151.582] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x3553b8) returned 1
[0151.582] GetProcessHeap () returned 0x340000
[0151.582] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x3553b8) returned 0x14
[0151.582] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x3553b8 | out: hHeap=0x340000) returned 1
[0151.582] GetProcessHeap () returned 0x340000
[0151.582] GetProcessHeap () returned 0x340000
[0151.582] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x356a48) returned 1
[0151.582] GetProcessHeap () returned 0x340000
[0151.582] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x356a48) returned 0x64
[0151.583] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x356a48 | out: hHeap=0x340000) returned 1
[0151.583] GetProcessHeap () returned 0x340000
[0151.583] GetProcessHeap () returned 0x340000
[0151.583] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x3553d8) returned 1
[0151.583] GetProcessHeap () returned 0x340000
[0151.583] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x3553d8) returned 0x14
[0151.583] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x3553d8 | out: hHeap=0x340000) returned 1
[0151.583] GetProcessHeap () returned 0x340000
[0151.583] GetProcessHeap () returned 0x340000
[0151.583] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x34f098) returned 1
[0151.583] GetProcessHeap () returned 0x340000
[0151.583] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x34f098) returned 0x10
[0151.583] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x34f098 | out: hHeap=0x340000) returned 1
[0151.584] SetLastError (dwErrCode=0x0)
[0151.584] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0151.584] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0151.584] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b
[0151.584] VerifyVersionInfoW (in: lpVersionInformation=0x32cb9c, dwTypeMask=0x3, dwlConditionMask=0x1801b | out: lpVersionInformation=0x32cb9c) returned 1
[0151.584] SetLastError (dwErrCode=0x0)
[0151.584] lstrlenW (lpString="create") returned 6
[0151.584] StrChrIW (lpStart="create", wMatch=0x7c) returned 0x0
[0151.584] SetLastError (dwErrCode=0x490)
[0151.584] SetLastError (dwErrCode=0x0)
[0151.584] lstrlenW (lpString="create") returned 6
[0151.584] GetProcessHeap () returned 0x340000
[0151.584] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x3553d8
[0151.584] GetProcessHeap () returned 0x340000
[0151.584] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x10) returned 0x34f098
[0151.584] _memicmp (_Buf1=0x34f098, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.584] GetProcessHeap () returned 0x340000
[0151.584] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x16) returned 0x3553b8
[0151.584] SetLastError (dwErrCode=0x0)
[0151.584] _memicmp (_Buf1=0x354c48, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.584] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x355ac0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20
[0151.584] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x744
[0151.585] GetProcessHeap () returned 0x340000
[0151.585] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x74e) returned 0x355cd0
[0151.585] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x74e, lpData=0x355cd0 | out: lpData=0x355cd0) returned 1
[0151.585] VerQueryValueW (in: pBlock=0x355cd0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x32cca4, puLen=0x32cca8 | out: lplpBuffer=0x32cca4*=0x35606c, puLen=0x32cca8) returned 1
[0151.585] _memicmp (_Buf1=0x354c48, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.585] _vsnwprintf (in: _Buffer=0x355ac0, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0x32cc8c | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37
[0151.585] VerQueryValueW (in: pBlock=0x355cd0, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0x32ccb4, puLen=0x32ccb0 | out: lplpBuffer=0x32ccb4*=0x355e98, puLen=0x32ccb0) returned 1
[0151.585] lstrlenW (lpString="schtasks.exe") returned 12
[0151.585] lstrlenW (lpString="schtasks.exe") returned 12
[0151.585] lstrlenW (lpString=".EXE") returned 4
[0151.585] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe"
[0151.585] lstrlenW (lpString="schtasks.exe") returned 12
[0151.585] lstrlenW (lpString=".EXE") returned 4
[0151.585] lstrlenW (lpString="schtasks") returned 8
[0151.585] lstrlenW (lpString="/create") returned 7
[0151.585] _memicmp (_Buf1=0x354c48, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.586] _vsnwprintf (in: _Buffer=0x355ac0, _BufferCount=0x19, _Format="%s %s", _ArgList=0x32cc8c | out: _Buffer="schtasks /create") returned 16
[0151.586] _memicmp (_Buf1=0x354ca8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.586] GetProcessHeap () returned 0x340000
[0151.586] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x355398
[0151.586] _memicmp (_Buf1=0x354cc0, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.586] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x356758, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17
[0151.586] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23
[0151.586] GetProcessHeap () returned 0x340000
[0151.586] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x30) returned 0x356998
[0151.586] _vsnwprintf (in: _Buffer=0x3566b0, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0x32cc90 | out: _Buffer="Type \"SCHTASKS /CREATE /?\" for usage.") returned 37
[0151.586] GetProcessHeap () returned 0x340000
[0151.586] GetProcessHeap () returned 0x340000
[0151.586] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x355cd0) returned 1
[0151.586] GetProcessHeap () returned 0x340000
[0151.586] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x355cd0) returned 0x74e
[0151.587] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x355cd0 | out: hHeap=0x340000) returned 1
[0151.587] SetLastError (dwErrCode=0x0)
[0151.587] GetThreadLocale () returned 0x409
[0151.587] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.587] lstrlenW (lpString="create") returned 6
[0151.587] GetThreadLocale () returned 0x409
[0151.587] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.587] lstrlenW (lpString="?") returned 1
[0151.587] GetThreadLocale () returned 0x409
[0151.587] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.587] lstrlenW (lpString="s") returned 1
[0151.587] GetThreadLocale () returned 0x409
[0151.587] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.587] lstrlenW (lpString="u") returned 1
[0151.587] GetThreadLocale () returned 0x409
[0151.587] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.587] lstrlenW (lpString="p") returned 1
[0151.587] GetThreadLocale () returned 0x409
[0151.587] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.587] lstrlenW (lpString="ru") returned 2
[0151.587] GetThreadLocale () returned 0x409
[0151.587] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.587] lstrlenW (lpString="rp") returned 2
[0151.587] GetThreadLocale () returned 0x409
[0151.587] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.587] lstrlenW (lpString="sc") returned 2
[0151.587] GetThreadLocale () returned 0x409
[0151.587] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.587] lstrlenW (lpString="mo") returned 2
[0151.587] GetThreadLocale () returned 0x409
[0151.587] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.588] lstrlenW (lpString="d") returned 1
[0151.588] GetThreadLocale () returned 0x409
[0151.588] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.588] lstrlenW (lpString="m") returned 1
[0151.588] GetThreadLocale () returned 0x409
[0151.588] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.588] lstrlenW (lpString="i") returned 1
[0151.588] GetThreadLocale () returned 0x409
[0151.588] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.588] lstrlenW (lpString="tn") returned 2
[0151.588] GetThreadLocale () returned 0x409
[0151.588] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.588] lstrlenW (lpString="tr") returned 2
[0151.588] GetThreadLocale () returned 0x409
[0151.588] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.588] lstrlenW (lpString="st") returned 2
[0151.588] GetThreadLocale () returned 0x409
[0151.588] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.588] lstrlenW (lpString="sd") returned 2
[0151.588] GetThreadLocale () returned 0x409
[0151.588] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.588] lstrlenW (lpString="ed") returned 2
[0151.588] GetThreadLocale () returned 0x409
[0151.588] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.588] lstrlenW (lpString="it") returned 2
[0151.588] GetThreadLocale () returned 0x409
[0151.588] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.588] lstrlenW (lpString="et") returned 2
[0151.588] GetThreadLocale () returned 0x409
[0151.588] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.588] lstrlenW (lpString="k") returned 1
[0151.588] GetThreadLocale () returned 0x409
[0151.589] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.589] lstrlenW (lpString="du") returned 2
[0151.589] GetThreadLocale () returned 0x409
[0151.589] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.589] lstrlenW (lpString="ri") returned 2
[0151.589] GetThreadLocale () returned 0x409
[0151.589] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.589] lstrlenW (lpString="z") returned 1
[0151.589] GetThreadLocale () returned 0x409
[0151.589] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.589] lstrlenW (lpString="f") returned 1
[0151.589] GetThreadLocale () returned 0x409
[0151.589] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.589] lstrlenW (lpString="v1") returned 2
[0151.589] GetThreadLocale () returned 0x409
[0151.589] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.589] lstrlenW (lpString="xml") returned 3
[0151.589] GetThreadLocale () returned 0x409
[0151.589] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.589] lstrlenW (lpString="ec") returned 2
[0151.589] GetThreadLocale () returned 0x409
[0151.589] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.589] lstrlenW (lpString="rl") returned 2
[0151.589] GetThreadLocale () returned 0x409
[0151.589] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.589] lstrlenW (lpString="delay") returned 5
[0151.589] GetThreadLocale () returned 0x409
[0151.589] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0151.589] lstrlenW (lpString="np") returned 2
[0151.589] SetLastError (dwErrCode=0x0)
[0151.590] SetLastError (dwErrCode=0x0)
[0151.590] lstrlenW (lpString="/Create") returned 7
[0151.590] lstrlenW (lpString="-/") returned 2
[0151.590] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0151.590] lstrlenW (lpString="create") returned 6
[0151.590] lstrlenW (lpString="create") returned 6
[0151.590] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.590] lstrlenW (lpString="Create") returned 6
[0151.590] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.590] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x9, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|create|") returned 8
[0151.590] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x9, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|Create|") returned 8
[0151.590] lstrlenW (lpString="|create|") returned 8
[0151.590] lstrlenW (lpString="|Create|") returned 8
[0151.590] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|"
[0151.590] SetLastError (dwErrCode=0x0)
[0151.590] SetLastError (dwErrCode=0x0)
[0151.590] SetLastError (dwErrCode=0x0)
[0151.590] lstrlenW (lpString="/TN") returned 3
[0151.590] lstrlenW (lpString="-/") returned 2
[0151.590] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0151.590] lstrlenW (lpString="create") returned 6
[0151.590] lstrlenW (lpString="create") returned 6
[0151.590] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.591] lstrlenW (lpString="TN") returned 2
[0151.591] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.591] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x9, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|create|") returned 8
[0151.591] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|TN|") returned 4
[0151.591] lstrlenW (lpString="|create|") returned 8
[0151.591] lstrlenW (lpString="|TN|") returned 4
[0151.591] StrStrIW (lpFirst="|create|", lpSrch="|TN|") returned 0x0
[0151.591] SetLastError (dwErrCode=0x490)
[0151.591] lstrlenW (lpString="?") returned 1
[0151.591] lstrlenW (lpString="?") returned 1
[0151.591] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.591] lstrlenW (lpString="TN") returned 2
[0151.591] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.591] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x4, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|?|") returned 3
[0151.591] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|TN|") returned 4
[0151.591] lstrlenW (lpString="|?|") returned 3
[0151.591] lstrlenW (lpString="|TN|") returned 4
[0151.591] SetLastError (dwErrCode=0x490)
[0151.591] lstrlenW (lpString="s") returned 1
[0151.591] lstrlenW (lpString="s") returned 1
[0151.591] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.591] lstrlenW (lpString="TN") returned 2
[0151.591] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.591] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x4, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|s|") returned 3
[0151.591] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|TN|") returned 4
[0151.592] lstrlenW (lpString="|s|") returned 3
[0151.592] lstrlenW (lpString="|TN|") returned 4
[0151.592] SetLastError (dwErrCode=0x490)
[0151.592] lstrlenW (lpString="u") returned 1
[0151.592] lstrlenW (lpString="u") returned 1
[0151.592] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.592] lstrlenW (lpString="TN") returned 2
[0151.592] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.592] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x4, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|u|") returned 3
[0151.592] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|TN|") returned 4
[0151.592] lstrlenW (lpString="|u|") returned 3
[0151.592] lstrlenW (lpString="|TN|") returned 4
[0151.592] SetLastError (dwErrCode=0x490)
[0151.592] lstrlenW (lpString="p") returned 1
[0151.592] lstrlenW (lpString="p") returned 1
[0151.592] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.592] lstrlenW (lpString="TN") returned 2
[0151.592] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.592] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x4, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|p|") returned 3
[0151.592] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|TN|") returned 4
[0151.592] lstrlenW (lpString="|p|") returned 3
[0151.592] lstrlenW (lpString="|TN|") returned 4
[0151.592] SetLastError (dwErrCode=0x490)
[0151.592] lstrlenW (lpString="ru") returned 2
[0151.592] lstrlenW (lpString="ru") returned 2
[0151.592] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.592] lstrlenW (lpString="TN") returned 2
[0151.592] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.593] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|ru|") returned 4
[0151.593] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|TN|") returned 4
[0151.593] lstrlenW (lpString="|ru|") returned 4
[0151.593] lstrlenW (lpString="|TN|") returned 4
[0151.593] StrStrIW (lpFirst="|ru|", lpSrch="|TN|") returned 0x0
[0151.593] SetLastError (dwErrCode=0x490)
[0151.593] lstrlenW (lpString="rp") returned 2
[0151.593] lstrlenW (lpString="rp") returned 2
[0151.593] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.593] lstrlenW (lpString="TN") returned 2
[0151.593] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.593] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|rp|") returned 4
[0151.593] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|TN|") returned 4
[0151.593] lstrlenW (lpString="|rp|") returned 4
[0151.593] lstrlenW (lpString="|TN|") returned 4
[0151.593] StrStrIW (lpFirst="|rp|", lpSrch="|TN|") returned 0x0
[0151.593] SetLastError (dwErrCode=0x490)
[0151.593] lstrlenW (lpString="sc") returned 2
[0151.593] lstrlenW (lpString="sc") returned 2
[0151.593] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.593] lstrlenW (lpString="TN") returned 2
[0151.593] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.593] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|sc|") returned 4
[0151.593] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|TN|") returned 4
[0151.593] lstrlenW (lpString="|sc|") returned 4
[0151.593] lstrlenW (lpString="|TN|") returned 4
[0151.593] StrStrIW (lpFirst="|sc|", lpSrch="|TN|") returned 0x0
[0151.593] SetLastError (dwErrCode=0x490)
[0151.593] lstrlenW (lpString="mo") returned 2
[0151.593] lstrlenW (lpString="mo") returned 2
[0151.593] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.594] lstrlenW (lpString="TN") returned 2
[0151.594] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.594] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|mo|") returned 4
[0151.703] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|TN|") returned 4
[0151.703] lstrlenW (lpString="|mo|") returned 4
[0151.703] lstrlenW (lpString="|TN|") returned 4
[0151.703] StrStrIW (lpFirst="|mo|", lpSrch="|TN|") returned 0x0
[0151.703] SetLastError (dwErrCode=0x490)
[0151.703] lstrlenW (lpString="d") returned 1
[0151.703] lstrlenW (lpString="d") returned 1
[0151.703] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.703] lstrlenW (lpString="TN") returned 2
[0151.703] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.703] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x4, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|d|") returned 3
[0151.704] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|TN|") returned 4
[0151.704] lstrlenW (lpString="|d|") returned 3
[0151.704] lstrlenW (lpString="|TN|") returned 4
[0151.704] SetLastError (dwErrCode=0x490)
[0151.704] lstrlenW (lpString="m") returned 1
[0151.704] lstrlenW (lpString="m") returned 1
[0151.704] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.704] lstrlenW (lpString="TN") returned 2
[0151.704] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.704] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x4, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|m|") returned 3
[0151.704] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|TN|") returned 4
[0151.704] lstrlenW (lpString="|m|") returned 3
[0151.704] lstrlenW (lpString="|TN|") returned 4
[0151.704] SetLastError (dwErrCode=0x490)
[0151.704] lstrlenW (lpString="i") returned 1
[0151.704] lstrlenW (lpString="i") returned 1
[0151.704] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.704] lstrlenW (lpString="TN") returned 2
[0151.704] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.704] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x4, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|i|") returned 3
[0151.704] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|TN|") returned 4
[0151.704] lstrlenW (lpString="|i|") returned 3
[0151.704] lstrlenW (lpString="|TN|") returned 4
[0151.704] SetLastError (dwErrCode=0x490)
[0151.704] lstrlenW (lpString="tn") returned 2
[0151.705] lstrlenW (lpString="tn") returned 2
[0151.705] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.705] lstrlenW (lpString="TN") returned 2
[0151.705] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.705] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|tn|") returned 4
[0151.705] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|TN|") returned 4
[0151.705] lstrlenW (lpString="|tn|") returned 4
[0151.705] lstrlenW (lpString="|TN|") returned 4
[0151.705] StrStrIW (lpFirst="|tn|", lpSrch="|TN|") returned="|tn|"
[0151.705] SetLastError (dwErrCode=0x0)
[0151.705] SetLastError (dwErrCode=0x0)
[0151.705] lstrlenW (lpString="Updates\\zwLLFjVv") returned 16
[0151.705] lstrlenW (lpString="-/") returned 2
[0151.705] StrChrIW (lpStart="-/", wMatch=0x55) returned 0x0
[0151.705] SetLastError (dwErrCode=0x490)
[0151.705] SetLastError (dwErrCode=0x490)
[0151.705] SetLastError (dwErrCode=0x0)
[0151.705] lstrlenW (lpString="Updates\\zwLLFjVv") returned 16
[0151.705] StrChrIW (lpStart="Updates\\zwLLFjVv", wMatch=0x3a) returned 0x0
[0151.705] SetLastError (dwErrCode=0x490)
[0151.705] SetLastError (dwErrCode=0x0)
[0151.705] lstrlenW (lpString="Updates\\zwLLFjVv") returned 16
[0151.705] SetLastError (dwErrCode=0x0)
[0151.705] SetLastError (dwErrCode=0x0)
[0151.705] lstrlenW (lpString="/XML") returned 4
[0151.705] lstrlenW (lpString="-/") returned 2
[0151.706] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0151.706] lstrlenW (lpString="create") returned 6
[0151.706] lstrlenW (lpString="create") returned 6
[0151.706] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.706] lstrlenW (lpString="XML") returned 3
[0151.706] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.706] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x9, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|create|") returned 8
[0151.706] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|XML|") returned 5
[0151.706] lstrlenW (lpString="|create|") returned 8
[0151.706] lstrlenW (lpString="|XML|") returned 5
[0151.706] StrStrIW (lpFirst="|create|", lpSrch="|XML|") returned 0x0
[0151.706] SetLastError (dwErrCode=0x490)
[0151.706] lstrlenW (lpString="?") returned 1
[0151.706] lstrlenW (lpString="?") returned 1
[0151.706] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.706] lstrlenW (lpString="XML") returned 3
[0151.706] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.706] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x4, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|?|") returned 3
[0151.706] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|XML|") returned 5
[0151.706] lstrlenW (lpString="|?|") returned 3
[0151.706] lstrlenW (lpString="|XML|") returned 5
[0151.706] SetLastError (dwErrCode=0x490)
[0151.706] lstrlenW (lpString="s") returned 1
[0151.706] lstrlenW (lpString="s") returned 1
[0151.707] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.707] lstrlenW (lpString="XML") returned 3
[0151.707] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.707] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x4, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|s|") returned 3
[0151.707] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|XML|") returned 5
[0151.707] lstrlenW (lpString="|s|") returned 3
[0151.707] lstrlenW (lpString="|XML|") returned 5
[0151.707] SetLastError (dwErrCode=0x490)
[0151.707] lstrlenW (lpString="u") returned 1
[0151.707] lstrlenW (lpString="u") returned 1
[0151.707] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.707] lstrlenW (lpString="XML") returned 3
[0151.707] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.707] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x4, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|u|") returned 3
[0151.707] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|XML|") returned 5
[0151.707] lstrlenW (lpString="|u|") returned 3
[0151.707] lstrlenW (lpString="|XML|") returned 5
[0151.707] SetLastError (dwErrCode=0x490)
[0151.707] lstrlenW (lpString="p") returned 1
[0151.707] lstrlenW (lpString="p") returned 1
[0151.707] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.707] lstrlenW (lpString="XML") returned 3
[0151.707] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.708] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x4, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|p|") returned 3
[0151.708] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|XML|") returned 5
[0151.708] lstrlenW (lpString="|p|") returned 3
[0151.708] lstrlenW (lpString="|XML|") returned 5
[0151.708] SetLastError (dwErrCode=0x490)
[0151.708] lstrlenW (lpString="ru") returned 2
[0151.708] lstrlenW (lpString="ru") returned 2
[0151.708] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.708] lstrlenW (lpString="XML") returned 3
[0151.708] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.708] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|ru|") returned 4
[0151.708] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|XML|") returned 5
[0151.708] lstrlenW (lpString="|ru|") returned 4
[0151.708] lstrlenW (lpString="|XML|") returned 5
[0151.708] SetLastError (dwErrCode=0x490)
[0151.708] lstrlenW (lpString="rp") returned 2
[0151.708] lstrlenW (lpString="rp") returned 2
[0151.708] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.708] lstrlenW (lpString="XML") returned 3
[0151.708] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.708] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|rp|") returned 4
[0151.708] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|XML|") returned 5
[0151.708] lstrlenW (lpString="|rp|") returned 4
[0151.708] lstrlenW (lpString="|XML|") returned 5
[0151.708] SetLastError (dwErrCode=0x490)
[0151.709] lstrlenW (lpString="sc") returned 2
[0151.709] lstrlenW (lpString="sc") returned 2
[0151.709] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.709] lstrlenW (lpString="XML") returned 3
[0151.709] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.709] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|sc|") returned 4
[0151.709] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|XML|") returned 5
[0151.709] lstrlenW (lpString="|sc|") returned 4
[0151.709] lstrlenW (lpString="|XML|") returned 5
[0151.709] SetLastError (dwErrCode=0x490)
[0151.709] lstrlenW (lpString="mo") returned 2
[0151.709] lstrlenW (lpString="mo") returned 2
[0151.709] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.709] lstrlenW (lpString="XML") returned 3
[0151.709] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.709] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|mo|") returned 4
[0151.709] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|XML|") returned 5
[0151.709] lstrlenW (lpString="|mo|") returned 4
[0151.709] lstrlenW (lpString="|XML|") returned 5
[0151.709] SetLastError (dwErrCode=0x490)
[0151.709] lstrlenW (lpString="d") returned 1
[0151.709] lstrlenW (lpString="d") returned 1
[0151.709] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.710] lstrlenW (lpString="XML") returned 3
[0151.710] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.710] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x4, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|d|") returned 3
[0151.710] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|XML|") returned 5
[0151.710] lstrlenW (lpString="|d|") returned 3
[0151.710] lstrlenW (lpString="|XML|") returned 5
[0151.710] SetLastError (dwErrCode=0x490)
[0151.710] lstrlenW (lpString="m") returned 1
[0151.710] lstrlenW (lpString="m") returned 1
[0151.710] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.710] lstrlenW (lpString="XML") returned 3
[0151.710] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.710] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x4, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|m|") returned 3
[0151.710] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|XML|") returned 5
[0151.710] lstrlenW (lpString="|m|") returned 3
[0151.710] lstrlenW (lpString="|XML|") returned 5
[0151.710] SetLastError (dwErrCode=0x490)
[0151.710] lstrlenW (lpString="i") returned 1
[0151.710] lstrlenW (lpString="i") returned 1
[0151.710] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.710] lstrlenW (lpString="XML") returned 3
[0151.710] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.711] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x4, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|i|") returned 3
[0151.711] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|XML|") returned 5
[0151.711] lstrlenW (lpString="|i|") returned 3
[0151.711] lstrlenW (lpString="|XML|") returned 5
[0151.711] SetLastError (dwErrCode=0x490)
[0151.711] lstrlenW (lpString="tn") returned 2
[0151.711] lstrlenW (lpString="tn") returned 2
[0151.711] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.711] lstrlenW (lpString="XML") returned 3
[0151.711] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.711] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|tn|") returned 4
[0151.711] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|XML|") returned 5
[0151.711] lstrlenW (lpString="|tn|") returned 4
[0151.711] lstrlenW (lpString="|XML|") returned 5
[0151.711] SetLastError (dwErrCode=0x490)
[0151.711] lstrlenW (lpString="tr") returned 2
[0151.711] lstrlenW (lpString="tr") returned 2
[0151.711] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.711] lstrlenW (lpString="XML") returned 3
[0151.711] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.711] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|tr|") returned 4
[0151.711] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|XML|") returned 5
[0151.711] lstrlenW (lpString="|tr|") returned 4
[0151.712] lstrlenW (lpString="|XML|") returned 5
[0151.712] SetLastError (dwErrCode=0x490)
[0151.712] lstrlenW (lpString="st") returned 2
[0151.712] lstrlenW (lpString="st") returned 2
[0151.712] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.712] lstrlenW (lpString="XML") returned 3
[0151.712] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.712] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|st|") returned 4
[0151.712] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|XML|") returned 5
[0151.712] lstrlenW (lpString="|st|") returned 4
[0151.712] lstrlenW (lpString="|XML|") returned 5
[0151.712] SetLastError (dwErrCode=0x490)
[0151.712] lstrlenW (lpString="sd") returned 2
[0151.712] lstrlenW (lpString="sd") returned 2
[0151.712] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.712] lstrlenW (lpString="XML") returned 3
[0151.712] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.712] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|sd|") returned 4
[0151.712] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|XML|") returned 5
[0151.712] lstrlenW (lpString="|sd|") returned 4
[0151.712] lstrlenW (lpString="|XML|") returned 5
[0151.712] SetLastError (dwErrCode=0x490)
[0151.712] lstrlenW (lpString="ed") returned 2
[0151.712] lstrlenW (lpString="ed") returned 2
[0151.712] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.713] lstrlenW (lpString="XML") returned 3
[0151.713] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.713] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|ed|") returned 4
[0151.713] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|XML|") returned 5
[0151.713] lstrlenW (lpString="|ed|") returned 4
[0151.713] lstrlenW (lpString="|XML|") returned 5
[0151.713] SetLastError (dwErrCode=0x490)
[0151.713] lstrlenW (lpString="it") returned 2
[0151.713] lstrlenW (lpString="it") returned 2
[0151.713] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.713] lstrlenW (lpString="XML") returned 3
[0151.713] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.713] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|it|") returned 4
[0151.713] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|XML|") returned 5
[0151.713] lstrlenW (lpString="|it|") returned 4
[0151.713] lstrlenW (lpString="|XML|") returned 5
[0151.713] SetLastError (dwErrCode=0x490)
[0151.713] lstrlenW (lpString="et") returned 2
[0151.713] lstrlenW (lpString="et") returned 2
[0151.713] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.713] lstrlenW (lpString="XML") returned 3
[0151.713] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.714] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|et|") returned 4
[0151.714] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|XML|") returned 5
[0151.714] lstrlenW (lpString="|et|") returned 4
[0151.714] lstrlenW (lpString="|XML|") returned 5
[0151.714] SetLastError (dwErrCode=0x490)
[0151.714] lstrlenW (lpString="k") returned 1
[0151.714] lstrlenW (lpString="k") returned 1
[0151.714] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.714] lstrlenW (lpString="XML") returned 3
[0151.714] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.714] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x4, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|k|") returned 3
[0151.714] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|XML|") returned 5
[0151.714] lstrlenW (lpString="|k|") returned 3
[0151.714] lstrlenW (lpString="|XML|") returned 5
[0151.714] SetLastError (dwErrCode=0x490)
[0151.714] lstrlenW (lpString="du") returned 2
[0151.714] lstrlenW (lpString="du") returned 2
[0151.714] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.714] lstrlenW (lpString="XML") returned 3
[0151.714] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.714] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|du|") returned 4
[0151.714] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|XML|") returned 5
[0151.714] lstrlenW (lpString="|du|") returned 4
[0151.714] lstrlenW (lpString="|XML|") returned 5
[0151.715] SetLastError (dwErrCode=0x490)
[0151.715] lstrlenW (lpString="ri") returned 2
[0151.715] lstrlenW (lpString="ri") returned 2
[0151.715] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.715] lstrlenW (lpString="XML") returned 3
[0151.715] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.715] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|ri|") returned 4
[0151.715] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|XML|") returned 5
[0151.715] lstrlenW (lpString="|ri|") returned 4
[0151.715] lstrlenW (lpString="|XML|") returned 5
[0151.715] SetLastError (dwErrCode=0x490)
[0151.715] lstrlenW (lpString="z") returned 1
[0151.715] lstrlenW (lpString="z") returned 1
[0151.715] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.715] lstrlenW (lpString="XML") returned 3
[0151.715] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.715] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x4, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|z|") returned 3
[0151.715] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|XML|") returned 5
[0151.715] lstrlenW (lpString="|z|") returned 3
[0151.715] lstrlenW (lpString="|XML|") returned 5
[0151.715] SetLastError (dwErrCode=0x490)
[0151.715] lstrlenW (lpString="f") returned 1
[0151.715] lstrlenW (lpString="f") returned 1
[0151.715] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.716] lstrlenW (lpString="XML") returned 3
[0151.716] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.716] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x4, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|f|") returned 3
[0151.716] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|XML|") returned 5
[0151.716] lstrlenW (lpString="|f|") returned 3
[0151.716] lstrlenW (lpString="|XML|") returned 5
[0151.716] SetLastError (dwErrCode=0x490)
[0151.716] lstrlenW (lpString="v1") returned 2
[0151.716] lstrlenW (lpString="v1") returned 2
[0151.716] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.716] lstrlenW (lpString="XML") returned 3
[0151.716] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.716] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x5, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|v1|") returned 4
[0151.716] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|XML|") returned 5
[0151.716] lstrlenW (lpString="|v1|") returned 4
[0151.716] lstrlenW (lpString="|XML|") returned 5
[0151.716] SetLastError (dwErrCode=0x490)
[0151.716] lstrlenW (lpString="xml") returned 3
[0151.716] lstrlenW (lpString="xml") returned 3
[0151.716] _memicmp (_Buf1=0x354cd8, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.716] lstrlenW (lpString="XML") returned 3
[0151.716] _memicmp (_Buf1=0x354d08, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.716] _vsnwprintf (in: _Buffer=0x355378, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|xml|") returned 5
[0151.717] _vsnwprintf (in: _Buffer=0x355338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x32cc78 | out: _Buffer="|XML|") returned 5
[0151.717] lstrlenW (lpString="|xml|") returned 5
[0151.717] lstrlenW (lpString="|XML|") returned 5
[0151.717] StrStrIW (lpFirst="|xml|", lpSrch="|XML|") returned="|xml|"
[0151.717] SetLastError (dwErrCode=0x0)
[0151.717] SetLastError (dwErrCode=0x0)
[0151.717] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9370.tmp") returned 49
[0151.717] lstrlenW (lpString="-/") returned 2
[0151.717] StrChrIW (lpStart="-/", wMatch=0x43) returned 0x0
[0151.717] SetLastError (dwErrCode=0x490)
[0151.717] SetLastError (dwErrCode=0x490)
[0151.717] SetLastError (dwErrCode=0x0)
[0151.717] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9370.tmp") returned 49
[0151.717] StrChrIW (lpStart="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9370.tmp", wMatch=0x3a) returned=":\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9370.tmp"
[0151.717] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9370.tmp") returned 49
[0151.717] _memicmp (_Buf1=0x354d20, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.717] _memicmp (_Buf1=0x354d50, _Buf2=0x141ed8, _Size=0x7) returned 0
[0151.717] SetLastError (dwErrCode=0x7a)
[0151.717] SetLastError (dwErrCode=0x0)
[0151.717] SetLastError (dwErrCode=0x0)
[0151.717] lstrlenW (lpString="C") returned 1
[0151.717] SetLastError (dwErrCode=0x490)
[0151.717] SetLastError (dwErrCode=0x0)
[0151.717] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9370.tmp") returned 49
[0151.718] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9370.tmp") returned 49
[0151.718] GetProcessHeap () returned 0x340000
[0151.718] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x64) returned 0x356a48
[0151.718] SetLastError (dwErrCode=0x0)
[0151.718] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9370.tmp") returned 49
[0151.718] SetLastError (dwErrCode=0x0)
[0151.718] GetProcessHeap () returned 0x340000
[0151.718] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x1fc) returned 0x356ab8
[0151.718] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0151.820] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0
[0152.112] CoCreateInstance (in: rclsid=0x14230c*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x1420fc*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0x32d0a8 | out: ppv=0x32d0a8*=0xb3e30) returned 0x0
[0152.438] TaskScheduler:ITaskService:Connect (This=0xb3e30, serverName=0x32d018*(varType=0x8, wReserved1=0x0, wReserved2=0xd08c, wReserved3=0x32, varVal1=0x0, varVal2=0x32d960), user=0x32d028*(varType=0x0, wReserved1=0x32, wReserved2=0xd0b0, wReserved3=0x32, varVal1=0x752c9cde, varVal2=0x32d960), domain=0x32d038*(varType=0x0, wReserved1=0x0, wReserved2=0x1f4, wReserved3=0x0, varVal1=0x6, varVal2=0x0), password=0x32d048*(varType=0x0, wReserved1=0x0, wReserved2=0x9c39, wReserved3=0x752c, varVal1=0x74, varVal2=0x32dae0)) returned 0x0
[0152.626] TaskScheduler:IUnknown:AddRef (This=0xb3e30) returned 0x2
[0152.626] TaskScheduler:ITaskService:GetFolder (in: This=0xb3e30, Path=0x0, ppFolder=0x32d14c | out: ppFolder=0x32d14c*=0xb3e98) returned 0x0
[0152.628] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9370.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\tmp9370.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000080, hTemplateFile=0x0) returned 0x10c
[0152.628] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0x32ca3c | out: lpFileSize=0x32ca3c*=1596) returned 1
[0152.629] ReadFile (in: hFile=0x10c, lpBuffer=0x32ca44, nNumberOfBytesToRead=0x2, lpNumberOfBytesRead=0x32ca4c, lpOverlapped=0x0 | out: lpBuffer=0x32ca44*, lpNumberOfBytesRead=0x32ca4c*=0x2, lpOverlapped=0x0) returned 1
[0152.630] SetFilePointer (in: hFile=0x10c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
[0152.630] malloc (_Size=0x63d) returned 0xb26e0
[0152.630] ReadFile (in: hFile=0x10c, lpBuffer=0xb26e0, nNumberOfBytesToRead=0x63d, lpNumberOfBytesRead=0x32ca4c, lpOverlapped=0x0 | out: lpBuffer=0xb26e0*, lpNumberOfBytesRead=0x32ca4c*=0x63c, lpOverlapped=0x0) returned 1
[0152.630] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb26e0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 1597
[0152.631] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb26e0, cbMultiByte=-1, lpWideCharStr=0x364ecc, cchWideChar=1597 | out: lpWideCharStr="\n\n \n 2014-10-25T14:27:44.8929027\n Q9IATRKPRH\\kEecfMwgj\n \n \n \n true\n Q9IATRKPRH\\kEecfMwgj\n \n \n false\n \n \n \n \n Q9IATRKPRH\\kEecfMwgj\n InteractiveToken\n LeastPrivilege\n \n \n \n StopExisting\n false\n true\n false\n true\n false\n \n true\n false\n \n true\n true\n false\n false\n false\n PT0S\n 7\n \n \n \n C:\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe\n \n \n") returned 1597
[0152.631] SysStringLen (param_1="\n\n \n 2014-10-25T14:27:44.8929027\n Q9IATRKPRH\\kEecfMwgj\n \n \n \n true\n Q9IATRKPRH\\kEecfMwgj\n \n \n false\n \n \n \n \n Q9IATRKPRH\\kEecfMwgj\n InteractiveToken\n LeastPrivilege\n \n \n \n StopExisting\n false\n true\n false\n true\n false\n \n true\n false\n \n true\n true\n false\n false\n false\n PT0S\n 7\n \n \n \n C:\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe\n \n \n") returned 0x63c
[0152.631] VarBstrCat (in: bstrLeft=0x0, bstrRight="\n\n \n 2014-10-25T14:27:44.8929027\n Q9IATRKPRH\\kEecfMwgj\n \n \n \n true\n Q9IATRKPRH\\kEecfMwgj\n \n \n false\n \n \n \n \n Q9IATRKPRH\\kEecfMwgj\n InteractiveToken\n LeastPrivilege\n \n \n \n StopExisting\n false\n true\n false\n true\n false\n \n true\n false\n \n true\n true\n false\n false\n false\n PT0S\n 7\n \n \n \n C:\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe\n \n \n", pbstrResult=0x32c9ec | out: pbstrResult=0x32c9ec) returned 0x0
[0152.632] free (_Block=0xb26e0)
[0152.632] CloseHandle (hObject=0x10c) returned 1
[0152.632] lstrlenW (lpString="") returned 0
[0152.632] malloc (_Size=0xc) returned 0xb3ef0
[0152.632] SysStringLen (param_1="") returned 0x0
[0152.632] free (_Block=0xb3ef0)
[0152.632] lstrlenW (lpString="") returned 0
[0152.635] ITaskFolder:RegisterTask (in: This=0xb3e98, Path="Updates\\zwLLFjVv", XmlText="\n\n \n 2014-10-25T14:27:44.8929027\n Q9IATRKPRH\\kEecfMwgj\n \n \n \n true\n Q9IATRKPRH\\kEecfMwgj\n \n \n false\n \n \n \n \n Q9IATRKPRH\\kEecfMwgj\n InteractiveToken\n LeastPrivilege\n \n \n \n StopExisting\n false\n true\n false\n true\n false\n \n true\n false\n \n true\n true\n false\n false\n false\n PT0S\n 7\n \n \n \n C:\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe\n \n \n", flags=2, UserId=0x32ca28*(varType=0x8, wReserved1=0x0, wReserved2=0x4200, wReserved3=0x36, varVal1="", varVal2=0x364200), password=0x32ca38*(varType=0x0, wReserved1=0x36, wReserved2=0x0, wReserved3=0x0, varVal1=0x32cac0, varVal2=0x76467526), LogonType=0, sddl=0x32ca4c*(varType=0x0, wReserved1=0x36, wReserved2=0x4200, wReserved3=0x36, varVal1=0x0, varVal2=0x0), ppTask=0x32caac | out: ppTask=0x32caac*=0xb3f20) returned 0x0
[0153.488] GetProcessHeap () returned 0x340000
[0153.488] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x14) returned 0x355778
[0153.488] _memicmp (_Buf1=0x354cc0, _Buf2=0x141ed8, _Size=0x7) returned 0
[0153.488] LoadStringW (in: hInstance=0x0, uID=0x12e, lpBuffer=0x356758, cchBufferMax=256 | out: lpBuffer="SUCCESS: The scheduled task \"%s\" has successfully been created.\n") returned 0x40
[0153.488] lstrlenW (lpString="SUCCESS: The scheduled task \"%s\" has successfully been created.\n") returned 64
[0153.489] GetProcessHeap () returned 0x340000
[0153.489] RtlAllocateHeap (HeapHandle=0x340000, Flags=0xc, Size=0x82) returned 0x3647c0
[0153.489] _vsnwprintf (in: _Buffer=0x32cab8, _BufferCount=0x1fb, _Format="SUCCESS: The scheduled task \"%s\" has successfully been created.\n", _ArgList=0x32ca5c | out: _Buffer="SUCCESS: The scheduled task \"Updates\\zwLLFjVv\" has successfully been created.\n") returned 78
[0153.489] _fileno (_File=0x75362920) returned 1
[0153.489] _errno () returned 0xb07d8
[0153.489] _get_osfhandle (_FileHandle=1) returned 0x7
[0153.489] _errno () returned 0xb07d8
[0153.489] GetFileType (hFile=0x7) returned 0x2
[0153.490] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0153.490] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32ca20 | out: lpMode=0x32ca20) returned 1
[0153.490] __iob_func () returned 0x75362900
[0153.490] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0153.490] lstrlenW (lpString="SUCCESS: The scheduled task \"Updates\\zwLLFjVv\" has successfully been created.\n") returned 78
[0153.491] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x32cab8*, nNumberOfCharsToWrite=0x4e, lpNumberOfCharsWritten=0x32ca48, lpReserved=0x0 | out: lpBuffer=0x32cab8*, lpNumberOfCharsWritten=0x32ca48*=0x4e) returned 1
[0153.492] IUnknown:Release (This=0xb3f20) returned 0x0
[0153.493] TaskScheduler:IUnknown:Release (This=0xb3e98) returned 0x0
[0153.493] TaskScheduler:IUnknown:Release (This=0xb3e30) returned 0x1
[0153.493] lstrlenW (lpString="") returned 0
[0153.493] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9370.tmp") returned 49
[0153.493] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp9370.tmp", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 50
[0153.493] GetProcessHeap () returned 0x340000
[0153.493] GetProcessHeap () returned 0x340000
[0153.493] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x356ab8) returned 1
[0153.493] GetProcessHeap () returned 0x340000
[0153.493] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x356ab8) returned 0x1fc
[0153.494] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x356ab8 | out: hHeap=0x340000) returned 1
[0153.494] GetProcessHeap () returned 0x340000
[0153.494] GetProcessHeap () returned 0x340000
[0153.494] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x356a48) returned 1
[0153.494] GetProcessHeap () returned 0x340000
[0153.494] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x356a48) returned 0x64
[0153.494] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x356a48 | out: hHeap=0x340000) returned 1
[0153.494] GetProcessHeap () returned 0x340000
[0153.494] GetProcessHeap () returned 0x340000
[0153.494] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x3553b8) returned 1
[0153.494] GetProcessHeap () returned 0x340000
[0153.494] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x3553b8) returned 0x16
[0153.494] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x3553b8 | out: hHeap=0x340000) returned 1
[0153.494] GetProcessHeap () returned 0x340000
[0153.494] GetProcessHeap () returned 0x340000
[0153.495] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x34f098) returned 1
[0153.495] GetProcessHeap () returned 0x340000
[0153.495] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x34f098) returned 0x10
[0153.495] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x34f098 | out: hHeap=0x340000) returned 1
[0153.495] GetProcessHeap () returned 0x340000
[0153.495] GetProcessHeap () returned 0x340000
[0153.495] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x3553d8) returned 1
[0153.495] GetProcessHeap () returned 0x340000
[0153.495] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x3553d8) returned 0x14
[0153.495] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x3553d8 | out: hHeap=0x340000) returned 1
[0153.495] GetProcessHeap () returned 0x340000
[0153.495] GetProcessHeap () returned 0x340000
[0153.495] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x3566b0) returned 1
[0153.495] GetProcessHeap () returned 0x340000
[0153.495] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x3566b0) returned 0xa0
[0153.495] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x3566b0 | out: hHeap=0x340000) returned 1
[0153.495] GetProcessHeap () returned 0x340000
[0153.495] GetProcessHeap () returned 0x340000
[0153.496] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x354ca8) returned 1
[0153.496] GetProcessHeap () returned 0x340000
[0153.496] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x354ca8) returned 0x10
[0153.496] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x354ca8 | out: hHeap=0x340000) returned 1
[0153.496] GetProcessHeap () returned 0x340000
[0153.496] GetProcessHeap () returned 0x340000
[0153.496] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x3552b8) returned 1
[0153.496] GetProcessHeap () returned 0x340000
[0153.496] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x3552b8) returned 0x14
[0153.496] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x3552b8 | out: hHeap=0x340000) returned 1
[0153.496] GetProcessHeap () returned 0x340000
[0153.496] GetProcessHeap () returned 0x340000
[0153.496] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x3569d8) returned 1
[0153.496] GetProcessHeap () returned 0x340000
[0153.496] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x3569d8) returned 0x68
[0153.496] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x3569d8 | out: hHeap=0x340000) returned 1
[0153.496] GetProcessHeap () returned 0x340000
[0153.497] GetProcessHeap () returned 0x340000
[0153.497] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x354d50) returned 1
[0153.497] GetProcessHeap () returned 0x340000
[0153.497] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x354d50) returned 0x10
[0153.497] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x354d50 | out: hHeap=0x340000) returned 1
[0153.497] GetProcessHeap () returned 0x340000
[0153.497] GetProcessHeap () returned 0x340000
[0153.497] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x355278) returned 1
[0153.497] GetProcessHeap () returned 0x340000
[0153.497] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x355278) returned 0x14
[0153.497] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x355278 | out: hHeap=0x340000) returned 1
[0153.497] GetProcessHeap () returned 0x340000
[0153.497] GetProcessHeap () returned 0x340000
[0153.497] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x354d38) returned 1
[0153.497] GetProcessHeap () returned 0x340000
[0153.497] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x354d38) returned 0xc
[0153.497] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x354d38 | out: hHeap=0x340000) returned 1
[0153.497] GetProcessHeap () returned 0x340000
[0153.497] GetProcessHeap () returned 0x340000
[0153.497] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x354d20) returned 1
[0153.497] GetProcessHeap () returned 0x340000
[0153.497] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x354d20) returned 0x10
[0153.497] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x354d20 | out: hHeap=0x340000) returned 1
[0153.497] GetProcessHeap () returned 0x340000
[0153.497] GetProcessHeap () returned 0x340000
[0153.498] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x355258) returned 1
[0153.498] GetProcessHeap () returned 0x340000
[0153.498] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x355258) returned 0x14
[0153.498] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x355258 | out: hHeap=0x340000) returned 1
[0153.498] GetProcessHeap () returned 0x340000
[0153.498] GetProcessHeap () returned 0x340000
[0153.498] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x355ac0) returned 1
[0153.498] GetProcessHeap () returned 0x340000
[0153.498] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x355ac0) returned 0x208
[0153.498] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x355ac0 | out: hHeap=0x340000) returned 1
[0153.498] GetProcessHeap () returned 0x340000
[0153.498] GetProcessHeap () returned 0x340000
[0153.498] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x354c48) returned 1
[0153.498] GetProcessHeap () returned 0x340000
[0153.498] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x354c48) returned 0x10
[0153.498] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x354c48 | out: hHeap=0x340000) returned 1
[0153.498] GetProcessHeap () returned 0x340000
[0153.498] GetProcessHeap () returned 0x340000
[0153.498] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x355218) returned 1
[0153.498] GetProcessHeap () returned 0x340000
[0153.499] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x355218) returned 0x14
[0153.499] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x355218 | out: hHeap=0x340000) returned 1
[0153.499] GetProcessHeap () returned 0x340000
[0153.499] GetProcessHeap () returned 0x340000
[0153.499] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x356758) returned 1
[0153.499] GetProcessHeap () returned 0x340000
[0153.499] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x356758) returned 0x200
[0153.499] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x356758 | out: hHeap=0x340000) returned 1
[0153.499] GetProcessHeap () returned 0x340000
[0153.499] GetProcessHeap () returned 0x340000
[0153.499] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x354cc0) returned 1
[0153.499] GetProcessHeap () returned 0x340000
[0153.499] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x354cc0) returned 0x10
[0153.500] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x354cc0 | out: hHeap=0x340000) returned 1
[0153.500] GetProcessHeap () returned 0x340000
[0153.500] GetProcessHeap () returned 0x340000
[0153.500] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x3551b8) returned 1
[0153.500] GetProcessHeap () returned 0x340000
[0153.500] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x3551b8) returned 0x14
[0153.500] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x3551b8 | out: hHeap=0x340000) returned 1
[0153.500] GetProcessHeap () returned 0x340000
[0153.500] GetProcessHeap () returned 0x340000
[0153.500] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x355338) returned 1
[0153.500] GetProcessHeap () returned 0x340000
[0153.500] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x355338) returned 0x14
[0153.500] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x355338 | out: hHeap=0x340000) returned 1
[0153.500] GetProcessHeap () returned 0x340000
[0153.500] GetProcessHeap () returned 0x340000
[0153.500] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x354d08) returned 1
[0153.500] GetProcessHeap () returned 0x340000
[0153.500] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x354d08) returned 0x10
[0153.500] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x354d08 | out: hHeap=0x340000) returned 1
[0153.500] GetProcessHeap () returned 0x340000
[0153.500] GetProcessHeap () returned 0x340000
[0153.500] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x355120) returned 1
[0153.500] GetProcessHeap () returned 0x340000
[0153.500] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x355120) returned 0x14
[0153.500] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x355120 | out: hHeap=0x340000) returned 1
[0153.500] GetProcessHeap () returned 0x340000
[0153.500] GetProcessHeap () returned 0x340000
[0153.500] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x355378) returned 1
[0153.500] GetProcessHeap () returned 0x340000
[0153.501] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x355378) returned 0x16
[0153.501] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x355378 | out: hHeap=0x340000) returned 1
[0153.501] GetProcessHeap () returned 0x340000
[0153.501] GetProcessHeap () returned 0x340000
[0153.501] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x354cd8) returned 1
[0153.501] GetProcessHeap () returned 0x340000
[0153.501] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x354cd8) returned 0x10
[0153.501] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x354cd8 | out: hHeap=0x340000) returned 1
[0153.501] GetProcessHeap () returned 0x340000
[0153.501] GetProcessHeap () returned 0x340000
[0153.501] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x355100) returned 1
[0153.501] GetProcessHeap () returned 0x340000
[0153.501] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x355100) returned 0x14
[0153.501] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x355100 | out: hHeap=0x340000) returned 1
[0153.501] GetProcessHeap () returned 0x340000
[0153.501] GetProcessHeap () returned 0x340000
[0153.501] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x354fd0) returned 1
[0153.501] GetProcessHeap () returned 0x340000
[0153.501] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x354fd0) returned 0x2
[0153.501] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x354fd0 | out: hHeap=0x340000) returned 1
[0153.501] GetProcessHeap () returned 0x340000
[0153.501] GetProcessHeap () returned 0x340000
[0153.501] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x354fe0) returned 1
[0153.501] GetProcessHeap () returned 0x340000
[0153.501] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x354fe0) returned 0x14
[0153.501] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x354fe0 | out: hHeap=0x340000) returned 1
[0153.501] GetProcessHeap () returned 0x340000
[0153.501] GetProcessHeap () returned 0x340000
[0153.502] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x355000) returned 1
[0153.502] GetProcessHeap () returned 0x340000
[0153.502] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x355000) returned 0x14
[0153.502] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x355000 | out: hHeap=0x340000) returned 1
[0153.502] GetProcessHeap () returned 0x340000
[0153.502] GetProcessHeap () returned 0x340000
[0153.502] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x355020) returned 1
[0153.502] GetProcessHeap () returned 0x340000
[0153.502] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x355020) returned 0x14
[0153.502] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x355020 | out: hHeap=0x340000) returned 1
[0153.502] GetProcessHeap () returned 0x340000
[0153.502] GetProcessHeap () returned 0x340000
[0153.502] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x355040) returned 1
[0153.502] GetProcessHeap () returned 0x340000
[0153.502] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x355040) returned 0x14
[0153.502] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x355040 | out: hHeap=0x340000) returned 1
[0153.502] GetProcessHeap () returned 0x340000
[0153.502] GetProcessHeap () returned 0x340000
[0153.502] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x3552d8) returned 1
[0153.502] GetProcessHeap () returned 0x340000
[0153.502] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x3552d8) returned 0x14
[0153.502] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x3552d8 | out: hHeap=0x340000) returned 1
[0153.502] GetProcessHeap () returned 0x340000
[0153.502] GetProcessHeap () returned 0x340000
[0153.502] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x3552f8) returned 1
[0153.502] GetProcessHeap () returned 0x340000
[0153.502] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x3552f8) returned 0x14
[0153.503] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x3552f8 | out: hHeap=0x340000) returned 1
[0153.503] GetProcessHeap () returned 0x340000
[0153.503] GetProcessHeap () returned 0x340000
[0153.503] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x356960) returned 1
[0153.503] GetProcessHeap () returned 0x340000
[0153.503] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x356960) returned 0x30
[0153.503] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x356960 | out: hHeap=0x340000) returned 1
[0153.503] GetProcessHeap () returned 0x340000
[0153.503] GetProcessHeap () returned 0x340000
[0153.503] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x355318) returned 1
[0153.503] GetProcessHeap () returned 0x340000
[0153.503] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x355318) returned 0x14
[0153.503] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x355318 | out: hHeap=0x340000) returned 1
[0153.503] GetProcessHeap () returned 0x340000
[0153.503] GetProcessHeap () returned 0x340000
[0153.503] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x356998) returned 1
[0153.503] GetProcessHeap () returned 0x340000
[0153.503] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x356998) returned 0x30
[0153.504] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x356998 | out: hHeap=0x340000) returned 1
[0153.504] GetProcessHeap () returned 0x340000
[0153.504] GetProcessHeap () returned 0x340000
[0153.504] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x355398) returned 1
[0153.504] GetProcessHeap () returned 0x340000
[0153.504] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x355398) returned 0x14
[0153.504] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x355398 | out: hHeap=0x340000) returned 1
[0153.504] GetProcessHeap () returned 0x340000
[0153.504] GetProcessHeap () returned 0x340000
[0153.504] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x3647c0) returned 1
[0153.504] GetProcessHeap () returned 0x340000
[0153.504] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x3647c0) returned 0x82
[0153.505] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x3647c0 | out: hHeap=0x340000) returned 1
[0153.505] GetProcessHeap () returned 0x340000
[0153.505] GetProcessHeap () returned 0x340000
[0153.505] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x355778) returned 1
[0153.505] GetProcessHeap () returned 0x340000
[0153.505] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x355778) returned 0x14
[0153.505] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x355778 | out: hHeap=0x340000) returned 1
[0153.505] GetProcessHeap () returned 0x340000
[0153.505] GetProcessHeap () returned 0x340000
[0153.505] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x354c00) returned 1
[0153.505] GetProcessHeap () returned 0x340000
[0153.505] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x354c00) returned 0x10
[0153.505] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x354c00 | out: hHeap=0x340000) returned 1
[0153.505] GetProcessHeap () returned 0x340000
[0153.505] GetProcessHeap () returned 0x340000
[0153.505] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x355060) returned 1
[0153.505] GetProcessHeap () returned 0x340000
[0153.505] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x355060) returned 0x14
[0153.505] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x355060 | out: hHeap=0x340000) returned 1
[0153.505] GetProcessHeap () returned 0x340000
[0153.505] GetProcessHeap () returned 0x340000
[0153.505] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x355080) returned 1
[0153.505] GetProcessHeap () returned 0x340000
[0153.505] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x355080) returned 0x14
[0153.506] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x355080 | out: hHeap=0x340000) returned 1
[0153.506] GetProcessHeap () returned 0x340000
[0153.506] GetProcessHeap () returned 0x340000
[0153.506] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x3550a0) returned 1
[0153.506] GetProcessHeap () returned 0x340000
[0153.506] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x3550a0) returned 0x14
[0153.506] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x3550a0 | out: hHeap=0x340000) returned 1
[0153.506] GetProcessHeap () returned 0x340000
[0153.506] GetProcessHeap () returned 0x340000
[0153.506] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x3550c0) returned 1
[0153.506] GetProcessHeap () returned 0x340000
[0153.506] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x3550c0) returned 0x14
[0153.506] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x3550c0 | out: hHeap=0x340000) returned 1
[0153.506] GetProcessHeap () returned 0x340000
[0153.506] GetProcessHeap () returned 0x340000
[0153.506] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x354c18) returned 1
[0153.506] GetProcessHeap () returned 0x340000
[0153.506] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x354c18) returned 0x10
[0153.506] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x354c18 | out: hHeap=0x340000) returned 1
[0153.506] GetProcessHeap () returned 0x340000
[0153.506] GetProcessHeap () returned 0x340000
[0153.506] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x3550e0) returned 1
[0153.506] GetProcessHeap () returned 0x340000
[0153.506] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x3550e0) returned 0x14
[0153.506] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x3550e0 | out: hHeap=0x340000) returned 1
[0153.506] GetProcessHeap () returned 0x340000
[0153.506] GetProcessHeap () returned 0x340000
[0153.507] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x355158) returned 1
[0153.507] GetProcessHeap () returned 0x340000
[0153.507] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x355158) returned 0x14
[0153.507] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x355158 | out: hHeap=0x340000) returned 1
[0153.507] GetProcessHeap () returned 0x340000
[0153.507] GetProcessHeap () returned 0x340000
[0153.507] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x355198) returned 1
[0153.507] GetProcessHeap () returned 0x340000
[0153.507] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x355198) returned 0x14
[0153.507] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x355198 | out: hHeap=0x340000) returned 1
[0153.507] GetProcessHeap () returned 0x340000
[0153.507] GetProcessHeap () returned 0x340000
[0153.507] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x3551d8) returned 1
[0153.507] GetProcessHeap () returned 0x340000
[0153.507] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x3551d8) returned 0x14
[0153.507] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x3551d8 | out: hHeap=0x340000) returned 1
[0153.507] GetProcessHeap () returned 0x340000
[0153.507] GetProcessHeap () returned 0x340000
[0153.507] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x3551f8) returned 1
[0153.507] GetProcessHeap () returned 0x340000
[0153.507] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x3551f8) returned 0x14
[0153.507] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x3551f8 | out: hHeap=0x340000) returned 1
[0153.507] GetProcessHeap () returned 0x340000
[0153.507] GetProcessHeap () returned 0x340000
[0153.507] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x355298) returned 1
[0153.507] GetProcessHeap () returned 0x340000
[0153.507] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x355298) returned 0x14
[0153.508] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x355298 | out: hHeap=0x340000) returned 1
[0153.508] GetProcessHeap () returned 0x340000
[0153.508] GetProcessHeap () returned 0x340000
[0153.508] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x354c30) returned 1
[0153.508] GetProcessHeap () returned 0x340000
[0153.508] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x354c30) returned 0x10
[0153.508] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x354c30 | out: hHeap=0x340000) returned 1
[0153.508] GetProcessHeap () returned 0x340000
[0153.508] GetProcessHeap () returned 0x340000
[0153.508] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x355178) returned 1
[0153.508] GetProcessHeap () returned 0x340000
[0153.508] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x355178) returned 0x14
[0153.508] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x355178 | out: hHeap=0x340000) returned 1
[0153.508] GetProcessHeap () returned 0x340000
[0153.508] GetProcessHeap () returned 0x340000
[0153.508] HeapValidate (hHeap=0x340000, dwFlags=0x0, lpMem=0x354be8) returned 1
[0153.508] GetProcessHeap () returned 0x340000
[0153.508] RtlSizeHeap (HeapHandle=0x340000, Flags=0x0, MemoryPointer=0x354be8) returned 0x10
[0153.509] HeapFree (in: hHeap=0x340000, dwFlags=0x0, lpMem=0x354be8 | out: hHeap=0x340000) returned 1
[0153.509] exit (_Code=0)
Thread:
id = 18
os_tid = 0x888
Process:
id = "5"
image_name = "89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe"
filename = "c:\\users\\keecfmwgj\\desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe"
page_root = "0x3c44b000"
os_pid = "0x8b8"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0x9d0"
cmd_line = "\"C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe\""
cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f2de" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1796
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1797
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 1798
start_va = 0x40000
end_va = 0x40fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1799
start_va = 0x50000
end_va = 0x53fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 1800
start_va = 0xe0000
end_va = 0x11ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000e0000"
filename = ""
Region:
id = 1801
start_va = 0x1b0000
end_va = 0x2affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 1802
start_va = 0x2c0000
end_va = 0x37ffff
monitored = 1
entry_point = 0x37990e
region_type = mapped_file
name = "89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe"
filename = "\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe")
Region:
id = 1803
start_va = 0x76f70000
end_va = 0x77118fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1804
start_va = 0x77150000
end_va = 0x772cffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 1805
start_va = 0x7efb0000
end_va = 0x7efd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efb0000"
filename = ""
Region:
id = 1806
start_va = 0x7efdb000
end_va = 0x7efddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdb000"
filename = ""
Region:
id = 1807
start_va = 0x7efde000
end_va = 0x7efdefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efde000"
filename = ""
Region:
id = 1808
start_va = 0x7efdf000
end_va = 0x7efdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdf000"
filename = ""
Region:
id = 1809
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 1810
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1811
start_va = 0x7fff0000
end_va = 0x7fffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 1812
start_va = 0x400000
end_va = 0x439fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 1813
start_va = 0x440000
end_va = 0x67ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000440000"
filename = ""
Region:
id = 1814
start_va = 0x74a40000
end_va = 0x74a7efff
monitored = 0
entry_point = 0x74a6e088
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 1815
start_va = 0x749e0000
end_va = 0x74a3bfff
monitored = 0
entry_point = 0x74a1f9f4
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 1816
start_va = 0x749d0000
end_va = 0x749d7fff
monitored = 0
entry_point = 0x749d20f8
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 1817
start_va = 0x76e50000
end_va = 0x76f6efff
monitored = 0
entry_point = 0x76e65340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1818
start_va = 0x75620000
end_va = 0x7572ffff
monitored = 0
entry_point = 0x75633283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1819
start_va = 0x76e50000
end_va = 0x76f6efff
monitored = 0
entry_point = 0x76e65340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1820
start_va = 0x76e50000
end_va = 0x76f6efff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076e50000"
filename = ""
Region:
id = 1821
start_va = 0x76d50000
end_va = 0x76e49fff
monitored = 0
entry_point = 0x76d6a2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1822
start_va = 0x76d50000
end_va = 0x76e49fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076d50000"
filename = ""
Region:
id = 1823
start_va = 0x680000
end_va = 0x93ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000680000"
filename = ""
Region:
id = 1824
start_va = 0x74b40000
end_va = 0x74b89fff
monitored = 1
entry_point = 0x74b42e54
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll")
Region:
id = 1825
start_va = 0x75620000
end_va = 0x7572ffff
monitored = 0
entry_point = 0x75633283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1826
start_va = 0x74dc0000
end_va = 0x74e06fff
monitored = 0
entry_point = 0x74dc74c1
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 1827
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1828
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 1829
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 1830
start_va = 0x60000
end_va = 0xc6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1831
start_va = 0x940000
end_va = 0xb2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000940000"
filename = ""
Region:
id = 1832
start_va = 0x120000
end_va = 0x17ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000120000"
filename = ""
Region:
id = 1834
start_va = 0x767e0000
end_va = 0x7687ffff
monitored = 0
entry_point = 0x767f49e5
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 1835
start_va = 0x752c0000
end_va = 0x7536bfff
monitored = 0
entry_point = 0x752ca472
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 1836
start_va = 0x74e10000
end_va = 0x74e28fff
monitored = 0
entry_point = 0x74e14975
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 1837
start_va = 0x76450000
end_va = 0x7653ffff
monitored = 0
entry_point = 0x76460569
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 1838
start_va = 0x74ca0000
end_va = 0x74cfffff
monitored = 0
entry_point = 0x74cba3b3
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 1839
start_va = 0x74c90000
end_va = 0x74c9bfff
monitored = 0
entry_point = 0x74c910e1
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 1840
start_va = 0x940000
end_va = 0xb0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000940000"
filename = ""
Region:
id = 1841
start_va = 0xb20000
end_va = 0xb2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b20000"
filename = ""
Region:
id = 1842
start_va = 0x74ab0000
end_va = 0x74b3cfff
monitored = 1
entry_point = 0x74ac2860
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")
Region:
id = 1843
start_va = 0x72d00000
end_va = 0x72d02fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-synch-l1-2-0.dll"
filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")
Region:
id = 1848
start_va = 0x76540000
end_va = 0x76596fff
monitored = 0
entry_point = 0x76559ba6
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 1849
start_va = 0x76ae0000
end_va = 0x76b6ffff
monitored = 0
entry_point = 0x76af6343
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 1850
start_va = 0x74f70000
end_va = 0x7506ffff
monitored = 0
entry_point = 0x74f8b6ed
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 1851
start_va = 0x77120000
end_va = 0x77129fff
monitored = 0
entry_point = 0x771236a0
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")
Region:
id = 1852
start_va = 0x76740000
end_va = 0x767dcfff
monitored = 0
entry_point = 0x76773fd7
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")
Region:
id = 1853
start_va = 0x20000
end_va = 0x3dfff
monitored = 0
entry_point = 0x3158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1854
start_va = 0x440000
end_va = 0x5c7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000440000"
filename = ""
Region:
id = 1855
start_va = 0x600000
end_va = 0x67ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 1856
start_va = 0x20000
end_va = 0x3dfff
monitored = 0
entry_point = 0x3158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1857
start_va = 0x769f0000
end_va = 0x76a4ffff
monitored = 0
entry_point = 0x76a0158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1858
start_va = 0x76380000
end_va = 0x7644bfff
monitored = 0
entry_point = 0x7638168b
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 1859
start_va = 0x680000
end_va = 0x800fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000680000"
filename = ""
Region:
id = 1860
start_va = 0x840000
end_va = 0x93ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000840000"
filename = ""
Region:
id = 1861
start_va = 0xb30000
end_va = 0x1f2ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000b30000"
filename = ""
Region:
id = 1862
start_va = 0x20000
end_va = 0x20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 1863
start_va = 0x30000
end_va = 0x30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 1864
start_va = 0x940000
end_va = 0x9fafff
monitored = 1
entry_point = 0x9f990e
region_type = mapped_file
name = "89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe"
filename = "\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe")
Region:
id = 1865
start_va = 0xb00000
end_va = 0xb0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b00000"
filename = ""
Region:
id = 1866
start_va = 0x940000
end_va = 0x9fafff
monitored = 1
entry_point = 0x9f990e
region_type = mapped_file
name = "89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe"
filename = "\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe")
Region:
id = 1867
start_va = 0x73ca0000
end_va = 0x73ca8fff
monitored = 0
entry_point = 0x73ca1220
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 1868
start_va = 0x71ca0000
end_va = 0x7244efff
monitored = 1
entry_point = 0x71cbd0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 1869
start_va = 0x71ca0000
end_va = 0x7244efff
monitored = 1
entry_point = 0x71cbd0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 1870
start_va = 0x71ca0000
end_va = 0x7244efff
monitored = 1
entry_point = 0x71cbd0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 1871
start_va = 0x74a90000
end_va = 0x74aa3fff
monitored = 0
entry_point = 0x74a9ac00
region_type = mapped_file
name = "vcruntime140_clr0400.dll"
filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")
Region:
id = 1872
start_va = 0x71bf0000
end_va = 0x71c9afff
monitored = 0
entry_point = 0x71c85f20
region_type = mapped_file
name = "ucrtbase_clr0400.dll"
filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")
Region:
id = 1873
start_va = 0xd0000
end_va = 0xd0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 1874
start_va = 0x120000
end_va = 0x12ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000120000"
filename = ""
Region:
id = 1875
start_va = 0x140000
end_va = 0x17ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000140000"
filename = ""
Region:
id = 1876
start_va = 0x130000
end_va = 0x13ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000130000"
filename = ""
Region:
id = 1877
start_va = 0x180000
end_va = 0x18ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000180000"
filename = ""
Region:
id = 1878
start_va = 0x190000
end_va = 0x19ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000190000"
filename = ""
Region:
id = 1879
start_va = 0x1a0000
end_va = 0x1affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001a0000"
filename = ""
Region:
id = 1880
start_va = 0x2b0000
end_va = 0x2bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002b0000"
filename = ""
Region:
id = 1881
start_va = 0x380000
end_va = 0x380fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 1882
start_va = 0x390000
end_va = 0x390fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000390000"
filename = ""
Region:
id = 1883
start_va = 0x940000
end_va = 0x9affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000940000"
filename = ""
Region:
id = 1884
start_va = 0x1f30000
end_va = 0x20cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f30000"
filename = ""
Region:
id = 1885
start_va = 0x9c0000
end_va = 0xabffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009c0000"
filename = ""
Region:
id = 1886
start_va = 0x1f30000
end_va = 0x1f6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f30000"
filename = ""
Region:
id = 1887
start_va = 0x2090000
end_va = 0x20cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002090000"
filename = ""
Region:
id = 1888
start_va = 0x7efd8000
end_va = 0x7efdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd8000"
filename = ""
Region:
id = 1892
start_va = 0x3a0000
end_va = 0x3affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003a0000"
filename = ""
Region:
id = 1893
start_va = 0x20d0000
end_va = 0x40cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000020d0000"
filename = ""
Region:
id = 1894
start_va = 0x1f70000
end_va = 0x200ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f70000"
filename = ""
Region:
id = 1895
start_va = 0x41d0000
end_va = 0x420ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000041d0000"
filename = ""
Region:
id = 1896
start_va = 0x43b0000
end_va = 0x44affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000043b0000"
filename = ""
Region:
id = 1897
start_va = 0x7efd5000
end_va = 0x7efd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd5000"
filename = ""
Region:
id = 1898
start_va = 0x4170000
end_va = 0x41affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004170000"
filename = ""
Region:
id = 1899
start_va = 0x44d0000
end_va = 0x45cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000044d0000"
filename = ""
Region:
id = 1900
start_va = 0x7efad000
end_va = 0x7efaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efad000"
filename = ""
Region:
id = 1917
start_va = 0x45d0000
end_va = 0x489efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1918
start_va = 0x6fe30000
end_va = 0x7123afff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")
Region:
id = 1919
start_va = 0x75370000
end_va = 0x754cbfff
monitored = 0
entry_point = 0x753bba3d
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 1920
start_va = 0x73bb0000
end_va = 0x73c2ffff
monitored = 0
entry_point = 0x73bc37c9
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 1921
start_va = 0x48a0000
end_va = 0x4a9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048a0000"
filename = ""
Region:
id = 1922
start_va = 0x4210000
end_va = 0x42eefff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004210000"
filename = ""
Region:
id = 1923
start_va = 0x3a0000
end_va = 0x3affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003a0000"
filename = ""
Region:
id = 1924
start_va = 0x3b0000
end_va = 0x3bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003b0000"
filename = ""
Region:
id = 1925
start_va = 0x71be0000
end_va = 0x71be2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-xstate-l2-1-0.dll"
filename = "\\Windows\\SysWOW64\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")
Region:
id = 1926
start_va = 0x71b50000
end_va = 0x71bd8fff
monitored = 1
entry_point = 0x71b51130
region_type = mapped_file
name = "clrjit.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")
Region:
id = 1927
start_va = 0x76a50000
end_va = 0x76adefff
monitored = 0
entry_point = 0x76a53fb1
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 1928
start_va = 0x3c0000
end_va = 0x3cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003c0000"
filename = ""
Region:
id = 1929
start_va = 0x6f3d0000
end_va = 0x6fe24fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")
Region:
id = 1930
start_va = 0x719a0000
end_va = 0x71b42fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.drawing.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")
Region:
id = 1931
start_va = 0x6ced0000
end_va = 0x6dd35fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.windows.forms.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")
Region:
id = 1932
start_va = 0x71980000
end_va = 0x71992fff
monitored = 1
entry_point = 0x7198d900
region_type = mapped_file
name = "nlssorting.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")
Region:
id = 1933
start_va = 0x4aa0000
end_va = 0x4d71fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nlp"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp")
Region:
id = 1934
start_va = 0x6dd40000
end_va = 0x6e557fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.core.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")
Region:
id = 1935
start_va = 0x71870000
end_va = 0x71974fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.configuration.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")
Region:
id = 1936
start_va = 0x6ec50000
end_va = 0x6f3c3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.xml.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")
Region:
id = 1937
start_va = 0x75730000
end_va = 0x76379fff
monitored = 0
entry_point = 0x757b1601
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 1938
start_va = 0x3d0000
end_va = 0x3d0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003d0000"
filename = ""
Region:
id = 1939
start_va = 0x73d60000
end_va = 0x73d6afff
monitored = 0
entry_point = 0x73d61992
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")
Region:
id = 1940
start_va = 0x48a0000
end_va = 0x49affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048a0000"
filename = ""
Region:
id = 1941
start_va = 0x4a60000
end_va = 0x4a9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a60000"
filename = ""
Region:
id = 1942
start_va = 0x71850000
end_va = 0x71866fff
monitored = 0
entry_point = 0x718535fa
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")
Region:
id = 1943
start_va = 0x73a70000
end_va = 0x73a86fff
monitored = 0
entry_point = 0x73a73573
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")
Region:
id = 1944
start_va = 0xac0000
end_va = 0xafbfff
monitored = 0
entry_point = 0xac128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1945
start_va = 0xac0000
end_va = 0xafbfff
monitored = 0
entry_point = 0xac128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1946
start_va = 0xac0000
end_va = 0xafbfff
monitored = 0
entry_point = 0xac128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1947
start_va = 0xac0000
end_va = 0xafbfff
monitored = 0
entry_point = 0xac128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1948
start_va = 0xac0000
end_va = 0xafbfff
monitored = 0
entry_point = 0xac128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1949
start_va = 0x73a30000
end_va = 0x73a6afff
monitored = 0
entry_point = 0x73a3128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1950
start_va = 0x754e0000
end_va = 0x754e4fff
monitored = 0
entry_point = 0x754e1438
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")
Region:
id = 1951
start_va = 0x71660000
end_va = 0x71841fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "microsoft.visualbasic.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")
Region:
id = 1952
start_va = 0x3e0000
end_va = 0x3effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003e0000"
filename = ""
Region:
id = 1953
start_va = 0x3e0000
end_va = 0x3effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003e0000"
filename = ""
Region:
id = 1954
start_va = 0x3f0000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 1955
start_va = 0x3e0000
end_va = 0x3effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003e0000"
filename = ""
Region:
id = 1956
start_va = 0x3e0000
end_va = 0x3effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003e0000"
filename = ""
Region:
id = 1957
start_va = 0x3e0000
end_va = 0x3effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003e0000"
filename = ""
Region:
id = 1958
start_va = 0x3e0000
end_va = 0x3effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003e0000"
filename = ""
Region:
id = 1959
start_va = 0x3e0000
end_va = 0x3effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003e0000"
filename = ""
Region:
id = 1960
start_va = 0x3e0000
end_va = 0x3effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003e0000"
filename = ""
Region:
id = 1961
start_va = 0x3e0000
end_va = 0x3effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003e0000"
filename = ""
Region:
id = 1962
start_va = 0x3e0000
end_va = 0x3effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003e0000"
filename = ""
Region:
id = 1963
start_va = 0x48d0000
end_va = 0x490ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048d0000"
filename = ""
Region:
id = 1964
start_va = 0x4970000
end_va = 0x49affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004970000"
filename = ""
Region:
id = 1965
start_va = 0x4f30000
end_va = 0x502ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004f30000"
filename = ""
Region:
id = 1966
start_va = 0x73ba0000
end_va = 0x73badfff
monitored = 0
entry_point = 0x73ba1235
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")
Region:
id = 1967
start_va = 0x7efaa000
end_va = 0x7efacfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efaa000"
filename = ""
Region:
id = 1968
start_va = 0x3e0000
end_va = 0x3e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003e0000"
filename = ""
Region:
id = 1969
start_va = 0x40e0000
end_va = 0x411ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000040e0000"
filename = ""
Region:
id = 1970
start_va = 0x4330000
end_va = 0x436ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004330000"
filename = ""
Region:
id = 1971
start_va = 0x4e10000
end_va = 0x4f0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e10000"
filename = ""
Region:
id = 1972
start_va = 0x50e0000
end_va = 0x51dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000050e0000"
filename = ""
Region:
id = 1973
start_va = 0x7efa4000
end_va = 0x7efa6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa4000"
filename = ""
Region:
id = 1974
start_va = 0x7efa7000
end_va = 0x7efa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa7000"
filename = ""
Region:
id = 1975
start_va = 0x76880000
end_va = 0x76902fff
monitored = 0
entry_point = 0x768823d2
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 1976
start_va = 0x3f0000
end_va = 0x3f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003f0000"
filename = ""
Region:
id = 1977
start_va = 0x71620000
end_va = 0x71650fff
monitored = 1
entry_point = 0x716212d7
region_type = mapped_file
name = "wbemdisp.dll"
filename = "\\Windows\\SysWOW64\\wbem\\wbemdisp.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemdisp.dll")
Region:
id = 1978
start_va = 0x715c0000
end_va = 0x7161bfff
monitored = 0
entry_point = 0x715e2b48
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\SysWOW64\\wbemcomn.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn.dll")
Region:
id = 1979
start_va = 0x76920000
end_va = 0x76954fff
monitored = 0
entry_point = 0x7692145d
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")
Region:
id = 1980
start_va = 0x754d0000
end_va = 0x754d5fff
monitored = 0
entry_point = 0x754d1782
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")
Region:
id = 1981
start_va = 0x51e0000
end_va = 0x52fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000051e0000"
filename = ""
Region:
id = 1982
start_va = 0x74a80000
end_va = 0x74a8afff
monitored = 0
entry_point = 0x74a852a0
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\SysWOW64\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemprox.dll")
Region:
id = 1983
start_va = 0x71550000
end_va = 0x715b0fff
monitored = 0
entry_point = 0x7158bf40
region_type = mapped_file
name = "wbemcomn2.dll"
filename = "\\Windows\\SysWOW64\\wbemcomn2.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn2.dll")
Region:
id = 1986
start_va = 0x71530000
end_va = 0x71549fff
monitored = 0
entry_point = 0x715403d0
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\SysWOW64\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wmiutils.dll")
Region:
id = 2328
start_va = 0x71520000
end_va = 0x7152efff
monitored = 0
entry_point = 0x715293d0
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemsvc.dll")
Region:
id = 2329
start_va = 0x71470000
end_va = 0x71515fff
monitored = 0
entry_point = 0x714da2f0
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\SysWOW64\\wbem\\fastprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\fastprox.dll")
Region:
id = 2345
start_va = 0x71450000
end_va = 0x71467fff
monitored = 0
entry_point = 0x71451335
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\SysWOW64\\ntdsapi.dll" (normalized: "c:\\windows\\syswow64\\ntdsapi.dll")
Region:
id = 2346
start_va = 0x5300000
end_va = 0x53fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005300000"
filename = ""
Region:
id = 2351
start_va = 0x725b0000
end_va = 0x7260efff
monitored = 0
entry_point = 0x725b2134
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll")
Region:
id = 2352
start_va = 0x5d0000
end_va = 0x5defff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wbemdisp.tlb"
filename = "\\Windows\\SysWOW64\\wbem\\wbemdisp.tlb" (normalized: "c:\\windows\\syswow64\\wbem\\wbemdisp.tlb")
Region:
id = 2362
start_va = 0x51e0000
end_va = 0x529ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui")
Region:
id = 2363
start_va = 0x52c0000
end_va = 0x52fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000052c0000"
filename = ""
Region:
id = 2476
start_va = 0x71410000
end_va = 0x71444fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "custommarshalers.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\CustomMarshalers\\0df8ec76525d72c37f86b6d2ab717e84\\CustomMarshalers.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\custommarshalers\\0df8ec76525d72c37f86b6d2ab717e84\\custommarshalers.ni.dll")
Region:
id = 2481
start_va = 0x713f0000
end_va = 0x71407fff
monitored = 1
entry_point = 0x713f58de
region_type = mapped_file
name = "custommarshalers.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll")
Region:
id = 2501
start_va = 0x5e0000
end_va = 0x5f8fff
monitored = 1
entry_point = 0x5e58de
region_type = mapped_file
name = "custommarshalers.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll")
Region:
id = 2502
start_va = 0x5e0000
end_va = 0x5f8fff
monitored = 1
entry_point = 0x5e58de
region_type = mapped_file
name = "custommarshalers.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll")
Region:
id = 2503
start_va = 0x5e0000
end_va = 0x5f8fff
monitored = 1
entry_point = 0x5e58de
region_type = mapped_file
name = "custommarshalers.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll")
Region:
id = 2504
start_va = 0x5e0000
end_va = 0x5f8fff
monitored = 1
entry_point = 0x5e58de
region_type = mapped_file
name = "custommarshalers.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll")
Region:
id = 2505
start_va = 0x5e0000
end_va = 0x5effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005e0000"
filename = ""
Region:
id = 2539
start_va = 0x5f0000
end_va = 0x5f3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "stdole2.tlb"
filename = "\\Windows\\SysWOW64\\stdole2.tlb" (normalized: "c:\\windows\\syswow64\\stdole2.tlb")
Region:
id = 2547
start_va = 0x6ea90000
end_va = 0x6ebbffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.management.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\e114780fd3ea5727401c06ea4f22ef35\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\e114780fd3ea5727401c06ea4f22ef35\\system.management.ni.dll")
Region:
id = 2630
start_va = 0x4da0000
end_va = 0x4ddffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004da0000"
filename = ""
Region:
id = 2631
start_va = 0x54f0000
end_va = 0x55effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000054f0000"
filename = ""
Region:
id = 2632
start_va = 0x7efa1000
end_va = 0x7efa3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa1000"
filename = ""
Region:
id = 2633
start_va = 0x7ef50000
end_va = 0x7ef9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef50000"
filename = ""
Region:
id = 2634
start_va = 0x7ef40000
end_va = 0x7ef4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef40000"
filename = ""
Region:
id = 2635
start_va = 0x49d0000
end_va = 0x4a0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049d0000"
filename = ""
Region:
id = 2636
start_va = 0x57a0000
end_va = 0x589ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000057a0000"
filename = ""
Region:
id = 2637
start_va = 0x7ef3d000
end_va = 0x7ef3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef3d000"
filename = ""
Region:
id = 2638
start_va = 0x71380000
end_va = 0x713a0fff
monitored = 1
entry_point = 0x713898e0
region_type = mapped_file
name = "wminet_utils.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WMINet_Utils.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\wminet_utils.dll")
Region:
id = 2643
start_va = 0x810000
end_va = 0x81ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000810000"
filename = ""
Region:
id = 2664
start_va = 0x820000
end_va = 0x82ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000820000"
filename = ""
Region:
id = 2668
start_va = 0x820000
end_va = 0x82ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000820000"
filename = ""
Region:
id = 2681
start_va = 0x820000
end_va = 0x82ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000820000"
filename = ""
Region:
id = 2682
start_va = 0x4920000
end_va = 0x495ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004920000"
filename = ""
Region:
id = 2683
start_va = 0x5660000
end_va = 0x575ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005660000"
filename = ""
Region:
id = 2684
start_va = 0x2030000
end_va = 0x206ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002030000"
filename = ""
Region:
id = 2685
start_va = 0x57f0000
end_va = 0x58effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000057f0000"
filename = ""
Region:
id = 2686
start_va = 0x7ef3a000
end_va = 0x7ef3cfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef3a000"
filename = ""
Region:
id = 2699
start_va = 0x820000
end_va = 0x824fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000820000"
filename = ""
Thread:
id = 22
os_tid = 0xa20
[0156.282] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0157.455] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1e4
[0157.456] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1e8
[0157.609] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x2adf34 | out: phkResult=0x2adf34*=0x1f8) returned 0x0
[0157.611] RegQueryValueExW (in: hKey=0x1f8, lpValueName="InstallationType", lpReserved=0x0, lpType=0x2adf54, lpData=0x0, lpcbData=0x2adf50*=0x0 | out: lpType=0x2adf54*=0x1, lpData=0x0, lpcbData=0x2adf50*=0xe) returned 0x0
[0157.612] RegQueryValueExW (in: hKey=0x1f8, lpValueName="InstallationType", lpReserved=0x0, lpType=0x2adf54, lpData=0x20d4178, lpcbData=0x2adf50*=0xe | out: lpType=0x2adf54*=0x1, lpData="Client", lpcbData=0x2adf50*=0xe) returned 0x0
[0157.614] RegCloseKey (hKey=0x1f8) returned 0x0
[0158.008] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ad5e8 | out: phkResult=0x2ad5e8*=0x0) returned 0x2
[0158.008] RegCloseKey (hKey=0x80000002) returned 0x0
[0158.311] GetCurrentProcess () returned 0xffffffff
[0158.311] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2adc24 | out: TokenHandle=0x2adc24*=0x40) returned 1
[0158.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x2ad6dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e
[0158.325] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x2adc1c | out: lpFileInformation=0x2adc1c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0158.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x2ad6a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0158.328] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x2adc24 | out: lpFileInformation=0x2adc24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0158.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x2ad644, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0158.330] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2adb5c) returned 1
[0158.331] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f8
[0158.331] GetFileType (hFile=0x1f8) returned 0x1
[0158.331] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2adb58) returned 1
[0158.331] GetFileType (hFile=0x1f8) returned 0x1
[0158.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x2ace98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43
[0158.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x2acefc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43
[0158.366] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ad13c) returned 1
[0158.367] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x2ad400 | out: lpFileInformation=0x2ad400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0158.367] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ad138) returned 1
[0158.456] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x2ad2cc | out: pfEnabled=0x2ad2cc) returned 0x0
[0158.513] GetFileSize (in: hFile=0x1f8, lpFileSizeHigh=0x2adc18 | out: lpFileSizeHigh=0x2adc18*=0x0) returned 0x8c8e
[0158.515] ReadFile (in: hFile=0x1f8, lpBuffer=0x20ffbbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2adbd4, lpOverlapped=0x0 | out: lpBuffer=0x20ffbbc*, lpNumberOfBytesRead=0x2adbd4*=0x1000, lpOverlapped=0x0) returned 1
[0158.541] ReadFile (in: hFile=0x1f8, lpBuffer=0x20ffbbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ada84, lpOverlapped=0x0 | out: lpBuffer=0x20ffbbc*, lpNumberOfBytesRead=0x2ada84*=0x1000, lpOverlapped=0x0) returned 1
[0158.543] ReadFile (in: hFile=0x1f8, lpBuffer=0x20ffbbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ad938, lpOverlapped=0x0 | out: lpBuffer=0x20ffbbc*, lpNumberOfBytesRead=0x2ad938*=0x1000, lpOverlapped=0x0) returned 1
[0158.544] ReadFile (in: hFile=0x1f8, lpBuffer=0x20ffbbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ad938, lpOverlapped=0x0 | out: lpBuffer=0x20ffbbc*, lpNumberOfBytesRead=0x2ad938*=0x1000, lpOverlapped=0x0) returned 1
[0158.545] ReadFile (in: hFile=0x1f8, lpBuffer=0x20ffbbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ad938, lpOverlapped=0x0 | out: lpBuffer=0x20ffbbc*, lpNumberOfBytesRead=0x2ad938*=0x1000, lpOverlapped=0x0) returned 1
[0158.545] ReadFile (in: hFile=0x1f8, lpBuffer=0x20ffbbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ad870, lpOverlapped=0x0 | out: lpBuffer=0x20ffbbc*, lpNumberOfBytesRead=0x2ad870*=0x1000, lpOverlapped=0x0) returned 1
[0158.554] ReadFile (in: hFile=0x1f8, lpBuffer=0x20ffbbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ad9dc, lpOverlapped=0x0 | out: lpBuffer=0x20ffbbc*, lpNumberOfBytesRead=0x2ad9dc*=0x1000, lpOverlapped=0x0) returned 1
[0158.556] ReadFile (in: hFile=0x1f8, lpBuffer=0x20ffbbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ad8d0, lpOverlapped=0x0 | out: lpBuffer=0x20ffbbc*, lpNumberOfBytesRead=0x2ad8d0*=0x1000, lpOverlapped=0x0) returned 1
[0158.556] ReadFile (in: hFile=0x1f8, lpBuffer=0x20ffbbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ad8d0, lpOverlapped=0x0 | out: lpBuffer=0x20ffbbc*, lpNumberOfBytesRead=0x2ad8d0*=0xc8e, lpOverlapped=0x0) returned 1
[0158.556] ReadFile (in: hFile=0x1f8, lpBuffer=0x20ffbbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ad994, lpOverlapped=0x0 | out: lpBuffer=0x20ffbbc*, lpNumberOfBytesRead=0x2ad994*=0x0, lpOverlapped=0x0) returned 1
[0158.557] CloseHandle (hObject=0x1f8) returned 1
[0158.557] CloseHandle (hObject=0x40) returned 1
[0158.558] GetCurrentProcess () returned 0xffffffff
[0158.558] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2add70 | out: TokenHandle=0x2add70*=0x40) returned 1
[0158.559] CloseHandle (hObject=0x40) returned 1
[0158.559] GetCurrentProcess () returned 0xffffffff
[0158.559] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2add70 | out: TokenHandle=0x2add70*=0x40) returned 1
[0158.560] CloseHandle (hObject=0x40) returned 1
[0158.569] GetCurrentProcess () returned 0xffffffff
[0158.569] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2adc24 | out: TokenHandle=0x2adc24*=0x40) returned 1
[0158.570] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe.config" (normalized: "c:\\users\\keecfmwgj\\desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x2adc1c | out: lpFileInformation=0x2adc1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0158.570] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe.config", nBufferLength=0x105, lpBuffer=0x2ad6a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe.config", lpFilePart=0x0) returned 0x66
[0158.571] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe.config" (normalized: "c:\\users\\keecfmwgj\\desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x2adc24 | out: lpFileInformation=0x2adc24*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0158.571] CloseHandle (hObject=0x40) returned 1
[0158.571] GetCurrentProcess () returned 0xffffffff
[0158.571] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2add70 | out: TokenHandle=0x2add70*=0x40) returned 1
[0158.572] CloseHandle (hObject=0x40) returned 1
[0158.573] GetCurrentProcess () returned 0xffffffff
[0158.573] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2add70 | out: TokenHandle=0x2add70*=0x40) returned 1
[0158.574] CloseHandle (hObject=0x40) returned 1
[0158.599] GetCurrentProcess () returned 0xffffffff
[0158.599] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2adb88 | out: TokenHandle=0x2adb88*=0x40) returned 1
[0158.633] CloseHandle (hObject=0x40) returned 1
[0158.633] GetCurrentProcess () returned 0xffffffff
[0158.634] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2adba0 | out: TokenHandle=0x2adba0*=0x40) returned 1
[0158.635] CloseHandle (hObject=0x40) returned 1
[0158.658] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2aed00 | out: phkResult=0x2aed00*=0x40) returned 0x0
[0158.658] RegQueryValueExW (in: hKey=0x40, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x2aed1c, lpData=0x0, lpcbData=0x2aed18*=0x0 | out: lpType=0x2aed1c*=0x0, lpData=0x0, lpcbData=0x2aed18*=0x0) returned 0x2
[0158.659] RegCloseKey (hKey=0x40) returned 0x0
[0158.664] GetCurrentProcessId () returned 0x8b8
[0158.669] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x2ae59c | out: lpLuid=0x2ae59c*(LowPart=0x14, HighPart=0)) returned 1
[0158.673] GetCurrentProcess () returned 0xffffffff
[0158.674] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x2ae598 | out: TokenHandle=0x2ae598*=0x238) returned 1
[0158.674] AdjustTokenPrivileges (in: TokenHandle=0x238, DisableAllPrivileges=0, NewState=0x211c95c*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
[0158.674] CloseHandle (hObject=0x238) returned 1
[0158.676] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8b8) returned 0x238
[0158.685] EnumProcessModules (in: hProcess=0x238, lphModule=0x211c9a0, cb=0x100, lpcbNeeded=0x2aed0c | out: lphModule=0x211c9a0, lpcbNeeded=0x2aed0c) returned 1
[0158.687] GetModuleInformation (in: hProcess=0x238, hModule=0x400000, lpmodinfo=0x211cae0, cb=0xc | out: lpmodinfo=0x211cae0*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x435cce)) returned 1
[0158.689] CoTaskMemAlloc (cb=0x804) returned 0x8bc520
[0158.689] GetModuleBaseNameW (in: hProcess=0x238, hModule=0x400000, lpBaseName=0x8bc520, nSize=0x800 | out: lpBaseName="89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe") returned 0x44
[0158.690] CoTaskMemFree (pv=0x8bc520)
[0158.690] CoTaskMemAlloc (cb=0x804) returned 0x8bc520
[0158.690] GetModuleFileNameExW (in: hProcess=0x238, hModule=0x400000, lpFilename=0x8bc520, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe")) returned 0x5f
[0158.691] CoTaskMemFree (pv=0x8bc520)
[0158.691] CloseHandle (hObject=0x238) returned 1
[0158.692] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe", nBufferLength=0x105, lpBuffer=0x2ae834, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe", lpFilePart=0x0) returned 0x5f
[0158.693] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseHttpPipeliningAndBufferPooling", ulOptions=0x0, samDesired=0x20019, phkResult=0x2aed04 | out: phkResult=0x2aed04*=0x0) returned 0x2
[0158.693] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2aed04 | out: phkResult=0x2aed04*=0x238) returned 0x0
[0158.694] RegQueryValueExW (in: hKey=0x238, lpValueName="UseHttpPipeliningAndBufferPooling", lpReserved=0x0, lpType=0x2aed20, lpData=0x0, lpcbData=0x2aed1c*=0x0 | out: lpType=0x2aed20*=0x0, lpData=0x0, lpcbData=0x2aed1c*=0x0) returned 0x2
[0158.694] RegCloseKey (hKey=0x238) returned 0x0
[0158.694] GetCurrentProcessId () returned 0x8b8
[0158.695] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8b8) returned 0x238
[0158.695] EnumProcessModules (in: hProcess=0x238, lphModule=0x211f718, cb=0x100, lpcbNeeded=0x2aed0c | out: lphModule=0x211f718, lpcbNeeded=0x2aed0c) returned 1
[0158.696] GetModuleInformation (in: hProcess=0x238, hModule=0x400000, lpmodinfo=0x211f858, cb=0xc | out: lpmodinfo=0x211f858*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x435cce)) returned 1
[0158.697] CoTaskMemAlloc (cb=0x804) returned 0x8bc520
[0158.697] GetModuleBaseNameW (in: hProcess=0x238, hModule=0x400000, lpBaseName=0x8bc520, nSize=0x800 | out: lpBaseName="89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe") returned 0x44
[0158.697] CoTaskMemFree (pv=0x8bc520)
[0158.697] CoTaskMemAlloc (cb=0x804) returned 0x8bc520
[0158.697] GetModuleFileNameExW (in: hProcess=0x238, hModule=0x400000, lpFilename=0x8bc520, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe")) returned 0x5f
[0158.697] CoTaskMemFree (pv=0x8bc520)
[0158.697] CloseHandle (hObject=0x238) returned 1
[0158.697] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe", nBufferLength=0x105, lpBuffer=0x2ae834, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe", lpFilePart=0x0) returned 0x5f
[0158.698] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseSafeSynchronousClose", ulOptions=0x0, samDesired=0x20019, phkResult=0x2aed04 | out: phkResult=0x2aed04*=0x0) returned 0x2
[0158.698] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2aed04 | out: phkResult=0x2aed04*=0x238) returned 0x0
[0158.698] RegQueryValueExW (in: hKey=0x238, lpValueName="UseSafeSynchronousClose", lpReserved=0x0, lpType=0x2aed20, lpData=0x0, lpcbData=0x2aed1c*=0x0 | out: lpType=0x2aed20*=0x0, lpData=0x0, lpcbData=0x2aed1c*=0x0) returned 0x2
[0158.698] RegCloseKey (hKey=0x238) returned 0x0
[0158.700] GetCurrentProcessId () returned 0x8b8
[0158.700] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8b8) returned 0x238
[0158.700] EnumProcessModules (in: hProcess=0x238, lphModule=0x21222fc, cb=0x100, lpcbNeeded=0x2aed0c | out: lphModule=0x21222fc, lpcbNeeded=0x2aed0c) returned 1
[0158.701] GetModuleInformation (in: hProcess=0x238, hModule=0x400000, lpmodinfo=0x212243c, cb=0xc | out: lpmodinfo=0x212243c*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x435cce)) returned 1
[0158.701] CoTaskMemAlloc (cb=0x804) returned 0x8bc520
[0158.701] GetModuleBaseNameW (in: hProcess=0x238, hModule=0x400000, lpBaseName=0x8bc520, nSize=0x800 | out: lpBaseName="89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe") returned 0x44
[0158.701] CoTaskMemFree (pv=0x8bc520)
[0158.701] CoTaskMemAlloc (cb=0x804) returned 0x8bc520
[0158.701] GetModuleFileNameExW (in: hProcess=0x238, hModule=0x400000, lpFilename=0x8bc520, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe")) returned 0x5f
[0158.702] CoTaskMemFree (pv=0x8bc520)
[0158.702] CloseHandle (hObject=0x238) returned 1
[0158.702] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe", nBufferLength=0x105, lpBuffer=0x2ae834, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe", lpFilePart=0x0) returned 0x5f
[0158.703] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseStrictRfcInterimResponseHandling", ulOptions=0x0, samDesired=0x20019, phkResult=0x2aed04 | out: phkResult=0x2aed04*=0x0) returned 0x2
[0158.703] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2aed04 | out: phkResult=0x2aed04*=0x238) returned 0x0
[0158.703] RegQueryValueExW (in: hKey=0x238, lpValueName="UseStrictRfcInterimResponseHandling", lpReserved=0x0, lpType=0x2aed20, lpData=0x0, lpcbData=0x2aed1c*=0x0 | out: lpType=0x2aed20*=0x0, lpData=0x0, lpcbData=0x2aed1c*=0x0) returned 0x2
[0158.703] RegCloseKey (hKey=0x238) returned 0x0
[0158.704] GetCurrentProcessId () returned 0x8b8
[0158.704] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8b8) returned 0x238
[0158.704] EnumProcessModules (in: hProcess=0x238, lphModule=0x2124eb4, cb=0x100, lpcbNeeded=0x2aed0c | out: lphModule=0x2124eb4, lpcbNeeded=0x2aed0c) returned 1
[0158.705] GetModuleInformation (in: hProcess=0x238, hModule=0x400000, lpmodinfo=0x2124ff4, cb=0xc | out: lpmodinfo=0x2124ff4*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x435cce)) returned 1
[0158.705] CoTaskMemAlloc (cb=0x804) returned 0x8bc520
[0158.705] GetModuleBaseNameW (in: hProcess=0x238, hModule=0x400000, lpBaseName=0x8bc520, nSize=0x800 | out: lpBaseName="89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe") returned 0x44
[0158.706] CoTaskMemFree (pv=0x8bc520)
[0158.706] CoTaskMemAlloc (cb=0x804) returned 0x8bc520
[0158.706] GetModuleFileNameExW (in: hProcess=0x238, hModule=0x400000, lpFilename=0x8bc520, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe")) returned 0x5f
[0158.706] CoTaskMemFree (pv=0x8bc520)
[0158.706] CloseHandle (hObject=0x238) returned 1
[0158.706] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe", nBufferLength=0x105, lpBuffer=0x2ae834, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe", lpFilePart=0x0) returned 0x5f
[0158.707] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowDangerousUnicodeDecompositions", ulOptions=0x0, samDesired=0x20019, phkResult=0x2aed04 | out: phkResult=0x2aed04*=0x0) returned 0x2
[0158.707] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2aed04 | out: phkResult=0x2aed04*=0x238) returned 0x0
[0158.709] RegQueryValueExW (in: hKey=0x238, lpValueName="AllowDangerousUnicodeDecompositions", lpReserved=0x0, lpType=0x2aed20, lpData=0x0, lpcbData=0x2aed1c*=0x0 | out: lpType=0x2aed20*=0x0, lpData=0x0, lpcbData=0x2aed1c*=0x0) returned 0x2
[0158.710] RegCloseKey (hKey=0x238) returned 0x0
[0158.710] GetCurrentProcessId () returned 0x8b8
[0158.710] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8b8) returned 0x238
[0158.710] EnumProcessModules (in: hProcess=0x238, lphModule=0x21279ec, cb=0x100, lpcbNeeded=0x2aed0c | out: lphModule=0x21279ec, lpcbNeeded=0x2aed0c) returned 1
[0158.712] GetModuleInformation (in: hProcess=0x238, hModule=0x400000, lpmodinfo=0x2127b2c, cb=0xc | out: lpmodinfo=0x2127b2c*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x435cce)) returned 1
[0158.712] CoTaskMemAlloc (cb=0x804) returned 0x8bc520
[0158.712] GetModuleBaseNameW (in: hProcess=0x238, hModule=0x400000, lpBaseName=0x8bc520, nSize=0x800 | out: lpBaseName="89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe") returned 0x44
[0158.712] CoTaskMemFree (pv=0x8bc520)
[0158.712] CoTaskMemAlloc (cb=0x804) returned 0x8bc520
[0158.712] GetModuleFileNameExW (in: hProcess=0x238, hModule=0x400000, lpFilename=0x8bc520, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe")) returned 0x5f
[0158.713] CoTaskMemFree (pv=0x8bc520)
[0158.713] CloseHandle (hObject=0x238) returned 1
[0158.713] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe", nBufferLength=0x105, lpBuffer=0x2ae834, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe", lpFilePart=0x0) returned 0x5f
[0158.713] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.UseStrictIPv6AddressParsing", ulOptions=0x0, samDesired=0x20019, phkResult=0x2aed04 | out: phkResult=0x2aed04*=0x0) returned 0x2
[0158.714] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2aed04 | out: phkResult=0x2aed04*=0x238) returned 0x0
[0158.714] RegQueryValueExW (in: hKey=0x238, lpValueName="UseStrictIPv6AddressParsing", lpReserved=0x0, lpType=0x2aed20, lpData=0x0, lpcbData=0x2aed1c*=0x0 | out: lpType=0x2aed20*=0x0, lpData=0x0, lpcbData=0x2aed1c*=0x0) returned 0x2
[0158.714] RegCloseKey (hKey=0x238) returned 0x0
[0158.715] GetCurrentProcessId () returned 0x8b8
[0158.715] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8b8) returned 0x238
[0158.715] EnumProcessModules (in: hProcess=0x238, lphModule=0x212a514, cb=0x100, lpcbNeeded=0x2aed0c | out: lphModule=0x212a514, lpcbNeeded=0x2aed0c) returned 1
[0158.717] GetModuleInformation (in: hProcess=0x238, hModule=0x400000, lpmodinfo=0x212a654, cb=0xc | out: lpmodinfo=0x212a654*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x435cce)) returned 1
[0158.717] CoTaskMemAlloc (cb=0x804) returned 0x8bc520
[0158.717] GetModuleBaseNameW (in: hProcess=0x238, hModule=0x400000, lpBaseName=0x8bc520, nSize=0x800 | out: lpBaseName="89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe") returned 0x44
[0158.717] CoTaskMemFree (pv=0x8bc520)
[0158.717] CoTaskMemAlloc (cb=0x804) returned 0x8bc520
[0158.717] GetModuleFileNameExW (in: hProcess=0x238, hModule=0x400000, lpFilename=0x8bc520, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe")) returned 0x5f
[0158.718] CoTaskMemFree (pv=0x8bc520)
[0158.718] CloseHandle (hObject=0x238) returned 1
[0158.718] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe", nBufferLength=0x105, lpBuffer=0x2ae834, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe", lpFilePart=0x0) returned 0x5f
[0158.718] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowAllUriEncodingExpansion", ulOptions=0x0, samDesired=0x20019, phkResult=0x2aed04 | out: phkResult=0x2aed04*=0x0) returned 0x2
[0158.719] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2aed04 | out: phkResult=0x2aed04*=0x238) returned 0x0
[0158.719] RegQueryValueExW (in: hKey=0x238, lpValueName="AllowAllUriEncodingExpansion", lpReserved=0x0, lpType=0x2aed20, lpData=0x0, lpcbData=0x2aed1c*=0x0 | out: lpType=0x2aed20*=0x0, lpData=0x0, lpcbData=0x2aed1c*=0x0) returned 0x2
[0158.719] RegCloseKey (hKey=0x238) returned 0x0
[0158.731] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2aed04 | out: phkResult=0x2aed04*=0x238) returned 0x0
[0158.731] RegQueryValueExW (in: hKey=0x238, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x2aed20, lpData=0x0, lpcbData=0x2aed1c*=0x0 | out: lpType=0x2aed20*=0x0, lpData=0x0, lpcbData=0x2aed1c*=0x0) returned 0x2
[0158.731] RegCloseKey (hKey=0x238) returned 0x0
[0158.731] GetCurrentProcessId () returned 0x8b8
[0158.732] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8b8) returned 0x238
[0158.732] EnumProcessModules (in: hProcess=0x238, lphModule=0x212df48, cb=0x100, lpcbNeeded=0x2aed08 | out: lphModule=0x212df48, lpcbNeeded=0x2aed08) returned 1
[0158.733] GetModuleInformation (in: hProcess=0x238, hModule=0x400000, lpmodinfo=0x212e088, cb=0xc | out: lpmodinfo=0x212e088*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x435cce)) returned 1
[0158.733] CoTaskMemAlloc (cb=0x804) returned 0x8bc520
[0158.733] GetModuleBaseNameW (in: hProcess=0x238, hModule=0x400000, lpBaseName=0x8bc520, nSize=0x800 | out: lpBaseName="89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe") returned 0x44
[0158.733] CoTaskMemFree (pv=0x8bc520)
[0158.733] CoTaskMemAlloc (cb=0x804) returned 0x8bc520
[0158.734] GetModuleFileNameExW (in: hProcess=0x238, hModule=0x400000, lpFilename=0x8bc520, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe")) returned 0x5f
[0158.734] CoTaskMemFree (pv=0x8bc520)
[0158.734] CloseHandle (hObject=0x238) returned 1
[0158.734] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe", nBufferLength=0x105, lpBuffer=0x2ae830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe", lpFilePart=0x0) returned 0x5f
[0158.735] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SchSendAuxRecord", ulOptions=0x0, samDesired=0x20019, phkResult=0x2aed00 | out: phkResult=0x2aed00*=0x0) returned 0x2
[0158.735] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2aed00 | out: phkResult=0x2aed00*=0x238) returned 0x0
[0158.735] RegQueryValueExW (in: hKey=0x238, lpValueName="SchSendAuxRecord", lpReserved=0x0, lpType=0x2aed1c, lpData=0x0, lpcbData=0x2aed18*=0x0 | out: lpType=0x2aed1c*=0x0, lpData=0x0, lpcbData=0x2aed18*=0x0) returned 0x2
[0158.735] RegCloseKey (hKey=0x238) returned 0x0
[0158.736] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2aed04 | out: phkResult=0x2aed04*=0x238) returned 0x0
[0158.736] RegQueryValueExW (in: hKey=0x238, lpValueName="SystemDefaultTlsVersions", lpReserved=0x0, lpType=0x2aed20, lpData=0x0, lpcbData=0x2aed1c*=0x0 | out: lpType=0x2aed20*=0x0, lpData=0x0, lpcbData=0x2aed1c*=0x0) returned 0x2
[0158.736] RegCloseKey (hKey=0x238) returned 0x0
[0158.737] GetCurrentProcessId () returned 0x8b8
[0158.737] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8b8) returned 0x238
[0158.737] EnumProcessModules (in: hProcess=0x238, lphModule=0x2130e48, cb=0x100, lpcbNeeded=0x2aed08 | out: lphModule=0x2130e48, lpcbNeeded=0x2aed08) returned 1
[0158.738] GetModuleInformation (in: hProcess=0x238, hModule=0x400000, lpmodinfo=0x2130f88, cb=0xc | out: lpmodinfo=0x2130f88*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x435cce)) returned 1
[0158.738] CoTaskMemAlloc (cb=0x804) returned 0x8bc520
[0158.738] GetModuleBaseNameW (in: hProcess=0x238, hModule=0x400000, lpBaseName=0x8bc520, nSize=0x800 | out: lpBaseName="89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe") returned 0x44
[0158.738] CoTaskMemFree (pv=0x8bc520)
[0158.740] CoTaskMemAlloc (cb=0x804) returned 0x8bc520
[0158.740] GetModuleFileNameExW (in: hProcess=0x238, hModule=0x400000, lpFilename=0x8bc520, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe")) returned 0x5f
[0158.740] CoTaskMemFree (pv=0x8bc520)
[0158.740] CloseHandle (hObject=0x238) returned 1
[0158.741] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe", nBufferLength=0x105, lpBuffer=0x2ae830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe", lpFilePart=0x0) returned 0x5f
[0158.741] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.RequireCertificateEKUs", ulOptions=0x0, samDesired=0x20019, phkResult=0x2aed00 | out: phkResult=0x2aed00*=0x0) returned 0x2
[0158.741] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2aed00 | out: phkResult=0x2aed00*=0x238) returned 0x0
[0158.742] RegQueryValueExW (in: hKey=0x238, lpValueName="RequireCertificateEKUs", lpReserved=0x0, lpType=0x2aed1c, lpData=0x0, lpcbData=0x2aed18*=0x0 | out: lpType=0x2aed1c*=0x0, lpData=0x0, lpcbData=0x2aed18*=0x0) returned 0x2
[0158.742] RegCloseKey (hKey=0x238) returned 0x0
[0158.909] GetCurrentProcessId () returned 0x8b8
[0158.925] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x30d9540, Length=0x20000, ResultLength=0x2aed80 | out: SystemInformation=0x30d9540, ResultLength=0x2aed80*=0xc758) returned 0x0
[0158.948] GetCurrentProcessId () returned 0x8b8
[0158.948] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x30d9540, Length=0x20000, ResultLength=0x2aed70 | out: SystemInformation=0x30d9540, ResultLength=0x2aed70*=0xc758) returned 0x0
[0159.201] CreateBindCtx (in: reserved=0x0, ppbc=0x2aed50 | out: ppbc=0x2aed50*=0x887228) returned 0x0
[0159.202] IUnknown:QueryInterface (in: This=0x887228, riid=0x71cc2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ae80c | out: ppvObject=0x2ae80c*=0x887228) returned 0x0
[0159.203] IUnknown:QueryInterface (in: This=0x887228, riid=0x71db1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2ae7c0 | out: ppvObject=0x2ae7c0*=0x0) returned 0x80004002
[0159.203] IUnknown:QueryInterface (in: This=0x887228, riid=0x71db1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ae5e8 | out: ppvObject=0x2ae5e8*=0x0) returned 0x80004002
[0159.203] IUnknown:AddRef (This=0x887228) returned 0x3
[0159.203] IUnknown:QueryInterface (in: This=0x887228, riid=0x71db182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2ae11c | out: ppvObject=0x2ae11c*=0x0) returned 0x80004002
[0159.203] IUnknown:QueryInterface (in: This=0x887228, riid=0x71db1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2ae0cc | out: ppvObject=0x2ae0cc*=0x0) returned 0x80004002
[0159.204] IUnknown:QueryInterface (in: This=0x887228, riid=0x71ce1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ae0d8 | out: ppvObject=0x2ae0d8*=0x0) returned 0x80004002
[0159.204] CoGetContextToken (in: pToken=0x2ae138 | out: pToken=0x2ae138) returned 0x0
[0159.204] CObjectContext::QueryInterface () returned 0x0
[0159.206] CObjectContext::GetCurrentApartmentType () returned 0x0
[0159.206] Release () returned 0x0
[0159.207] CoGetObjectContext (in: riid=0x71cc2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8b3d5c | out: ppv=0x8b3d5c*=0x890d28) returned 0x0
[0159.260] CoGetContextToken (in: pToken=0x2ae54c | out: pToken=0x2ae54c) returned 0x0
[0159.260] IUnknown:QueryInterface (in: This=0x887228, riid=0x71db1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ae5cc | out: ppvObject=0x2ae5cc*=0x0) returned 0x80004002
[0159.260] IUnknown:Release (This=0x887228) returned 0x2
[0159.261] CoGetContextToken (in: pToken=0x2aeb1c | out: pToken=0x2aeb1c) returned 0x0
[0159.261] CoGetContextToken (in: pToken=0x2aea7c | out: pToken=0x2aea7c) returned 0x0
[0159.261] IUnknown:QueryInterface (in: This=0x887228, riid=0x2aeb4c*(Data1=0xe, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2aeb48 | out: ppvObject=0x2aeb48*=0x887228) returned 0x0
[0159.261] IUnknown:AddRef (This=0x887228) returned 0x4
[0159.261] IUnknown:Release (This=0x887228) returned 0x3
[0159.262] IUnknown:Release (This=0x887228) returned 0x2
[0159.262] CoGetContextToken (in: pToken=0x2aeba4 | out: pToken=0x2aeba4) returned 0x0
[0159.262] IUnknown:AddRef (This=0x887228) returned 0x3
[0159.263] MkParseDisplayName (in: pbc=0x887228, szUserName="WinMgmts:", pchEaten=0x2aed84, ppmk=0x2aed3c | out: pchEaten=0x2aed84, ppmk=0x2aed3c*=0x8d1710) returned 0x0
[0160.374] malloc (_Size=0x80) returned 0xb02de8
[0160.379] DllGetClassObject (in: rclsid=0x8d7b7c*(Data1=0x172bddf8, Data2=0xceea, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), riid=0x2ae970*(Data1=0x11a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2ae028 | out: ppv=0x2ae028*=0x0) returned 0x80004002
[0160.379] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c0810
[0160.379] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0160.379] DllGetClassObject (in: rclsid=0x8d7b7c*(Data1=0x172bddf8, Data2=0xceea, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), riid=0x753bee84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2aeb30 | out: ppv=0x2aeb30*=0x52c0810) returned 0x0
[0160.379] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c0810
[0160.379] WinMGMTS:IClassFactory:CreateInstance (in: This=0x52c0810, pUnkOuter=0x0, riid=0x753bf084*(Data1=0x11a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2aeadc | out: ppvObject=0x2aeadc*=0x52c0850) returned 0x0
[0160.379] GetVersionExW (in: lpVersionInformation=0x2ae928*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x7f, dwMinorVersion=0x36b7, dwBuildNumber=0x3, dwPlatformId=0x2ae98c, szCSDVersion="堡畣\x08쀕") | out: lpVersionInformation=0x2ae928*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0160.380] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x2ae91c | out: phkResult=0x2ae91c*=0x278) returned 0x0
[0160.380] RegQueryValueExW (in: hKey=0x278, lpValueName="Default Impersonation Level", lpReserved=0x0, lpType=0x0, lpData=0x2ae924, lpcbData=0x2ae920*=0x4 | out: lpType=0x0, lpData=0x2ae924*=0x3, lpcbData=0x2ae920*=0x4) returned 0x0
[0160.380] RegCloseKey (hKey=0x278) returned 0x0
[0160.380] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c0828
[0160.380] GetSystemDirectoryW (in: lpBuffer=0x52c0828, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
[0160.380] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\advapi32.dll", hFile=0x0, dwFlags=0x0) returned 0x767e0000
[0160.383] GetProcAddress (hModule=0x767e0000, lpProcName="DuplicateTokenEx") returned 0x767eca24
[0160.383] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0160.383] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c0828
[0160.383] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c0850
[0160.383] WinMGMTS:IUnknown:Release (This=0x52c0810) returned 0x0
[0160.383] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0160.383] WinMGMTS:IParseDisplayName:ParseDisplayName (in: This=0x52c0850, pbc=0x887228, pszDisplayName="WinMgmts:", pchEaten=0x2aecf4, ppmkOut=0x2aecf8 | out: pchEaten=0x2aecf4*=0x9, ppmkOut=0x2aecf8*=0x8d1710) returned 0x0
[0160.383] _wcsnicmp (_String1="WinMgmts:", _String2="WINMGMTS:", _MaxCount=0x9) returned 0
[0160.385] IBindCtx:GetObjectParam (in: This=0x887228, pszKey="WmiObject", ppunk=0x2aebfc | out: ppunk=0x2aebfc*=0x0) returned 0x80004005
[0160.385] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c0860
[0160.385] _wcsnicmp (_String1="", _String2="{", _MaxCount=0x1) returned -123
[0160.385] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c0880
[0160.385] CoCreateInstance (in: rclsid=0x716242b0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x716242a0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x52c0898 | out: ppv=0x52c0898*=0x8be550) returned 0x0
[0161.442] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c08e8
[0161.442] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c0950
[0161.442] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c09b0
[0161.442] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0161.442] GetCurrentThreadId () returned 0xa20
[0161.442] _wcsnicmp (_String1="", _String2="[", _MaxCount=0x1) returned -91
[0161.442] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0161.443] GetCurrentThreadId () returned 0xa20
[0161.444] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x2aeae4 | out: phkResult=0x2aeae4*=0x28c) returned 0x0
[0161.444] RegQueryValueExW (in: hKey=0x28c, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x2aeaec*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x2aeaec*=0x16) returned 0x0
[0161.445] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c09d0
[0161.445] RegQueryValueExW (in: hKey=0x28c, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x52c09d0, lpcbData=0x2aeaec*=0x16 | out: lpType=0x0, lpData=0x52c09d0*=0x72, lpcbData=0x2aeaec*=0x16) returned 0x0
[0161.445] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c09f0
[0161.445] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0161.445] RegCloseKey (hKey=0x28c) returned 0x0
[0161.445] CoCreateInstance (in: rclsid=0x716253b8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x716250dc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x2aeb18 | out: ppv=0x2aeb18*=0x8b5138) returned 0x0
[0161.681] SysStringLen (param_1=".") returned 0x1
[0161.681] WbemDefPath:IWbemPath:SetServer (This=0x8b5138, Name=".") returned 0x0
[0161.681] CoCreateInstance (in: rclsid=0x716253b8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x716250dc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x2aead0 | out: ppv=0x2aead0*=0x8b51a8) returned 0x0
[0161.681] CoCreateInstance (in: rclsid=0x716253b8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x716250dc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x2aea74 | out: ppv=0x2aea74*=0x8b5218) returned 0x0
[0161.681] WbemDefPath:IWbemPath:SetText (This=0x8b5218, uMode=0x4, pszPath="root\\cimv2") returned 0x0
[0161.682] WbemDefPath:IUnknown:Release (This=0x8b5218) returned 0x0
[0161.682] SysStringLen (param_1="root\\cimv2") returned 0xa
[0161.682] WbemDefPath:IWbemPath:SetText (This=0x8b51a8, uMode=0xc, pszPath="root\\cimv2") returned 0x0
[0161.682] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x8b51a8, puCount=0x2aeae0 | out: puCount=0x2aeae0*=0x2) returned 0x0
[0161.682] WbemDefPath:IWbemPath:RemoveAllNamespaces (This=0x8b5138) returned 0x0
[0161.682] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x8b51a8, uIndex=0x0, puNameBufLength=0x2aeaa8*=0x0, pName=0x0 | out: puNameBufLength=0x2aeaa8*=0x5, pName=0x0) returned 0x0
[0161.682] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c0810
[0161.682] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x8b51a8, uIndex=0x0, puNameBufLength=0x2aeaa8*=0x5, pName="ԬÄԬ\x03" | out: puNameBufLength=0x2aeaa8*=0x5, pName="root") returned 0x0
[0161.683] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0161.683] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x8b5138, uIndex=0x0, pszName="root") returned 0x0
[0161.683] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x8b51a8, uIndex=0x1, puNameBufLength=0x2aeaa8*=0x0, pName=0x0 | out: puNameBufLength=0x2aeaa8*=0x6, pName=0x0) returned 0x0
[0161.683] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c0810
[0161.683] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x8b51a8, uIndex=0x1, puNameBufLength=0x2aeaa8*=0x6, pName="ԬÄԬ" | out: puNameBufLength=0x2aeaa8*=0x6, pName="cimv2") returned 0x0
[0161.683] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0161.683] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x8b5138, uIndex=0x1, pszName="cimv2") returned 0x0
[0161.683] WbemDefPath:IUnknown:Release (This=0x8b51a8) returned 0x0
[0161.683] WbemDefPath:IWbemPath:GetText (in: This=0x8b5138, lFlags=4, puBuffLength=0x2aeafc*=0x0, pszText=0x0 | out: puBuffLength=0x2aeafc*=0xf, pszText=0x0) returned 0x0
[0161.683] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c0a10
[0161.683] WbemDefPath:IWbemPath:GetText (in: This=0x8b5138, lFlags=4, puBuffLength=0x2aeafc*=0xf, pszText="ÄԬԬ" | out: puBuffLength=0x2aeafc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0161.683] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0161.683] WbemDefPath:IUnknown:Release (This=0x8b5138) returned 0x0
[0161.683] WbemLocator:IWbemLocator:ConnectServer (in: This=0x8be550, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale=0x0, lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x2aeb84 | out: ppNamespace=0x2aeb84*=0x8862c0) returned 0x0
[0165.897] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c0a10
[0165.898] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c0a80
[0165.898] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c0ae0
[0165.898] WbemLocator:IUnknown:QueryInterface (in: This=0x8862c0, riid=0x716231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2aea54 | out: ppvObject=0x2aea54*=0x8db704) returned 0x0
[0165.898] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x8db704, pProxy=0x8862c0, pAuthnSvc=0x2aea44, pAuthzSvc=0x2aea48, pServerPrincName=0x0, pAuthnLevel=0x2aea70, pImpLevel=0x2aea6c, pAuthInfo=0x0, pCapabilites=0x2aea5c | out: pAuthnSvc=0x2aea44*=0xa, pAuthzSvc=0x2aea48*=0x0, pServerPrincName=0x0, pAuthnLevel=0x2aea70*=0x6, pImpLevel=0x2aea6c*=0x2, pAuthInfo=0x0, pCapabilites=0x2aea5c*=0x1) returned 0x0
[0165.898] WbemLocator:IUnknown:Release (This=0x8db704) returned 0x1
[0165.898] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0165.898] GetCurrentThreadId () returned 0xa20
[0165.898] WbemLocator:IUnknown:QueryInterface (in: This=0x8862c0, riid=0x716231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2aea84 | out: ppvObject=0x2aea84*=0x8db704) returned 0x0
[0165.899] WbemLocator:IClientSecurity:CopyProxy (in: This=0x8db704, pProxy=0x8862c0, ppCopy=0x2aea88 | out: ppCopy=0x2aea88*=0x8dd5e8) returned 0x0
[0165.900] WbemLocator:IUnknown:QueryInterface (in: This=0x8dd5e8, riid=0x716231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ae9a0 | out: ppvObject=0x2ae9a0*=0x8db704) returned 0x0
[0165.900] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x8db704, pProxy=0x8dd5e8, pAuthnSvc=0x2ae9c4, pAuthzSvc=0x2ae9b4, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x2ae9c4*=0xa, pAuthzSvc=0x2ae9b4*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0
[0165.900] WbemLocator:IUnknown:Release (This=0x8db704) returned 0x3
[0165.900] WbemLocator:IUnknown:QueryInterface (in: This=0x8dd5e8, riid=0x716234f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ae978 | out: ppvObject=0x2ae978*=0x8db724) returned 0x0
[0165.900] WbemLocator:IUnknown:QueryInterface (in: This=0x8dd5e8, riid=0x716231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ae97c | out: ppvObject=0x2ae97c*=0x8db704) returned 0x0
[0165.900] WbemLocator:IClientSecurity:SetBlanket (This=0x8db704, pProxy=0x8dd5e8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0165.900] WbemLocator:IUnknown:Release (This=0x8db704) returned 0x4
[0165.900] WbemLocator:IUnknown:Release (This=0x8db724) returned 0x3
[0165.900] WbemLocator:IUnknown:Release (This=0x8db704) returned 0x2
[0165.901] WbemLocator:IUnknown:AddRef (This=0x8dd5e8) returned 0x3
[0165.901] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c0b98
[0165.901] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c09d0
[0165.901] WbemLocator:IUnknown:Release (This=0x8862c0) returned 0x2
[0165.901] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0165.901] GetCurrentThreadId () returned 0xa20
[0165.901] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0165.901] GetCurrentThreadId () returned 0xa20
[0165.901] WbemLocator:IUnknown:QueryInterface (in: This=0x8dd5e8, riid=0x716231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2aeb48 | out: ppvObject=0x2aeb48*=0x8db704) returned 0x0
[0165.901] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x8db704, pProxy=0x8dd5e8, pAuthnSvc=0x2aeb38, pAuthzSvc=0x2aeb3c, pServerPrincName=0x0, pAuthnLevel=0x2aeb68, pImpLevel=0x2aeb6c, pAuthInfo=0x0, pCapabilites=0x2aeb50 | out: pAuthnSvc=0x2aeb38*=0xa, pAuthzSvc=0x2aeb3c*=0x0, pServerPrincName=0x0, pAuthnLevel=0x2aeb68*=0x6, pImpLevel=0x2aeb6c*=0x3, pAuthInfo=0x0, pCapabilites=0x2aeb50*=0x20) returned 0x0
[0165.902] WbemLocator:IUnknown:Release (This=0x8db704) returned 0x2
[0165.902] CreatePointerMoniker (in: punk=0x52c0a10, ppmk=0x2aecf8 | out: ppmk=0x2aecf8*=0x8d1710) returned 0x0
[0165.902] IUnknown:AddRef (This=0x52c0a10) returned 0x2
[0165.902] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0165.902] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0165.902] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0165.902] WbemLocator:IUnknown:Release (This=0x8be550) returned 0x0
[0165.902] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0165.903] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0165.903] WinMGMTS:IUnknown:Release (This=0x52c0850) returned 0x0
[0165.903] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0165.907] IUnknown:QueryInterface (in: This=0x8d1710, riid=0x71cc2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ae800 | out: ppvObject=0x2ae800*=0x8d1710) returned 0x0
[0165.908] IUnknown:QueryInterface (in: This=0x8d1710, riid=0x71db1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x2ae7b4 | out: ppvObject=0x2ae7b4*=0x0) returned 0x80004002
[0165.908] IUnknown:QueryInterface (in: This=0x8d1710, riid=0x71db1e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x2ae5dc | out: ppvObject=0x2ae5dc*=0x0) returned 0x80004002
[0165.909] IUnknown:AddRef (This=0x8d1710) returned 0x3
[0165.909] IUnknown:QueryInterface (in: This=0x8d1710, riid=0x71db182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x2ae110 | out: ppvObject=0x2ae110*=0x0) returned 0x80004002
[0165.909] IUnknown:QueryInterface (in: This=0x8d1710, riid=0x71db1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x2ae0c0 | out: ppvObject=0x2ae0c0*=0x0) returned 0x80004002
[0165.909] IUnknown:QueryInterface (in: This=0x8d1710, riid=0x71ce1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ae0cc | out: ppvObject=0x2ae0cc*=0x8d1724) returned 0x0
[0165.909] IMarshal:GetUnmarshalClass (in: This=0x8d1724, riid=0x71cc2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x2ae0d4 | out: pCid=0x2ae0d4*(Data1=0x306, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0165.909] IUnknown:Release (This=0x8d1724) returned 0x3
[0165.909] CoGetContextToken (in: pToken=0x2ae12c | out: pToken=0x2ae12c) returned 0x0
[0165.909] CoGetContextToken (in: pToken=0x2ae53c | out: pToken=0x2ae53c) returned 0x0
[0165.909] IUnknown:QueryInterface (in: This=0x8d1710, riid=0x71db1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ae5c0 | out: ppvObject=0x2ae5c0*=0x0) returned 0x80004002
[0165.910] IUnknown:Release (This=0x8d1710) returned 0x2
[0165.910] CoGetContextToken (in: pToken=0x2aeb0c | out: pToken=0x2aeb0c) returned 0x0
[0165.910] CoGetContextToken (in: pToken=0x2aea6c | out: pToken=0x2aea6c) returned 0x0
[0165.910] IUnknown:QueryInterface (in: This=0x8d1710, riid=0x2aeb3c*(Data1=0xf, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2aeb38 | out: ppvObject=0x2aeb38*=0x8d1710) returned 0x0
[0165.910] IUnknown:AddRef (This=0x8d1710) returned 0x4
[0165.910] IUnknown:Release (This=0x8d1710) returned 0x3
[0165.911] IUnknown:Release (This=0x887228) returned 0x2
[0165.911] IUnknown:Release (This=0x8d1710) returned 0x2
[0165.916] CoGetContextToken (in: pToken=0x2aeba4 | out: pToken=0x2aeba4) returned 0x0
[0165.916] IUnknown:AddRef (This=0x8d1710) returned 0x3
[0165.917] BindMoniker (in: pmk=0x8d1710, grfOpt=0x0, iidResult=0x2159f10*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvResult=0x2aed40 | out: ppvResult=0x2aed40*=0x52c0a10) returned 0x0
[0165.917] IUnknown:QueryInterface (in: This=0x52c0a10, riid=0x2159f10*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2aed40 | out: ppvObject=0x2aed40*=0x52c0a10) returned 0x0
[0165.921] LoadRegTypeLib (in: rguid=0x7162364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x2ae5ac*=0x0 | out: pptlib=0x2ae5ac*=0x8e1548) returned 0x0
[0166.343] ITypeLib:GetTypeInfoOfGuid (in: This=0x8e1548, GUID=0x52c0a54*(Data1=0x62e522dc, Data2=0x8cf3, Data3=0x40a8, Data4=([0]=0x8b, [1]=0x2e, [2]=0x37, [3]=0xd5, [4]=0x95, [5]=0x65, [6]=0x1e, [7]=0x40)), ppTInfo=0x52c0a3c | out: ppTInfo=0x52c0a3c*=0x8e2f9c) returned 0x0
[0166.343] IUnknown:Release (This=0x8e1548) returned 0x1
[0166.343] IUnknown:AddRef (This=0x8e2f9c) returned 0x2
[0166.343] ITypeInfo:RemoteGetTypeAttr (in: This=0x8e2f9c, ppTypeAttr=0x2ae5dc, pDummy=0xdc6fd665 | out: ppTypeAttr=0x2ae5dc, pDummy=0xdc6fd665) returned 0x0
[0166.484] ITypeInfo:LocalReleaseTypeAttr (This=0x8e2f9c) returned 0x8a37d8
[0166.484] IUnknown:Release (This=0x8e2f9c) returned 0x1
[0166.484] CoGetContextToken (in: pToken=0x2ae130 | out: pToken=0x2ae130) returned 0x0
[0166.485] CoGetContextToken (in: pToken=0x2ae544 | out: pToken=0x2ae544) returned 0x0
[0166.485] IUnknown:Release (This=0x8d1710) returned 0x2
[0166.521] CoGetContextToken (in: pToken=0x2ae814 | out: pToken=0x2ae814) returned 0x0
[0166.521] LoadRegTypeLib (in: rguid=0x7162364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x2ae824*=0x0 | out: pptlib=0x2ae824*=0x8e1548) returned 0x0
[0166.523] ITypeLib:GetTypeInfoOfGuid (in: This=0x8e1548, GUID=0x52c0a44*(Data1=0xd2f68443, Data2=0x85dc, Data3=0x427e, Data4=([0]=0x91, [1]=0xd8, [2]=0x36, [3]=0x65, [4]=0x54, [5]=0xcc, [6]=0x75, [7]=0x4c)), ppTInfo=0x52c0a38 | out: ppTInfo=0x52c0a38*=0x8e2fc8) returned 0x0
[0166.523] IUnknown:Release (This=0x8e1548) returned 0x2
[0166.523] IUnknown:AddRef (This=0x8e2fc8) returned 0x2
[0166.523] DispGetIDsOfNames (in: ptinfo=0x8e2fc8, rgszNames=0x2ae880*="InstancesOf", cNames=0x1, rgdispid=0x2ae870 | out: rgdispid=0x2ae870*=5) returned 0x0
[0166.549] IUnknown:Release (This=0x8e2fc8) returned 0x1
[0166.565] IUnknown:AddRef (This=0x8e2fc8) returned 0x2
[0166.565] ITypeInfo:LocalInvoke (This=0x8e2fc8) returned 0x0
[0166.565] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0166.565] GetCurrentThreadId () returned 0xa20
[0166.565] WbemLocator:IUnknown:AddRef (This=0x8dd5e8) returned 0x3
[0166.565] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0166.565] GetCurrentThreadId () returned 0xa20
[0166.566] IWbemServices:CreateInstanceEnum (in: This=0x8dd5e8, strFilter="Win32_BaseBoard", lFlags=16, pCtx=0x0, ppEnum=0x2ae4c4 | out: ppEnum=0x2ae4c4*=0x88df18) returned 0x0
[0166.593] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c0850
[0166.594] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c08b0
[0166.594] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c0910
[0166.594] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c0970
[0166.594] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c0bf8
[0166.594] IUnknown:QueryInterface (in: This=0x88df18, riid=0x716231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ae3dc | out: ppvObject=0x2ae3dc*=0x88df1c) returned 0x0
[0166.594] IClientSecurity:QueryBlanket (in: This=0x88df1c, pProxy=0x88df18, pAuthnSvc=0x2ae3cc, pAuthzSvc=0x2ae3d0, pServerPrincName=0x0, pAuthnLevel=0x2ae3f8, pImpLevel=0x2ae3f4, pAuthInfo=0x0, pCapabilites=0x2ae3e4 | out: pAuthnSvc=0x2ae3cc*=0xa, pAuthzSvc=0x2ae3d0*=0x0, pServerPrincName=0x0, pAuthnLevel=0x2ae3f8*=0x6, pImpLevel=0x2ae3f4*=0x2, pAuthInfo=0x0, pCapabilites=0x2ae3e4*=0x1) returned 0x0
[0166.594] IUnknown:Release (This=0x88df1c) returned 0x1
[0166.594] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0166.594] GetCurrentThreadId () returned 0xa20
[0166.594] WbemLocator:IUnknown:QueryInterface (in: This=0x8dd5e8, riid=0x716231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ae3c0 | out: ppvObject=0x2ae3c0*=0x8db704) returned 0x0
[0166.595] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x8db704, pProxy=0x8dd5e8, pAuthnSvc=0x2ae3b0, pAuthzSvc=0x2ae3b4, pServerPrincName=0x0, pAuthnLevel=0x2ae3e0, pImpLevel=0x2ae3e4, pAuthInfo=0x0, pCapabilites=0x2ae3c8 | out: pAuthnSvc=0x2ae3b0*=0xa, pAuthzSvc=0x2ae3b4*=0x0, pServerPrincName=0x0, pAuthnLevel=0x2ae3e0*=0x6, pImpLevel=0x2ae3e4*=0x3, pAuthInfo=0x0, pCapabilites=0x2ae3c8*=0x20) returned 0x0
[0166.595] WbemLocator:IUnknown:Release (This=0x8db704) returned 0x3
[0166.595] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0166.595] GetCurrentThreadId () returned 0xa20
[0166.595] WbemLocator:IUnknown:QueryInterface (in: This=0x8dd5e8, riid=0x716231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ae3c0 | out: ppvObject=0x2ae3c0*=0x8db704) returned 0x0
[0166.595] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x8db704, pProxy=0x8dd5e8, pAuthnSvc=0x2ae3b0, pAuthzSvc=0x2ae3b4, pServerPrincName=0x0, pAuthnLevel=0x2ae3e4, pImpLevel=0x2ae3e0, pAuthInfo=0x0, pCapabilites=0x2ae3c8 | out: pAuthnSvc=0x2ae3b0*=0xa, pAuthzSvc=0x2ae3b4*=0x0, pServerPrincName=0x0, pAuthnLevel=0x2ae3e4*=0x6, pImpLevel=0x2ae3e0*=0x3, pAuthInfo=0x0, pCapabilites=0x2ae3c8*=0x20) returned 0x0
[0166.595] WbemLocator:IUnknown:Release (This=0x8db704) returned 0x3
[0166.595] IUnknown:QueryInterface (in: This=0x88df18, riid=0x716231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ae40c | out: ppvObject=0x2ae40c*=0x88df1c) returned 0x0
[0166.595] IClientSecurity:CopyProxy (in: This=0x88df1c, pProxy=0x88df18, ppCopy=0x2ae410 | out: ppCopy=0x2ae410*=0x88dfe0) returned 0x0
[0166.595] IUnknown:QueryInterface (in: This=0x88dfe0, riid=0x716231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ae328 | out: ppvObject=0x2ae328*=0x88dfe4) returned 0x0
[0166.596] IClientSecurity:QueryBlanket (in: This=0x88dfe4, pProxy=0x88dfe0, pAuthnSvc=0x2ae34c, pAuthzSvc=0x2ae33c, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x2ae34c*=0xa, pAuthzSvc=0x2ae33c*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0
[0166.596] IUnknown:Release (This=0x88dfe4) returned 0x3
[0166.596] IUnknown:QueryInterface (in: This=0x88dfe0, riid=0x716234f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ae300 | out: ppvObject=0x2ae300*=0x8e3cac) returned 0x0
[0166.596] IUnknown:QueryInterface (in: This=0x88dfe0, riid=0x716231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ae304 | out: ppvObject=0x2ae304*=0x88dfe4) returned 0x0
[0166.596] IClientSecurity:SetBlanket (This=0x88dfe4, pProxy=0x88dfe0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0166.601] IUnknown:Release (This=0x88dfe4) returned 0x4
[0166.601] WbemLocator:IUnknown:Release (This=0x8e3cac) returned 0x3
[0166.601] IUnknown:Release (This=0x88df1c) returned 0x2
[0166.601] IUnknown:AddRef (This=0x88dfe0) returned 0x3
[0166.601] IUnknown:Release (This=0x88df18) returned 0x2
[0166.601] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x2ae47c | out: pperrinfo=0x2ae47c*=0x0) returned 0x1
[0166.601] WbemLocator:IUnknown:Release (This=0x8dd5e8) returned 0x2
[0166.601] IUnknown:Release (This=0x8e2fc8) returned 0x1
[0166.603] LoadRegTypeLib (in: rguid=0x7162364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x2ae06c*=0x0 | out: pptlib=0x2ae06c*=0x8e1548) returned 0x0
[0166.605] ITypeLib:GetTypeInfoOfGuid (in: This=0x8e1548, GUID=0x52c0888*(Data1=0x4b83d61, Data2=0x21ae, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x33, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0x52c0870 | out: ppTInfo=0x52c0870*=0x8e30d0) returned 0x0
[0166.605] IUnknown:Release (This=0x8e1548) returned 0x3
[0166.605] IUnknown:AddRef (This=0x8e30d0) returned 0x2
[0166.605] ITypeInfo:RemoteGetTypeAttr (in: This=0x8e30d0, ppTypeAttr=0x2ae09c, pDummy=0xdc6fd0a5 | out: ppTypeAttr=0x2ae09c, pDummy=0xdc6fd0a5) returned 0x0
[0166.606] ITypeInfo:LocalReleaseTypeAttr (This=0x8e30d0) returned 0x8a37d8
[0166.606] IUnknown:Release (This=0x8e30d0) returned 0x1
[0166.607] CoGetContextToken (in: pToken=0x2adbf0 | out: pToken=0x2adbf0) returned 0x0
[0166.607] CoGetContextToken (in: pToken=0x2ae004 | out: pToken=0x2ae004) returned 0x0
[0166.607] CoGetContextToken (in: pToken=0x2aebec | out: pToken=0x2aebec) returned 0x0
[0166.607] CoGetContextToken (in: pToken=0x2aeb4c | out: pToken=0x2aeb4c) returned 0x0
[0166.610] CoGetContextToken (in: pToken=0x2aeb6c | out: pToken=0x2aeb6c) returned 0x0
[0166.610] LoadRegTypeLib (in: rguid=0x7162364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x400, pptlib=0x2aeb7c*=0x0 | out: pptlib=0x2aeb7c*=0x8e1548) returned 0x0
[0166.611] ITypeLib:GetTypeInfoOfGuid (in: This=0x8e1548, GUID=0x52c0878*(Data1=0x76a6415f, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0x52c086c | out: ppTInfo=0x52c086c*=0x8e3078) returned 0x0
[0166.611] IUnknown:Release (This=0x8e1548) returned 0x4
[0166.611] IUnknown:AddRef (This=0x8e3078) returned 0x2
[0166.611] ITypeInfo:LocalInvoke (This=0x8e3078) returned 0x0
[0166.611] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0166.611] GetCurrentThreadId () returned 0xa20
[0166.612] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c0810
[0166.612] IUnknown:Release (This=0x8e3078) returned 0x1
[0166.612] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0170.372] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x8ab9f0
[0170.470] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x8aba78
[0171.093] CoGetContextToken (in: pToken=0x2ae8b4 | out: pToken=0x2ae8b4) returned 0x0
[0171.189] CoGetContextToken (in: pToken=0x2ae3cc | out: pToken=0x2ae3cc) returned 0x0
[0171.189] IUnknown:AddRef (This=0x8e3078) returned 0x2
[0171.189] ITypeInfo:LocalInvoke (This=0x8e3078) returned 0x0
[0171.189] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0171.189] GetCurrentThreadId () returned 0xa20
[0171.191] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0171.191] GetCurrentThreadId () returned 0xa20
[0171.191] IUnknown:AddRef (This=0x88dfe0) returned 0x3
[0171.191] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0171.192] GetCurrentThreadId () returned 0xa20
[0171.192] IEnumWbemClassObject:Clone (in: This=0x88dfe0, ppEnum=0x2ae620 | out: ppEnum=0x2ae620*=0x88e0a8) returned 0x0
[0172.511] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c0cb0
[0172.511] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c0d10
[0172.511] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c0d70
[0172.511] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c0990
[0172.511] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c0dd0
[0172.511] IUnknown:QueryInterface (in: This=0x88e0a8, riid=0x716231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ae538 | out: ppvObject=0x2ae538*=0x88e0ac) returned 0x0
[0172.512] IClientSecurity:QueryBlanket (in: This=0x88e0ac, pProxy=0x88e0a8, pAuthnSvc=0x2ae528, pAuthzSvc=0x2ae52c, pServerPrincName=0x0, pAuthnLevel=0x2ae554, pImpLevel=0x2ae550, pAuthInfo=0x0, pCapabilites=0x2ae540 | out: pAuthnSvc=0x2ae528*=0xa, pAuthzSvc=0x2ae52c*=0x0, pServerPrincName=0x0, pAuthnLevel=0x2ae554*=0x6, pImpLevel=0x2ae550*=0x2, pAuthInfo=0x0, pCapabilites=0x2ae540*=0x1) returned 0x0
[0172.512] IUnknown:Release (This=0x88e0ac) returned 0x1
[0172.512] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0172.512] GetCurrentThreadId () returned 0xa20
[0172.512] IUnknown:QueryInterface (in: This=0x88dfe0, riid=0x716231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ae51c | out: ppvObject=0x2ae51c*=0x88dfe4) returned 0x0
[0172.512] IClientSecurity:QueryBlanket (in: This=0x88dfe4, pProxy=0x88dfe0, pAuthnSvc=0x2ae50c, pAuthzSvc=0x2ae510, pServerPrincName=0x0, pAuthnLevel=0x2ae53c, pImpLevel=0x2ae540, pAuthInfo=0x0, pCapabilites=0x2ae524 | out: pAuthnSvc=0x2ae50c*=0xa, pAuthzSvc=0x2ae510*=0x0, pServerPrincName=0x0, pAuthnLevel=0x2ae53c*=0x6, pImpLevel=0x2ae540*=0x3, pAuthInfo=0x0, pCapabilites=0x2ae524*=0x20) returned 0x0
[0172.512] IUnknown:Release (This=0x88dfe4) returned 0x3
[0172.512] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0172.512] GetCurrentThreadId () returned 0xa20
[0172.513] IUnknown:QueryInterface (in: This=0x88dfe0, riid=0x716231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ae51c | out: ppvObject=0x2ae51c*=0x88dfe4) returned 0x0
[0172.513] IClientSecurity:QueryBlanket (in: This=0x88dfe4, pProxy=0x88dfe0, pAuthnSvc=0x2ae50c, pAuthzSvc=0x2ae510, pServerPrincName=0x0, pAuthnLevel=0x2ae540, pImpLevel=0x2ae53c, pAuthInfo=0x0, pCapabilites=0x2ae524 | out: pAuthnSvc=0x2ae50c*=0xa, pAuthzSvc=0x2ae510*=0x0, pServerPrincName=0x0, pAuthnLevel=0x2ae540*=0x6, pImpLevel=0x2ae53c*=0x3, pAuthInfo=0x0, pCapabilites=0x2ae524*=0x20) returned 0x0
[0172.513] IUnknown:Release (This=0x88dfe4) returned 0x3
[0172.513] IUnknown:QueryInterface (in: This=0x88e0a8, riid=0x716231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ae568 | out: ppvObject=0x2ae568*=0x88e0ac) returned 0x0
[0172.513] IClientSecurity:CopyProxy (in: This=0x88e0ac, pProxy=0x88e0a8, ppCopy=0x2ae56c | out: ppCopy=0x2ae56c*=0x88e170) returned 0x0
[0172.513] IUnknown:QueryInterface (in: This=0x88e170, riid=0x716231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ae484 | out: ppvObject=0x2ae484*=0x88e174) returned 0x0
[0172.513] IClientSecurity:QueryBlanket (in: This=0x88e174, pProxy=0x88e170, pAuthnSvc=0x2ae4a8, pAuthzSvc=0x2ae498, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x2ae4a8*=0xa, pAuthzSvc=0x2ae498*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0
[0172.513] IUnknown:Release (This=0x88e174) returned 0x3
[0172.513] IUnknown:QueryInterface (in: This=0x88e170, riid=0x716234f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ae45c | out: ppvObject=0x2ae45c*=0x8973b4) returned 0x0
[0172.513] IUnknown:QueryInterface (in: This=0x88e170, riid=0x716231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ae460 | out: ppvObject=0x2ae460*=0x88e174) returned 0x0
[0172.513] IClientSecurity:SetBlanket (This=0x88e174, pProxy=0x88e170, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0172.660] IUnknown:Release (This=0x88e174) returned 0x4
[0172.660] WbemLocator:IUnknown:Release (This=0x8973b4) returned 0x3
[0172.660] IUnknown:Release (This=0x88e0ac) returned 0x2
[0172.660] IUnknown:AddRef (This=0x88e170) returned 0x3
[0172.660] IUnknown:Release (This=0x88e0a8) returned 0x2
[0172.660] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x2ae5d8 | out: pperrinfo=0x2ae5d8*=0x0) returned 0x1
[0172.661] IUnknown:Release (This=0x88dfe0) returned 0x2
[0172.661] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0172.661] GetCurrentThreadId () returned 0xa20
[0172.661] IUnknown:AddRef (This=0x88e170) returned 0x3
[0172.661] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0172.661] GetCurrentThreadId () returned 0xa20
[0172.662] IEnumWbemClassObject:Reset (This=0x88e170) returned 0x0
[0172.693] IUnknown:Release (This=0x88e170) returned 0x2
[0172.693] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c0810
[0172.694] IUnknown:Release (This=0x8e3078) returned 0x1
[0172.697] CoGetContextToken (in: pToken=0x2adb98 | out: pToken=0x2adb98) returned 0x0
[0172.697] CoGetContextToken (in: pToken=0x2adfac | out: pToken=0x2adfac) returned 0x0
[0172.718] CoGetContextToken (in: pToken=0x2ae98c | out: pToken=0x2ae98c) returned 0x0
[0172.718] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0172.718] GetCurrentThreadId () returned 0xa20
[0172.718] IUnknown:AddRef (This=0x88e170) returned 0x3
[0172.718] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0172.719] GetCurrentThreadId () returned 0xa20
[0172.719] IEnumWbemClassObject:Next (in: This=0x88e170, lTimeout=-1, uCount=0x1, apObjects=0x2aed0c, puReturned=0x2aed04 | out: apObjects=0x2aed0c*=0x8e6c50, puReturned=0x2aed04*=0x1) returned 0x0
[0172.961] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c0e88
[0172.961] IUnknown:AddRef (This=0x8e6c50) returned 0x2
[0172.961] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c0ed0
[0172.962] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c0f40
[0172.962] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c0fa0
[0172.962] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c09b0
[0172.962] WbemLocator:IUnknown:AddRef (This=0x8dd5e8) returned 0x3
[0172.963] IUnknown:AddRef (This=0x88e170) returned 0x4
[0172.963] IUnknown:QueryInterface (in: This=0x88e170, riid=0x716231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2aec6c | out: ppvObject=0x2aec6c*=0x88e174) returned 0x0
[0172.963] IClientSecurity:QueryBlanket (in: This=0x88e174, pProxy=0x88e170, pAuthnSvc=0x2aec5c, pAuthzSvc=0x2aec60, pServerPrincName=0x0, pAuthnLevel=0x2aec7c, pImpLevel=0x2aec88, pAuthInfo=0x0, pCapabilites=0x2aec74 | out: pAuthnSvc=0x2aec5c*=0xa, pAuthzSvc=0x2aec60*=0x0, pServerPrincName=0x0, pAuthnLevel=0x2aec7c*=0x6, pImpLevel=0x2aec88*=0x3, pAuthInfo=0x0, pCapabilites=0x2aec74*=0x20) returned 0x0
[0172.963] IUnknown:Release (This=0x88e174) returned 0x4
[0172.963] WbemLocator:IUnknown:Release (This=0x8dd5e8) returned 0x2
[0172.963] WbemLocator:IUnknown:AddRef (This=0x8dd5e8) returned 0x3
[0172.963] IUnknown:Release (This=0x88e170) returned 0x3
[0172.963] SysStringLen (param_1="\\\\.\\root\\cimv2") returned 0xe
[0172.963] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c1000
[0172.963] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c1030
[0172.963] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c1050
[0172.963] IUnknown:AddRef (This=0x8e6c50) returned 0x3
[0172.964] IUnknown:Release (This=0x8e6c50) returned 0x2
[0172.964] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x2aecc0 | out: pperrinfo=0x2aecc0*=0x0) returned 0x1
[0172.964] IUnknown:Release (This=0x88e170) returned 0x2
[0172.964] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x2aed04 | out: pperrinfo=0x2aed04*=0x0) returned 0x1
[0172.966] LoadRegTypeLib (in: rguid=0x7162364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x2ae4cc*=0x0 | out: pptlib=0x2ae4cc*=0x8e1548) returned 0x0
[0172.968] ITypeLib:GetTypeInfoOfGuid (in: This=0x8e1548, GUID=0x716370c4*(Data1=0xd6bdafb2, Data2=0x9435, Data3=0x491f, Data4=([0]=0xbb, [1]=0x87, [2]=0x6a, [3]=0xa0, [4]=0xf0, [5]=0xbc, [6]=0x31, [7]=0xa2)), ppTInfo=0x52c101c | out: ppTInfo=0x52c101c*=0x8e30fc) returned 0x0
[0172.968] IUnknown:Release (This=0x8e1548) returned 0x5
[0172.968] IUnknown:AddRef (This=0x8e30fc) returned 0x2
[0172.968] ITypeInfo:RemoteGetTypeAttr (in: This=0x8e30fc, ppTypeAttr=0x2ae50c, pDummy=0xdc6fd555 | out: ppTypeAttr=0x2ae50c, pDummy=0xdc6fd555) returned 0x0
[0172.969] ITypeInfo:LocalReleaseTypeAttr (This=0x8e30fc) returned 0x8a37d8
[0172.970] IUnknown:Release (This=0x8e30fc) returned 0x1
[0172.970] CoGetContextToken (in: pToken=0x2ae060 | out: pToken=0x2ae060) returned 0x0
[0172.970] CoGetContextToken (in: pToken=0x2ae474 | out: pToken=0x2ae474) returned 0x0
[0172.975] CoGetContextToken (in: pToken=0x2ae82c | out: pToken=0x2ae82c) returned 0x0
[0172.976] LoadRegTypeLib (in: rguid=0x7162364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x2ae828*=0x0 | out: pptlib=0x2ae828*=0x8e1548) returned 0x0
[0172.977] ITypeLib:GetTypeInfoOfGuid (in: This=0x8e1548, GUID=0x716255e4*(Data1=0x269ad56a, Data2=0x8a67, Data3=0x4129, Data4=([0]=0xbc, [1]=0x8c, [2]=0x5, [3]=0x6, [4]=0xdc, [5]=0xfe, [6]=0x98, [7]=0x80)), ppTInfo=0x52c1018 | out: ppTInfo=0x52c1018*=0x8e3128) returned 0x0
[0172.977] IUnknown:Release (This=0x8e1548) returned 0x6
[0172.977] IUnknown:AddRef (This=0x8e3128) returned 0x2
[0172.977] DispGetIDsOfNames (in: ptinfo=0x8e3128, rgszNames=0x2ae8a0*="SerialNumber", cNames=0x1, rgdispid=0x2ae890 | out: rgdispid=0x2ae890*=-1) returned 0x80020006
[0173.141] IUnknown:AddRef (This=0x8e6c50) returned 0x3
[0173.141] IWbemClassObject:Get (in: This=0x8e6c50, wszName="SerialNumber", lFlags=0, pVal=0x0, pType=0x0, plFlavor=0x2ae7b0*=0 | out: pVal=0x0, pType=0x0, plFlavor=0x2ae7b0*=0) returned 0x0
[0173.141] IUnknown:Release (This=0x8e6c50) returned 0x2
[0173.142] SysStringLen (param_1="SerialNumber") returned 0xc
[0173.142] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52c1078
[0173.142] SysStringLen (param_1="SerialNumber") returned 0xc
[0173.142] IUnknown:Release (This=0x8e3128) returned 0x1
[0173.142] IUnknown:AddRef (This=0x8e3128) returned 0x2
[0173.142] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0173.142] GetCurrentThreadId () returned 0xa20
[0173.142] SysStringLen (param_1="SerialNumber") returned 0xc
[0173.143] IWbemClassObject:Get (in: This=0x8e6c50, wszName="SerialNumber", lFlags=0, pVal=0x2ae630*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ae668, varVal2=0x71622d81), pType=0x2ae640*=1902259590, plFlavor=0x0 | out: pVal=0x2ae630*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="..CN747510BO0504.", varVal2=0x71622d81), pType=0x2ae640*=8, plFlavor=0x0) returned 0x0
[0173.143] IUnknown:Release (This=0x8e3128) returned 0x1
[0173.144] SysStringByteLen (bstr="..CN747510BO0504.") returned 0x22
[0173.144] SysStringByteLen (bstr="..CN747510BO0504.") returned 0x22
[0173.146] CoGetContextToken (in: pToken=0x2ae98c | out: pToken=0x2ae98c) returned 0x0
[0173.146] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0173.146] GetCurrentThreadId () returned 0xa20
[0173.147] IUnknown:AddRef (This=0x88e170) returned 0x3
[0173.147] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0173.147] GetCurrentThreadId () returned 0xa20
[0173.147] IEnumWbemClassObject:Next (in: This=0x88e170, lTimeout=-1, uCount=0x1, apObjects=0x2aed0c, puReturned=0x2aed04 | out: apObjects=0x2aed0c*=0x0, puReturned=0x2aed04*=0x0) returned 0x1
[0173.228] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x2aecc0 | out: pperrinfo=0x2aecc0*=0x0) returned 0x1
[0173.229] IUnknown:Release (This=0x88e170) returned 0x2
[0173.229] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x2aed04 | out: pperrinfo=0x2aed04*=0x0) returned 0x1
[0173.959] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2b8
[0173.961] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2c4
[0173.998] SetEvent (hEvent=0x2c4) returned 1
[0174.035] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2aecf4*=0x2b8, lpdwindex=0x2aeb18 | out: lpdwindex=0x2aeb18) returned 0x0
[0174.061] CoGetContextToken (in: pToken=0x2aebcc | out: pToken=0x2aebcc) returned 0x0
[0174.061] CoGetContextToken (in: pToken=0x2aeb2c | out: pToken=0x2aeb2c) returned 0x0
[0174.061] WbemDefPath:IUnknown:QueryInterface (in: This=0x8b52f8, riid=0x2aebfc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2aebf8 | out: ppvObject=0x2aebf8*=0x8b52f8) returned 0x0
[0174.062] WbemDefPath:IUnknown:AddRef (This=0x8b52f8) returned 0x3
[0174.062] WbemDefPath:IUnknown:Release (This=0x8b52f8) returned 0x2
[0174.066] WbemDefPath:IWbemPath:SetText (This=0x8b52f8, uMode=0x4, pszPath="win32_processor") returned 0x0
[0174.070] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x8b52f8, puCount=0x2aed74 | out: puCount=0x2aed74*=0x0) returned 0x0
[0174.070] WbemDefPath:IWbemPath:GetText (in: This=0x8b52f8, lFlags=2, puBuffLength=0x2aed70*=0x0, pszText=0x0 | out: puBuffLength=0x2aed70*=0x10, pszText=0x0) returned 0x0
[0174.071] WbemDefPath:IWbemPath:GetText (in: This=0x8b52f8, lFlags=2, puBuffLength=0x2aed70*=0x10, pszText="000000000000000" | out: puBuffLength=0x2aed70*=0x10, pszText="win32_processor") returned 0x0
[0174.072] WbemDefPath:IWbemPath:GetInfo (in: This=0x8b52f8, uRequestedInfo=0x0, puResponse=0x2aed7c | out: puResponse=0x2aed7c*=0xc15) returned 0x0
[0174.072] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x8b52f8, puCount=0x2aed74 | out: puCount=0x2aed74*=0x0) returned 0x0
[0174.072] WbemDefPath:IWbemPath:GetInfo (in: This=0x8b52f8, uRequestedInfo=0x0, puResponse=0x2aed7c | out: puResponse=0x2aed7c*=0xc15) returned 0x0
[0174.072] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x8b52f8, puCount=0x2aed64 | out: puCount=0x2aed64*=0x0) returned 0x0
[0174.072] WbemDefPath:IWbemPath:GetText (in: This=0x8b52f8, lFlags=2, puBuffLength=0x2aed60*=0x0, pszText=0x0 | out: puBuffLength=0x2aed60*=0x10, pszText=0x0) returned 0x0
[0174.072] WbemDefPath:IWbemPath:GetText (in: This=0x8b52f8, lFlags=2, puBuffLength=0x2aed60*=0x10, pszText="000000000000000" | out: puBuffLength=0x2aed60*=0x10, pszText="win32_processor") returned 0x0
[0174.072] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x8b52f8, puCount=0x2aed64 | out: puCount=0x2aed64*=0x0) returned 0x0
[0174.072] WbemDefPath:IWbemPath:GetText (in: This=0x8b52f8, lFlags=2, puBuffLength=0x2aed60*=0x0, pszText=0x0 | out: puBuffLength=0x2aed60*=0x10, pszText=0x0) returned 0x0
[0174.072] WbemDefPath:IWbemPath:GetText (in: This=0x8b52f8, lFlags=2, puBuffLength=0x2aed60*=0x10, pszText="000000000000000" | out: puBuffLength=0x2aed60*=0x10, pszText="win32_processor") returned 0x0
[0174.073] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x8b52f8, puCount=0x2aecf4 | out: puCount=0x2aecf4*=0x0) returned 0x0
[0174.074] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2ec
[0174.074] SetEvent (hEvent=0x2c4) returned 1
[0174.074] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2ae54c*=0x2ec, lpdwindex=0x2ae370 | out: lpdwindex=0x2ae370) returned 0x0
[0174.078] CoGetContextToken (in: pToken=0x2ae424 | out: pToken=0x2ae424) returned 0x0
[0174.078] CoGetContextToken (in: pToken=0x2ae384 | out: pToken=0x2ae384) returned 0x0
[0174.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x8b5368, riid=0x2ae454*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2ae450 | out: ppvObject=0x2ae450*=0x8b5368) returned 0x0
[0174.078] WbemDefPath:IUnknown:AddRef (This=0x8b5368) returned 0x3
[0174.078] WbemDefPath:IUnknown:Release (This=0x8b5368) returned 0x2
[0174.078] WbemDefPath:IWbemPath:SetText (This=0x8b5368, uMode=0x4, pszPath="//./root/cimv2") returned 0x0
[0174.078] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x8b5368, puCount=0x2aece0 | out: puCount=0x2aece0*=0x2) returned 0x0
[0174.078] WbemDefPath:IWbemPath:GetText (in: This=0x8b5368, lFlags=4, puBuffLength=0x2aecdc*=0x0, pszText=0x0 | out: puBuffLength=0x2aecdc*=0xf, pszText=0x0) returned 0x0
[0174.078] WbemDefPath:IWbemPath:GetText (in: This=0x8b5368, lFlags=4, puBuffLength=0x2aecdc*=0xf, pszText="00000000000000" | out: puBuffLength=0x2aecdc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0174.078] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2f0
[0174.078] SetEvent (hEvent=0x2c4) returned 1
[0174.078] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2aec3c*=0x2f0, lpdwindex=0x2aea60 | out: lpdwindex=0x2aea60) returned 0x0
[0174.082] CoGetContextToken (in: pToken=0x2aeb14 | out: pToken=0x2aeb14) returned 0x0
[0174.082] CoGetContextToken (in: pToken=0x2aea74 | out: pToken=0x2aea74) returned 0x0
[0174.082] WbemDefPath:IUnknown:QueryInterface (in: This=0x8b53d8, riid=0x2aeb44*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2aeb40 | out: ppvObject=0x2aeb40*=0x8b53d8) returned 0x0
[0174.082] WbemDefPath:IUnknown:AddRef (This=0x8b53d8) returned 0x3
[0174.082] WbemDefPath:IUnknown:Release (This=0x8b53d8) returned 0x2
[0174.082] WbemDefPath:IWbemPath:SetText (This=0x8b53d8, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0
[0174.082] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x8b53d8, puCount=0x2aecb8 | out: puCount=0x2aecb8*=0x2) returned 0x0
[0174.082] WbemDefPath:IWbemPath:GetText (in: This=0x8b53d8, lFlags=4, puBuffLength=0x2aecb4*=0x0, pszText=0x0 | out: puBuffLength=0x2aecb4*=0xf, pszText=0x0) returned 0x0
[0174.082] WbemDefPath:IWbemPath:GetText (in: This=0x8b53d8, lFlags=4, puBuffLength=0x2aecb4*=0xf, pszText="00000000000000" | out: puBuffLength=0x2aecb4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0174.097] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2aebd8*=0x304, lpdwindex=0x2aea90 | out: lpdwindex=0x2aea90) returned 0x0
[0176.537] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x8b53d8, puCount=0x2aecdc | out: puCount=0x2aecdc*=0x2) returned 0x0
[0176.537] WbemDefPath:IWbemPath:GetText (in: This=0x8b53d8, lFlags=4, puBuffLength=0x2aecd8*=0x0, pszText=0x0 | out: puBuffLength=0x2aecd8*=0xf, pszText=0x0) returned 0x0
[0176.537] WbemDefPath:IWbemPath:GetText (in: This=0x8b53d8, lFlags=4, puBuffLength=0x2aecd8*=0xf, pszText="00000000000000" | out: puBuffLength=0x2aecd8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0176.537] WbemDefPath:IWbemPath:GetText (in: This=0x8b52f8, lFlags=2, puBuffLength=0x2aece0*=0x0, pszText=0x0 | out: puBuffLength=0x2aece0*=0x10, pszText=0x0) returned 0x0
[0176.537] WbemDefPath:IWbemPath:GetText (in: This=0x8b52f8, lFlags=2, puBuffLength=0x2aece0*=0x10, pszText="000000000000000" | out: puBuffLength=0x2aece0*=0x10, pszText="win32_processor") returned 0x0
[0176.544] CoGetContextToken (in: pToken=0x2aea84 | out: pToken=0x2aea84) returned 0x0
[0176.544] CoGetContextToken (in: pToken=0x2ae9e4 | out: pToken=0x2ae9e4) returned 0x0
[0176.544] CoGetContextToken (in: pToken=0x2ae9e4 | out: pToken=0x2ae9e4) returned 0x0
[0176.544] CoGetContextToken (in: pToken=0x2ae984 | out: pToken=0x2ae984) returned 0x0
[0176.544] IUnknown:QueryInterface (in: This=0x890e98, riid=0x71e68ae0*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ae95c | out: ppvObject=0x2ae95c*=0x890ea8) returned 0x0
[0176.544] CObjectContext::ContextCallback () returned 0x0
[0176.583] IUnknown:Release (This=0x890ea8) returned 0x1
[0176.584] CoUnmarshalInterface (in: pStm=0x8ba8a0, riid=0x71cc2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2ae9d8 | out: ppv=0x2ae9d8*=0x8f1c64) returned 0x0
[0176.585] CoMarshalInterface (pStm=0x8ba8a0, riid=0x71cc2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x8f1c64, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0
[0176.585] WbemLocator:IUnknown:QueryInterface (in: This=0x8f1c64, riid=0x2aeab4*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x2aeab0 | out: ppvObject=0x2aeab0*=0x8ddbd8) returned 0x0
[0176.664] WbemLocator:IUnknown:Release (This=0x8f1c64) returned 0x1
[0176.664] IWbemServices:GetObject (in: This=0x8ddbd8, strObjectPath="win32_processor", lFlags=0, pCtx=0x0, ppObject=0x2aec94*=0x0, ppCallResult=0x0 | out: ppObject=0x2aec94*=0x907ab0, ppCallResult=0x0) returned 0x0
[0176.717] WbemLocator:IUnknown:Release (This=0x8ddbd8) returned 0x0
[0176.718] IWbemClassObject:Get (in: This=0x907ab0, wszName="__PATH", lFlags=0, pVal=0x2aec7c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2aed24*=0, plFlavor=0x2aed20*=0 | out: pVal=0x2aec7c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_Processor", varVal2=0x0), pType=0x2aed24*=8, plFlavor=0x2aed20*=64) returned 0x0
[0176.727] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_Processor") returned 0x4e
[0176.727] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_Processor") returned 0x4e
[0176.729] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x344
[0176.729] SetEvent (hEvent=0x2c4) returned 1
[0176.729] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x2aec38*=0x344, lpdwindex=0x2aea5c | out: lpdwindex=0x2aea5c) returned 0x0
[0176.734] CoGetContextToken (in: pToken=0x2aeb0c | out: pToken=0x2aeb0c) returned 0x0
[0176.734] CoGetContextToken (in: pToken=0x2aea6c | out: pToken=0x2aea6c) returned 0x0
[0176.734] WbemDefPath:IUnknown:QueryInterface (in: This=0x8b5448, riid=0x2aeb3c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x2aeb38 | out: ppvObject=0x2aeb38*=0x8b5448) returned 0x0
[0176.734] WbemDefPath:IUnknown:AddRef (This=0x8b5448) returned 0x3
[0176.734] WbemDefPath:IUnknown:Release (This=0x8b5448) returned 0x2
[0176.734] WbemDefPath:IWbemPath:SetText (This=0x8b5448, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_Processor") returned 0x0
[0176.734] IWbemClassObject:Get (in: This=0x907ab0, wszName="__CLASS", lFlags=0, pVal=0x2aecec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2aed6c*=0, plFlavor=0x2aed68*=0 | out: pVal=0x2aecec*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Processor", varVal2=0x0), pType=0x2aed6c*=8, plFlavor=0x2aed68*=64) returned 0x0
[0176.735] SysStringByteLen (bstr="Win32_Processor") returned 0x1e
[0176.735] SysStringByteLen (bstr="Win32_Processor") returned 0x1e
[0176.735] CoGetContextToken (in: pToken=0x2aeb0c | out: pToken=0x2aeb0c) returned 0x0
[0176.735] CoGetContextToken (in: pToken=0x2aea6c | out: pToken=0x2aea6c) returned 0x0
[0176.735] CoGetContextToken (in: pToken=0x2aea6c | out: pToken=0x2aea6c) returned 0x0
[0176.735] CoUnmarshalInterface (in: pStm=0x8ba8a0, riid=0x71cc2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2aea60 | out: ppv=0x2aea60*=0x8f1c64) returned 0x0
[0176.735] CoMarshalInterface (pStm=0x8ba8a0, riid=0x71cc2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x8f1c64, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0
[0176.736] WbemLocator:IUnknown:QueryInterface (in: This=0x8f1c64, riid=0x2aeb3c*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x2aeb38 | out: ppvObject=0x2aeb38*=0x8ddcc8) returned 0x0
[0176.736] WbemLocator:IUnknown:Release (This=0x8f1c64) returned 0x1
[0176.736] IWbemServices:CreateInstanceEnum (in: This=0x8ddcc8, strFilter="Win32_Processor", lFlags=17, pCtx=0x0, ppEnum=0x2aece8 | out: ppEnum=0x2aece8*=0x88e300) returned 0x0
[0176.779] IUnknown:QueryInterface (in: This=0x88e300, riid=0x713835b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2aeb74 | out: ppvObject=0x2aeb74*=0x88e304) returned 0x0
[0176.780] IClientSecurity:QueryBlanket (in: This=0x88e304, pProxy=0x88e300, pAuthnSvc=0x2aebc4, pAuthzSvc=0x2aebc0, pServerPrincName=0x2aebb8, pAuthnLevel=0x2aebbc, pImpLevel=0x2aebac, pAuthInfo=0x2aebb0, pCapabilites=0x2aebb4 | out: pAuthnSvc=0x2aebc4*=0xa, pAuthzSvc=0x2aebc0*=0x0, pServerPrincName=0x2aebb8, pAuthnLevel=0x2aebbc*=0x6, pImpLevel=0x2aebac*=0x2, pAuthInfo=0x2aebb0, pCapabilites=0x2aebb4*=0x1) returned 0x0
[0176.780] IUnknown:Release (This=0x88e304) returned 0x1
[0176.780] IUnknown:QueryInterface (in: This=0x88e300, riid=0x713835a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2aeb68 | out: ppvObject=0x2aeb68*=0x8f1d54) returned 0x0
[0176.780] IUnknown:QueryInterface (in: This=0x88e300, riid=0x713835b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2aeb54 | out: ppvObject=0x2aeb54*=0x88e304) returned 0x0
[0176.780] IClientSecurity:SetBlanket (This=0x88e304, pProxy=0x88e300, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0176.805] IUnknown:Release (This=0x88e304) returned 0x2
[0176.805] WbemLocator:IUnknown:Release (This=0x8f1d54) returned 0x1
[0176.805] CoTaskMemFree (pv=0x8f45d8)
[0176.805] IUnknown:AddRef (This=0x88e300) returned 0x2
[0176.806] CoGetContextToken (in: pToken=0x2ae090 | out: pToken=0x2ae090) returned 0x0
[0176.806] CoGetContextToken (in: pToken=0x2ae4a4 | out: pToken=0x2ae4a4) returned 0x0
[0176.806] IUnknown:QueryInterface (in: This=0x88e300, riid=0x71db1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ae43c | out: ppvObject=0x2ae43c*=0x8f1d3c) returned 0x0
[0176.806] WbemLocator:IRpcOptions:Query (in: This=0x8f1d3c, pPrx=0x8f5488, dwProperty=2, pdwValue=0x2ae530 | out: pdwValue=0x2ae530) returned 0x80004002
[0176.806] WbemLocator:IUnknown:Release (This=0x8f1d3c) returned 0x2
[0176.807] CoGetContextToken (in: pToken=0x2aea74 | out: pToken=0x2aea74) returned 0x0
[0176.807] CoGetContextToken (in: pToken=0x2ae9d4 | out: pToken=0x2ae9d4) returned 0x0
[0176.807] IUnknown:QueryInterface (in: This=0x88e300, riid=0x2aeaa4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x2ae970 | out: ppvObject=0x2ae970*=0x88e300) returned 0x0
[0176.807] IUnknown:Release (This=0x88e300) returned 0x2
[0176.807] WbemLocator:IUnknown:Release (This=0x8ddcc8) returned 0x0
[0176.807] SysStringLen (param_1=0x0) returned 0x0
[0176.808] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x8b53d8, puCount=0x2aed24 | out: puCount=0x2aed24*=0x2) returned 0x0
[0176.808] WbemDefPath:IWbemPath:GetText (in: This=0x8b53d8, lFlags=4, puBuffLength=0x2aed20*=0x0, pszText=0x0 | out: puBuffLength=0x2aed20*=0xf, pszText=0x0) returned 0x0
[0176.808] WbemDefPath:IWbemPath:GetText (in: This=0x8b53d8, lFlags=4, puBuffLength=0x2aed20*=0xf, pszText="00000000000000" | out: puBuffLength=0x2aed20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0176.808] CoGetContextToken (in: pToken=0x2aeb6c | out: pToken=0x2aeb6c) returned 0x0
[0176.808] IEnumWbemClassObject:Clone (in: This=0x88e300, ppEnum=0x2aed24 | out: ppEnum=0x2aed24*=0x88e3c8) returned 0x0
[0176.811] IUnknown:QueryInterface (in: This=0x88e3c8, riid=0x713835b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2aebe0 | out: ppvObject=0x2aebe0*=0x88e3cc) returned 0x0
[0176.811] IClientSecurity:QueryBlanket (in: This=0x88e3cc, pProxy=0x88e3c8, pAuthnSvc=0x2aec30, pAuthzSvc=0x2aec2c, pServerPrincName=0x2aec24, pAuthnLevel=0x2aec28, pImpLevel=0x2aec18, pAuthInfo=0x2aec1c, pCapabilites=0x2aec20 | out: pAuthnSvc=0x2aec30*=0xa, pAuthzSvc=0x2aec2c*=0x0, pServerPrincName=0x2aec24, pAuthnLevel=0x2aec28*=0x6, pImpLevel=0x2aec18*=0x2, pAuthInfo=0x2aec1c, pCapabilites=0x2aec20*=0x1) returned 0x0
[0176.811] IUnknown:Release (This=0x88e3cc) returned 0x1
[0176.811] IUnknown:QueryInterface (in: This=0x88e3c8, riid=0x713835a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2aebd4 | out: ppvObject=0x2aebd4*=0x8f1c64) returned 0x0
[0176.811] IUnknown:QueryInterface (in: This=0x88e3c8, riid=0x713835b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2aebc0 | out: ppvObject=0x2aebc0*=0x88e3cc) returned 0x0
[0176.811] IClientSecurity:SetBlanket (This=0x88e3cc, pProxy=0x88e3c8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0176.814] IUnknown:Release (This=0x88e3cc) returned 0x2
[0176.814] WbemLocator:IUnknown:Release (This=0x8f1c64) returned 0x1
[0176.814] CoTaskMemFree (pv=0x8f45a8)
[0176.815] IUnknown:AddRef (This=0x88e3c8) returned 0x2
[0176.815] CoGetContextToken (in: pToken=0x2ae0f0 | out: pToken=0x2ae0f0) returned 0x0
[0176.815] CoGetContextToken (in: pToken=0x2ae504 | out: pToken=0x2ae504) returned 0x0
[0176.815] IUnknown:QueryInterface (in: This=0x88e3c8, riid=0x71db1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ae49c | out: ppvObject=0x2ae49c*=0x8f1c4c) returned 0x0
[0176.815] WbemLocator:IRpcOptions:Query (in: This=0x8f1c4c, pPrx=0x907f58, dwProperty=2, pdwValue=0x2ae590 | out: pdwValue=0x2ae590) returned 0x80004002
[0176.815] WbemLocator:IUnknown:Release (This=0x8f1c4c) returned 0x2
[0176.815] CoGetContextToken (in: pToken=0x2aead4 | out: pToken=0x2aead4) returned 0x0
[0176.816] CoGetContextToken (in: pToken=0x2aea34 | out: pToken=0x2aea34) returned 0x0
[0176.816] IUnknown:QueryInterface (in: This=0x88e3c8, riid=0x2aeb04*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x2ae9d0 | out: ppvObject=0x2ae9d0*=0x88e3c8) returned 0x0
[0176.816] IUnknown:Release (This=0x88e3c8) returned 0x2
[0176.816] SysStringLen (param_1=0x0) returned 0x0
[0176.816] IEnumWbemClassObject:Reset (This=0x88e3c8) returned 0x0
[0176.824] CoTaskMemAlloc (cb=0x4) returned 0x8e5e98
[0176.825] IEnumWbemClassObject:Next (This=0x88e3c8, lTimeout=-1, uCount=0x1, apObjects=0x8e5e98, puReturned=0x21602b0)
Thread:
id = 25
os_tid = 0x9a8
Thread:
id = 26
os_tid = 0x830
[0156.384] CoGetContextToken (in: pToken=0x44af62c | out: pToken=0x44af62c) returned 0x800401f0
[0156.384] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
Thread:
id = 27
os_tid = 0x834
Thread:
id = 28
os_tid = 0x82c
Thread:
id = 29
os_tid = 0x838
Thread:
id = 30
os_tid = 0x3a0
Thread:
id = 104
os_tid = 0xa28
[0173.995] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0174.053] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x55ef2dc | out: lpiid=0x55ef2dc) returned 0x0
[0174.057] CoGetClassObject (in: rclsid=0x8dc364*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71e16bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x55eeff8 | out: ppv=0x55eeff8*=0x8e5be8) returned 0x0
[0174.057] WbemDefPath:IUnknown:QueryInterface (in: This=0x8e5be8, riid=0x71dddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x55ef210 | out: ppvObject=0x55ef210*=0x0) returned 0x80004002
[0174.057] WbemDefPath:IClassFactory:CreateInstance (in: This=0x8e5be8, pUnkOuter=0x0, riid=0x71cc2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x55ef21c | out: ppvObject=0x55ef21c*=0x8b52f8) returned 0x0
[0174.058] WbemDefPath:IUnknown:Release (This=0x8e5be8) returned 0x0
[0174.058] WbemDefPath:IUnknown:QueryInterface (in: This=0x8b52f8, riid=0x71cc2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x55eee3c | out: ppvObject=0x55eee3c*=0x8b52f8) returned 0x0
[0174.058] WbemDefPath:IUnknown:QueryInterface (in: This=0x8b52f8, riid=0x71db1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x55eedf0 | out: ppvObject=0x55eedf0*=0x0) returned 0x80004002
[0174.059] WbemDefPath:IUnknown:AddRef (This=0x8b52f8) returned 0x3
[0174.059] WbemDefPath:IUnknown:QueryInterface (in: This=0x8b52f8, riid=0x71db182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x55ee74c | out: ppvObject=0x55ee74c*=0x0) returned 0x80004002
[0174.059] WbemDefPath:IUnknown:QueryInterface (in: This=0x8b52f8, riid=0x71db1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x55ee6fc | out: ppvObject=0x55ee6fc*=0x0) returned 0x80004002
[0174.059] WbemDefPath:IUnknown:QueryInterface (in: This=0x8b52f8, riid=0x71ce1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x55ee708 | out: ppvObject=0x55ee708*=0x8e5bc8) returned 0x0
[0174.059] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x8e5bc8, riid=0x71cc2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x55ee710 | out: pCid=0x55ee710*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0174.059] WbemDefPath:IUnknown:Release (This=0x8e5bc8) returned 0x3
[0174.059] CoGetContextToken (in: pToken=0x55ee768 | out: pToken=0x55ee768) returned 0x0
[0174.061] CoGetContextToken (in: pToken=0x55eeb7c | out: pToken=0x55eeb7c) returned 0x0
[0174.061] WbemDefPath:IUnknown:QueryInterface (in: This=0x8b52f8, riid=0x71db1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x55eebfc | out: ppvObject=0x55eebfc*=0x0) returned 0x80004002
[0174.061] WbemDefPath:IUnknown:Release (This=0x8b52f8) returned 0x2
[0174.061] WbemDefPath:IUnknown:Release (This=0x8b52f8) returned 0x1
[0174.061] SetEvent (hEvent=0x2b8) returned 1
[0174.076] CoGetClassObject (in: rclsid=0x8dc364*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71e16bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x55eeff8 | out: ppv=0x55eeff8*=0x8e5d08) returned 0x0
[0174.076] WbemDefPath:IUnknown:QueryInterface (in: This=0x8e5d08, riid=0x71dddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x55ef210 | out: ppvObject=0x55ef210*=0x0) returned 0x80004002
[0174.076] WbemDefPath:IClassFactory:CreateInstance (in: This=0x8e5d08, pUnkOuter=0x0, riid=0x71cc2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x55ef21c | out: ppvObject=0x55ef21c*=0x8b5368) returned 0x0
[0174.076] WbemDefPath:IUnknown:Release (This=0x8e5d08) returned 0x0
[0174.076] WbemDefPath:IUnknown:QueryInterface (in: This=0x8b5368, riid=0x71cc2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x55eee3c | out: ppvObject=0x55eee3c*=0x8b5368) returned 0x0
[0174.076] WbemDefPath:IUnknown:QueryInterface (in: This=0x8b5368, riid=0x71db1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x55eedf0 | out: ppvObject=0x55eedf0*=0x0) returned 0x80004002
[0174.077] WbemDefPath:IUnknown:AddRef (This=0x8b5368) returned 0x3
[0174.077] WbemDefPath:IUnknown:QueryInterface (in: This=0x8b5368, riid=0x71db182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x55ee74c | out: ppvObject=0x55ee74c*=0x0) returned 0x80004002
[0174.077] WbemDefPath:IUnknown:QueryInterface (in: This=0x8b5368, riid=0x71db1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x55ee6fc | out: ppvObject=0x55ee6fc*=0x0) returned 0x80004002
[0174.077] WbemDefPath:IUnknown:QueryInterface (in: This=0x8b5368, riid=0x71ce1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x55ee708 | out: ppvObject=0x55ee708*=0x8e5d18) returned 0x0
[0174.077] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x8e5d18, riid=0x71cc2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x55ee710 | out: pCid=0x55ee710*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0174.077] WbemDefPath:IUnknown:Release (This=0x8e5d18) returned 0x3
[0174.077] CoGetContextToken (in: pToken=0x55ee768 | out: pToken=0x55ee768) returned 0x0
[0174.077] CoGetContextToken (in: pToken=0x55eeb7c | out: pToken=0x55eeb7c) returned 0x0
[0174.077] WbemDefPath:IUnknown:QueryInterface (in: This=0x8b5368, riid=0x71db1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x55eebfc | out: ppvObject=0x55eebfc*=0x0) returned 0x80004002
[0174.077] WbemDefPath:IUnknown:Release (This=0x8b5368) returned 0x2
[0174.077] WbemDefPath:IUnknown:Release (This=0x8b5368) returned 0x1
[0174.077] SetEvent (hEvent=0x2ec) returned 1
[0174.080] CoGetClassObject (in: rclsid=0x8dc364*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71e16bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x55eeff8 | out: ppv=0x55eeff8*=0x8e5d48) returned 0x0
[0174.080] WbemDefPath:IUnknown:QueryInterface (in: This=0x8e5d48, riid=0x71dddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x55ef210 | out: ppvObject=0x55ef210*=0x0) returned 0x80004002
[0174.080] WbemDefPath:IClassFactory:CreateInstance (in: This=0x8e5d48, pUnkOuter=0x0, riid=0x71cc2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x55ef21c | out: ppvObject=0x55ef21c*=0x8b53d8) returned 0x0
[0174.080] WbemDefPath:IUnknown:Release (This=0x8e5d48) returned 0x0
[0174.080] WbemDefPath:IUnknown:QueryInterface (in: This=0x8b53d8, riid=0x71cc2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x55eee3c | out: ppvObject=0x55eee3c*=0x8b53d8) returned 0x0
[0174.080] WbemDefPath:IUnknown:QueryInterface (in: This=0x8b53d8, riid=0x71db1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x55eedf0 | out: ppvObject=0x55eedf0*=0x0) returned 0x80004002
[0174.081] WbemDefPath:IUnknown:AddRef (This=0x8b53d8) returned 0x3
[0174.081] WbemDefPath:IUnknown:QueryInterface (in: This=0x8b53d8, riid=0x71db182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x55ee74c | out: ppvObject=0x55ee74c*=0x0) returned 0x80004002
[0174.081] WbemDefPath:IUnknown:QueryInterface (in: This=0x8b53d8, riid=0x71db1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x55ee6fc | out: ppvObject=0x55ee6fc*=0x0) returned 0x80004002
[0174.081] WbemDefPath:IUnknown:QueryInterface (in: This=0x8b53d8, riid=0x71ce1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x55ee708 | out: ppvObject=0x55ee708*=0x8e5d58) returned 0x0
[0174.081] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x8e5d58, riid=0x71cc2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x55ee710 | out: pCid=0x55ee710*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0174.081] WbemDefPath:IUnknown:Release (This=0x8e5d58) returned 0x3
[0174.081] CoGetContextToken (in: pToken=0x55ee768 | out: pToken=0x55ee768) returned 0x0
[0174.081] CoGetContextToken (in: pToken=0x55eeb7c | out: pToken=0x55eeb7c) returned 0x0
[0174.081] WbemDefPath:IUnknown:QueryInterface (in: This=0x8b53d8, riid=0x71db1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x55eebfc | out: ppvObject=0x55eebfc*=0x0) returned 0x80004002
[0174.081] WbemDefPath:IUnknown:Release (This=0x8b53d8) returned 0x2
[0174.081] WbemDefPath:IUnknown:Release (This=0x8b53d8) returned 0x1
[0174.081] SetEvent (hEvent=0x2f0) returned 1
[0176.732] CoGetClassObject (in: rclsid=0x8dc364*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x71e16bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x55eeff8 | out: ppv=0x55eeff8*=0x8e5df8) returned 0x0
[0176.732] WbemDefPath:IUnknown:QueryInterface (in: This=0x8e5df8, riid=0x71dddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x55ef210 | out: ppvObject=0x55ef210*=0x0) returned 0x80004002
[0176.732] WbemDefPath:IClassFactory:CreateInstance (in: This=0x8e5df8, pUnkOuter=0x0, riid=0x71cc2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x55ef21c | out: ppvObject=0x55ef21c*=0x8b5448) returned 0x0
[0176.732] WbemDefPath:IUnknown:Release (This=0x8e5df8) returned 0x0
[0176.732] WbemDefPath:IUnknown:QueryInterface (in: This=0x8b5448, riid=0x71cc2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x55eee3c | out: ppvObject=0x55eee3c*=0x8b5448) returned 0x0
[0176.732] WbemDefPath:IUnknown:QueryInterface (in: This=0x8b5448, riid=0x71db1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x55eedf0 | out: ppvObject=0x55eedf0*=0x0) returned 0x80004002
[0176.733] WbemDefPath:IUnknown:AddRef (This=0x8b5448) returned 0x3
[0176.733] WbemDefPath:IUnknown:QueryInterface (in: This=0x8b5448, riid=0x71db182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x55ee74c | out: ppvObject=0x55ee74c*=0x0) returned 0x80004002
[0176.733] WbemDefPath:IUnknown:QueryInterface (in: This=0x8b5448, riid=0x71db1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x55ee6fc | out: ppvObject=0x55ee6fc*=0x0) returned 0x80004002
[0176.733] WbemDefPath:IUnknown:QueryInterface (in: This=0x8b5448, riid=0x71ce1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x55ee708 | out: ppvObject=0x55ee708*=0x8e5e08) returned 0x0
[0176.733] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x8e5e08, riid=0x71cc2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x55ee710 | out: pCid=0x55ee710*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0176.733] WbemDefPath:IUnknown:Release (This=0x8e5e08) returned 0x3
[0176.733] CoGetContextToken (in: pToken=0x55ee768 | out: pToken=0x55ee768) returned 0x0
[0176.733] CoGetContextToken (in: pToken=0x55eeb7c | out: pToken=0x55eeb7c) returned 0x0
[0176.733] WbemDefPath:IUnknown:QueryInterface (in: This=0x8b5448, riid=0x71db1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x55eebfc | out: ppvObject=0x55eebfc*=0x0) returned 0x80004002
[0176.733] WbemDefPath:IUnknown:Release (This=0x8b5448) returned 0x2
[0176.733] WbemDefPath:IUnknown:Release (This=0x8b5448) returned 0x1
[0176.733] SetEvent (hEvent=0x344) returned 1
Thread:
id = 105
os_tid = 0x9c4
[0174.091] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0174.092] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x589f3c4 | out: lpiid=0x589f3c4) returned 0x0
[0174.094] CoGetClassObject (in: rclsid=0x8f43d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x71e16bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x589f0e0 | out: ppv=0x589f0e0*=0x8f5440) returned 0x0
[0174.095] WbemLocator:IUnknown:QueryInterface (in: This=0x8f5440, riid=0x71dddd3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x589f2f8 | out: ppvObject=0x589f2f8*=0x0) returned 0x80004002
[0174.095] WbemLocator:IClassFactory:CreateInstance (in: This=0x8f5440, pUnkOuter=0x0, riid=0x71cc2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x589f304 | out: ppvObject=0x589f304*=0x8e5d88) returned 0x0
[0174.095] WbemLocator:IUnknown:Release (This=0x8f5440) returned 0x0
[0174.095] WbemLocator:IUnknown:QueryInterface (in: This=0x8e5d88, riid=0x71cc2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x589ef24 | out: ppvObject=0x589ef24*=0x8e5d88) returned 0x0
[0174.095] WbemLocator:IUnknown:QueryInterface (in: This=0x8e5d88, riid=0x71db1b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x589eed8 | out: ppvObject=0x589eed8*=0x0) returned 0x80004002
[0174.095] WbemLocator:IUnknown:AddRef (This=0x8e5d88) returned 0x3
[0174.095] WbemLocator:IUnknown:QueryInterface (in: This=0x8e5d88, riid=0x71db182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x589e834 | out: ppvObject=0x589e834*=0x0) returned 0x80004002
[0174.095] WbemLocator:IUnknown:QueryInterface (in: This=0x8e5d88, riid=0x71db1764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x589e7e4 | out: ppvObject=0x589e7e4*=0x0) returned 0x80004002
[0174.096] WbemLocator:IUnknown:QueryInterface (in: This=0x8e5d88, riid=0x71ce1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x589e7f0 | out: ppvObject=0x589e7f0*=0x0) returned 0x80004002
[0174.096] CoGetContextToken (in: pToken=0x589e850 | out: pToken=0x589e850) returned 0x0
[0174.096] CoGetObjectContext (in: riid=0x71cc2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f5444 | out: ppv=0x8f5444*=0x890e98) returned 0x0
[0174.104] CoGetContextToken (in: pToken=0x589ec64 | out: pToken=0x589ec64) returned 0x0
[0174.104] WbemLocator:IUnknown:QueryInterface (in: This=0x8e5d88, riid=0x71db1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x589ece4 | out: ppvObject=0x589ece4*=0x0) returned 0x80004002
[0174.105] WbemLocator:IUnknown:Release (This=0x8e5d88) returned 0x2
[0174.105] WbemLocator:IUnknown:Release (This=0x8e5d88) returned 0x1
[0174.105] CoGetContextToken (in: pToken=0x589f2dc | out: pToken=0x589f2dc) returned 0x0
[0174.105] CoGetContextToken (in: pToken=0x589f23c | out: pToken=0x589f23c) returned 0x0
[0174.105] WbemLocator:IUnknown:QueryInterface (in: This=0x8e5d88, riid=0x589f30c*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x589f308 | out: ppvObject=0x589f308*=0x8e5d88) returned 0x0
[0174.105] WbemLocator:IUnknown:AddRef (This=0x8e5d88) returned 0x3
[0174.105] WbemLocator:IUnknown:Release (This=0x8e5d88) returned 0x2
[0174.110] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x8b53d8, puCount=0x589f49c | out: puCount=0x589f49c*=0x2) returned 0x0
[0174.110] WbemDefPath:IWbemPath:GetText (in: This=0x8b53d8, lFlags=8, puBuffLength=0x589f498*=0x0, pszText=0x0 | out: puBuffLength=0x589f498*=0xf, pszText=0x0) returned 0x0
[0174.110] WbemDefPath:IWbemPath:GetText (in: This=0x8b53d8, lFlags=8, puBuffLength=0x589f498*=0xf, pszText="00000000000000" | out: puBuffLength=0x589f498*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0174.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x589e6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e
[0174.123] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", cchWideChar=63, lpMultiByteStr=0x589ebe8, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", lpUsedDefaultChar=0x0) returned 63
[0174.123] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll") returned 0x71380000
[0174.340] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResetSecurity", cchWideChar=13, lpMultiByteStr=0x589ec1c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResetSecuritymµnÅ\x94ÛÝDþÊqøî\x89\x05\x01", lpUsedDefaultChar=0x0) returned 13
[0174.341] GetProcAddress (hModule=0x71380000, lpProcName="ResetSecurity") returned 0x71387dd0
[0174.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetSecurity", cchWideChar=11, lpMultiByteStr=0x589ec1c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetSecurity", lpUsedDefaultChar=0x0) returned 11
[0174.374] GetProcAddress (hModule=0x71380000, lpProcName="SetSecurity") returned 0x71387e20
[0174.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServices", cchWideChar=18, lpMultiByteStr=0x589ec18, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 18
[0174.389] GetProcAddress (hModule=0x71380000, lpProcName="BlessIWbemServices") returned 0x71386e70
[0174.568] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServicesObject", cchWideChar=24, lpMultiByteStr=0x589ec10, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesObject»mµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 24
[0174.568] GetProcAddress (hModule=0x71380000, lpProcName="BlessIWbemServicesObject") returned 0x71386ed0
[0174.685] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyHandle", cchWideChar=17, lpMultiByteStr=0x589ec18, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyHandlemµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 17
[0174.686] GetProcAddress (hModule=0x71380000, lpProcName="GetPropertyHandle") returned 0x71387820
[0174.709] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WritePropertyValue", cchWideChar=18, lpMultiByteStr=0x589ec18, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WritePropertyValueµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 18
[0174.709] GetProcAddress (hModule=0x71380000, lpProcName="WritePropertyValue") returned 0x71387fa0
[0174.872] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x589ec24, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ClonemµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 5
[0174.872] GetProcAddress (hModule=0x71380000, lpProcName="Clone") returned 0x71386f30
[0174.895] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VerifyClientKey", cchWideChar=15, lpMultiByteStr=0x589ec18, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerifyClientKey", lpUsedDefaultChar=0x0) returned 15
[0174.896] GetProcAddress (hModule=0x71380000, lpProcName="VerifyClientKey") returned 0x71387f20
[0175.003] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetQualifierSet", cchWideChar=15, lpMultiByteStr=0x589ec18, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetQualifierSet", lpUsedDefaultChar=0x0) returned 15
[0175.003] GetProcAddress (hModule=0x71380000, lpProcName="GetQualifierSet") returned 0x713878e0
[0175.005] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Get", cchWideChar=3, lpMultiByteStr=0x589ec24, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Get", lpUsedDefaultChar=0x0) returned 3
[0175.006] GetProcAddress (hModule=0x71380000, lpProcName="Get") returned 0x713875c0
[0175.034] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Put", cchWideChar=3, lpMultiByteStr=0x589ec24, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Put", lpUsedDefaultChar=0x0) returned 3
[0175.034] GetProcAddress (hModule=0x71380000, lpProcName="Put") returned 0x71387a00
[0175.135] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Delete", cchWideChar=6, lpMultiByteStr=0x589ec24, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 6
[0175.136] GetProcAddress (hModule=0x71380000, lpProcName="Delete") returned 0x71387300
[0175.177] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetNames", cchWideChar=8, lpMultiByteStr=0x589ec20, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetNames»mµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 8
[0175.177] GetProcAddress (hModule=0x71380000, lpProcName="GetNames") returned 0x713877c0
[0175.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginEnumeration", cchWideChar=16, lpMultiByteStr=0x589ec18, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginEnumeration»mµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 16
[0175.392] GetProcAddress (hModule=0x71380000, lpProcName="BeginEnumeration") returned 0x71386e30
[0175.405] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Next", cchWideChar=4, lpMultiByteStr=0x589ec24, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Next»mµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 4
[0175.406] GetProcAddress (hModule=0x71380000, lpProcName="Next") returned 0x713879a0
[0175.430] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndEnumeration", cchWideChar=14, lpMultiByteStr=0x589ec1c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndEnumerationµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 14
[0175.479] GetProcAddress (hModule=0x71380000, lpProcName="EndEnumeration") returned 0x713873c0
[0175.492] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyQualifierSet", cchWideChar=23, lpMultiByteStr=0x589ec10, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyQualifierSet", lpUsedDefaultChar=0x0) returned 23
[0175.493] GetProcAddress (hModule=0x71380000, lpProcName="GetPropertyQualifierSet") returned 0x713878b0
[0175.511] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x589ec24, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ClonemµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 5
[0175.511] GetProcAddress (hModule=0x71380000, lpProcName="Clone") returned 0x71386f30
[0175.511] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetObjectText", cchWideChar=13, lpMultiByteStr=0x589ec1c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetObjectTextmµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 13
[0175.512] GetProcAddress (hModule=0x71380000, lpProcName="GetObjectText") returned 0x713877f0
[0175.583] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnDerivedClass", cchWideChar=17, lpMultiByteStr=0x589ec18, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnDerivedClassmµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 17
[0175.584] GetProcAddress (hModule=0x71380000, lpProcName="SpawnDerivedClass") returned 0x71387e80
[0175.604] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnInstance", cchWideChar=13, lpMultiByteStr=0x589ec1c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnInstancemµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 13
[0175.604] GetProcAddress (hModule=0x71380000, lpProcName="SpawnInstance") returned 0x71387eb0
[0175.606] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CompareTo", cchWideChar=9, lpMultiByteStr=0x589ec20, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CompareTomµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 9
[0175.607] GetProcAddress (hModule=0x71380000, lpProcName="CompareTo") returned 0x71387020
[0175.635] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyOrigin", cchWideChar=17, lpMultiByteStr=0x589ec18, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyOriginmµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 17
[0175.636] GetProcAddress (hModule=0x71380000, lpProcName="GetPropertyOrigin") returned 0x71387880
[0175.657] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="InheritsFrom", cchWideChar=12, lpMultiByteStr=0x589ec1c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InheritsFrom»mµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 12
[0175.658] GetProcAddress (hModule=0x71380000, lpProcName="InheritsFrom") returned 0x71387900
[0175.660] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethod", cchWideChar=9, lpMultiByteStr=0x589ec20, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodmµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 9
[0175.661] GetProcAddress (hModule=0x71380000, lpProcName="GetMethod") returned 0x71387730
[0175.707] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutMethod", cchWideChar=9, lpMultiByteStr=0x589ec20, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutMethodmµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 9
[0175.708] GetProcAddress (hModule=0x71380000, lpProcName="PutMethod") returned 0x71387bf0
[0175.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DeleteMethod", cchWideChar=12, lpMultiByteStr=0x589ec1c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteMethod»mµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 12
[0175.763] GetProcAddress (hModule=0x71380000, lpProcName="DeleteMethod") returned 0x71387320
[0175.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginMethodEnumeration", cchWideChar=22, lpMultiByteStr=0x589ec14, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginMethodEnumerationµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 22
[0175.766] GetProcAddress (hModule=0x71380000, lpProcName="BeginMethodEnumeration") returned 0x71386e50
[0175.768] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NextMethod", cchWideChar=10, lpMultiByteStr=0x589ec20, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextMethodµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 10
[0175.768] GetProcAddress (hModule=0x71380000, lpProcName="NextMethod") returned 0x713879d0
[0175.803] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndMethodEnumeration", cchWideChar=20, lpMultiByteStr=0x589ec14, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndMethodEnumeration»mµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 20
[0175.804] GetProcAddress (hModule=0x71380000, lpProcName="EndMethodEnumeration") returned 0x713873e0
[0175.806] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodQualifierSet", cchWideChar=21, lpMultiByteStr=0x589ec14, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodQualifierSetmµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 21
[0175.807] GetProcAddress (hModule=0x71380000, lpProcName="GetMethodQualifierSet") returned 0x71387790
[0175.808] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodOrigin", cchWideChar=15, lpMultiByteStr=0x589ec18, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodOrigin", lpUsedDefaultChar=0x0) returned 15
[0175.809] GetProcAddress (hModule=0x71380000, lpProcName="GetMethodOrigin") returned 0x71387760
[0175.811] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Get", cchWideChar=16, lpMultiByteStr=0x589ec18, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Get»mµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 16
[0175.811] GetProcAddress (hModule=0x71380000, lpProcName="QualifierSet_Get") returned 0x71387c80
[0175.852] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Put", cchWideChar=16, lpMultiByteStr=0x589ec18, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Put»mµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 16
[0175.853] GetProcAddress (hModule=0x71380000, lpProcName="QualifierSet_Put") returned 0x71387d10
[0175.876] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Delete", cchWideChar=19, lpMultiByteStr=0x589ec14, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Delete", lpUsedDefaultChar=0x0) returned 19
[0175.876] GetProcAddress (hModule=0x71380000, lpProcName="QualifierSet_Delete") returned 0x71387c40
[0175.878] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_GetNames", cchWideChar=21, lpMultiByteStr=0x589ec14, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetNamesmµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 21
[0175.879] GetProcAddress (hModule=0x71380000, lpProcName="QualifierSet_GetNames") returned 0x71387cb0
[0175.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_BeginEnumeration", cchWideChar=29, lpMultiByteStr=0x589ec0c, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_BeginEnumerationmµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 29
[0175.937] GetProcAddress (hModule=0x71380000, lpProcName="QualifierSet_BeginEnumeration") returned 0x71387c20
[0175.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Next", cchWideChar=17, lpMultiByteStr=0x589ec18, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_NextmµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 17
[0175.939] GetProcAddress (hModule=0x71380000, lpProcName="QualifierSet_Next") returned 0x71387ce0
[0175.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_EndEnumeration", cchWideChar=27, lpMultiByteStr=0x589ec0c, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_EndEnumeration", lpUsedDefaultChar=0x0) returned 27
[0175.964] GetProcAddress (hModule=0x71380000, lpProcName="QualifierSet_EndEnumeration") returned 0x71387c60
[0175.966] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetCurrentApartmentType", cchWideChar=23, lpMultiByteStr=0x589ec10, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentApartmentType", lpUsedDefaultChar=0x0) returned 23
[0175.967] GetProcAddress (hModule=0x71380000, lpProcName="GetCurrentApartmentType") returned 0x713878e0
[0175.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetDemultiplexedStub", cchWideChar=20, lpMultiByteStr=0x589ec14, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDemultiplexedStub»mµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 20
[0175.984] GetProcAddress (hModule=0x71380000, lpProcName="GetDemultiplexedStub") returned 0x713875f0
[0176.005] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateInstanceEnumWmi", cchWideChar=21, lpMultiByteStr=0x589ec14, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateInstanceEnumWmimµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 21
[0176.005] GetProcAddress (hModule=0x71380000, lpProcName="CreateInstanceEnumWmi") returned 0x71387230
[0176.086] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateClassEnumWmi", cchWideChar=18, lpMultiByteStr=0x589ec18, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateClassEnumWmiµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 18
[0176.087] GetProcAddress (hModule=0x71380000, lpProcName="CreateClassEnumWmi") returned 0x71387160
[0176.089] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecQueryWmi", cchWideChar=12, lpMultiByteStr=0x589ec1c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecQueryWmi»mµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 12
[0176.089] GetProcAddress (hModule=0x71380000, lpProcName="ExecQueryWmi") returned 0x713874e0
[0176.156] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecNotificationQueryWmi", cchWideChar=24, lpMultiByteStr=0x589ec10, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecNotificationQueryWmi»mµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 24
[0176.156] GetProcAddress (hModule=0x71380000, lpProcName="ExecNotificationQueryWmi") returned 0x71387400
[0176.159] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutInstanceWmi", cchWideChar=14, lpMultiByteStr=0x589ec1c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutInstanceWmiµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 14
[0176.159] GetProcAddress (hModule=0x71380000, lpProcName="PutInstanceWmi") returned 0x71387b10
[0176.221] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutClassWmi", cchWideChar=11, lpMultiByteStr=0x589ec1c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutClassWmi", lpUsedDefaultChar=0x0) returned 11
[0176.221] GetProcAddress (hModule=0x71380000, lpProcName="PutClassWmi") returned 0x71387a30
[0176.223] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CloneEnumWbemClassObject", cchWideChar=24, lpMultiByteStr=0x589ec10, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CloneEnumWbemClassObject»mµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 24
[0176.224] GetProcAddress (hModule=0x71380000, lpProcName="CloneEnumWbemClassObject") returned 0x71386f50
[0176.318] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ConnectServerWmi", cchWideChar=16, lpMultiByteStr=0x589ec18, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ConnectServerWmi»mµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 16
[0176.318] GetProcAddress (hModule=0x71380000, lpProcName="ConnectServerWmi") returned 0x71387050
[0176.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetErrorInfo", cchWideChar=12, lpMultiByteStr=0x589ec1c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetErrorInfo»mµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 12
[0176.388] GetProcAddress (hModule=0x71380000, lpProcName="GetErrorInfo") returned 0x71387650
[0176.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Initialize", cchWideChar=10, lpMultiByteStr=0x589ec20, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InitializeµnÅ\x94ÛÝDþÊqøî\x89\x05", lpUsedDefaultChar=0x0) returned 10
[0176.397] GetProcAddress (hModule=0x71380000, lpProcName="Initialize") returned 0x71387920
[0176.411] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x589ebd0 | out: phkResult=0x589ebd0*=0x318) returned 0x0
[0176.411] RegQueryValueExW (in: hKey=0x318, lpValueName="WMIDisableCOMSecurity", lpReserved=0x0, lpType=0x589ebec, lpData=0x0, lpcbData=0x589ebe8*=0x0 | out: lpType=0x589ebec*=0x0, lpData=0x0, lpcbData=0x589ebe8*=0x0) returned 0x2
[0176.412] RegCloseKey (hKey=0x318) returned 0x0
[0176.412] CoCreateInstance (in: rclsid=0x71383734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x71383794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x589f348 | out: ppv=0x589f348*=0x8e5dc8) returned 0x0
[0176.413] WbemLocator:IWbemLocator:ConnectServer (in: This=0x8e5dc8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x589f3e8 | out: ppNamespace=0x589f3e8*=0x8ddb38) returned 0x0
[0176.509] WbemLocator:IUnknown:QueryInterface (in: This=0x8ddb38, riid=0x713835b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x589f26c | out: ppvObject=0x589f26c*=0x8f1a64) returned 0x0
[0176.510] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x8f1a64, pProxy=0x8ddb38, pAuthnSvc=0x589f2bc, pAuthzSvc=0x589f2b8, pServerPrincName=0x589f2b0, pAuthnLevel=0x589f2b4, pImpLevel=0x589f2a4, pAuthInfo=0x589f2a8, pCapabilites=0x589f2ac | out: pAuthnSvc=0x589f2bc*=0xa, pAuthzSvc=0x589f2b8*=0x0, pServerPrincName=0x589f2b0, pAuthnLevel=0x589f2b4*=0x6, pImpLevel=0x589f2a4*=0x2, pAuthInfo=0x589f2a8, pCapabilites=0x589f2ac*=0x1) returned 0x0
[0176.510] WbemLocator:IUnknown:Release (This=0x8f1a64) returned 0x1
[0176.510] WbemLocator:IUnknown:QueryInterface (in: This=0x8ddb38, riid=0x713835a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x589f260 | out: ppvObject=0x589f260*=0x8f1a84) returned 0x0
[0176.510] WbemLocator:IUnknown:QueryInterface (in: This=0x8ddb38, riid=0x713835b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x589f24c | out: ppvObject=0x589f24c*=0x8f1a64) returned 0x0
[0176.510] WbemLocator:IClientSecurity:SetBlanket (This=0x8f1a64, pProxy=0x8ddb38, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0176.510] WbemLocator:IUnknown:Release (This=0x8f1a64) returned 0x2
[0176.511] WbemLocator:IUnknown:Release (This=0x8f1a84) returned 0x1
[0176.511] CoTaskMemFree (pv=0x8f4458)
[0176.511] WbemLocator:IUnknown:AddRef (This=0x8ddb38) returned 0x2
[0176.511] WbemLocator:IUnknown:Release (This=0x8e5dc8) returned 0x0
[0176.512] CoGetContextToken (in: pToken=0x589e7a0 | out: pToken=0x589e7a0) returned 0x0
[0176.513] CoGetContextToken (in: pToken=0x589ebb4 | out: pToken=0x589ebb4) returned 0x0
[0176.513] WbemLocator:IUnknown:QueryInterface (in: This=0x8ddb38, riid=0x71db1aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x589eb4c | out: ppvObject=0x589eb4c*=0x8f1a6c) returned 0x0
[0176.513] WbemLocator:IRpcOptions:Query (in: This=0x8f1a6c, pPrx=0x8f55c0, dwProperty=2, pdwValue=0x589ec40 | out: pdwValue=0x589ec40) returned 0x80004002
[0176.513] WbemLocator:IUnknown:Release (This=0x8f1a6c) returned 0x2
[0176.514] CoGetContextToken (in: pToken=0x589f184 | out: pToken=0x589f184) returned 0x0
[0176.514] CoGetContextToken (in: pToken=0x589f0e4 | out: pToken=0x589f0e4) returned 0x0
[0176.514] WbemLocator:IUnknown:QueryInterface (in: This=0x8ddb38, riid=0x589f1b4*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x589f080 | out: ppvObject=0x589f080*=0x8ddb38) returned 0x0
[0176.514] WbemLocator:IUnknown:Release (This=0x8ddb38) returned 0x2
[0176.523] SysStringLen (param_1=0x0) returned 0x0
[0176.525] CoUninitialize ()
Thread:
id = 112
os_tid = 0x7cc
[0176.578] CoGetContextToken (in: pToken=0x575f634 | out: pToken=0x575f634) returned 0x0
[0176.578] CoGetContextToken (in: pToken=0x575f61c | out: pToken=0x575f61c) returned 0x0
[0176.579] CoGetMarshalSizeMax (in: pulSize=0x575f5d8, riid=0x71cc2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x8f55c0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x575f5d8) returned 0x0
[0176.581] CoMarshalInterface (pStm=0x8ba8a0, riid=0x71cc2a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x8f55c0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0
Thread:
id = 113
os_tid = 0x140
[0176.618] WbemLocator:IUnknown:QueryInterface (in: This=0x8ddb38, riid=0x8c44d0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x58eeef0 | out: ppvObject=0x58eeef0*=0x8ddb38) returned 0x0
[0176.618] WbemLocator:IUnknown:QueryInterface (in: This=0x8ddb38, riid=0x714762ec*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x58eee8c | out: ppvObject=0x58eee8c*=0x8ddb38) returned 0x0
[0176.619] WbemLocator:IUnknown:QueryInterface (in: This=0x8ddb38, riid=0x714762ec*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x58eee44 | out: ppvObject=0x58eee44*=0x8ddb38) returned 0x0
[0176.665] IWbemServices:GetObject (in: This=0x8ddb38, strObjectPath="win32_processor", lFlags=0, pCtx=0x0, ppObject=0x58ef00c*=0x0, ppCallResult=0x0 | out: ppObject=0x58ef00c*=0x907ab0, ppCallResult=0x0) returned 0x0
Process:
id = "6"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x6d3a000"
os_pid = "0x360"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "rpc_server"
parent_id = "5"
os_parent_pid = "0x1c4"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d8ed" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 1987
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1988
start_va = 0x20000
end_va = 0x20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "svchost.exe.mui"
filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui")
Region:
id = 1989
start_va = 0x30000
end_va = 0x33fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1990
start_va = 0x40000
end_va = 0x40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 1991
start_va = 0x50000
end_va = 0x50fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 1992
start_va = 0x60000
end_va = 0x60fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 1993
start_va = 0x70000
end_va = 0x70fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000070000"
filename = ""
Region:
id = 1994
start_va = 0x80000
end_va = 0x17ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000080000"
filename = ""
Region:
id = 1995
start_va = 0x180000
end_va = 0x180fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000180000"
filename = ""
Region:
id = 1996
start_va = 0x190000
end_va = 0x20ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000190000"
filename = ""
Region:
id = 1997
start_va = 0x210000
end_va = 0x276fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1998
start_va = 0x280000
end_va = 0x280fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wshtcpip.dll.mui"
filename = "\\Windows\\System32\\en-US\\wshtcpip.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshtcpip.dll.mui")
Region:
id = 1999
start_va = 0x290000
end_va = 0x290fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wship6.dll.mui"
filename = "\\Windows\\System32\\en-US\\wship6.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wship6.dll.mui")
Region:
id = 2000
start_va = 0x2a0000
end_va = 0x2a0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002a0000"
filename = ""
Region:
id = 2001
start_va = 0x2b0000
end_va = 0x2b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002b0000"
filename = ""
Region:
id = 2002
start_va = 0x2c0000
end_va = 0x2cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002c0000"
filename = ""
Region:
id = 2003
start_va = 0x2d0000
end_va = 0x2d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002d0000"
filename = ""
Region:
id = 2004
start_va = 0x2e0000
end_va = 0x2e0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msxml3r.dll"
filename = "\\Windows\\System32\\msxml3r.dll" (normalized: "c:\\windows\\system32\\msxml3r.dll")
Region:
id = 2005
start_va = 0x2f0000
end_va = 0x2f2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wuaueng.dll.mui"
filename = "\\Windows\\System32\\en-US\\wuaueng.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wuaueng.dll.mui")
Region:
id = 2006
start_va = 0x300000
end_va = 0x300fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000300000"
filename = ""
Region:
id = 2007
start_va = 0x310000
end_va = 0x31afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui")
Region:
id = 2008
start_va = 0x320000
end_va = 0x32cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "setupapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui")
Region:
id = 2009
start_va = 0x330000
end_va = 0x33ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000330000"
filename = ""
Region:
id = 2010
start_va = 0x340000
end_va = 0x43ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000340000"
filename = ""
Region:
id = 2011
start_va = 0x440000
end_va = 0x5c7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000440000"
filename = ""
Region:
id = 2012
start_va = 0x5d0000
end_va = 0x750fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005d0000"
filename = ""
Region:
id = 2013
start_va = 0x760000
end_va = 0x81ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000760000"
filename = ""
Region:
id = 2014
start_va = 0x8a0000
end_va = 0x8a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "taskcomp.dll.mui"
filename = "\\Windows\\System32\\en-US\\taskcomp.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\taskcomp.dll.mui")
Region:
id = 2015
start_va = 0x8b0000
end_va = 0x8b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "schedsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\schedsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\schedsvc.dll.mui")
Region:
id = 2016
start_va = 0x8c0000
end_va = 0x8c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 2017
start_va = 0x8d0000
end_va = 0x8dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008d0000"
filename = ""
Region:
id = 2018
start_va = 0x8e0000
end_va = 0x8e1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000008e0000"
filename = ""
Region:
id = 2019
start_va = 0x8f0000
end_va = 0x8f3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 2020
start_va = 0x900000
end_va = 0x901fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000900000"
filename = ""
Region:
id = 2021
start_va = 0x910000
end_va = 0x98ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000910000"
filename = ""
Region:
id = 2022
start_va = 0x990000
end_va = 0x9bffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000e.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db")
Region:
id = 2023
start_va = 0x9c0000
end_va = 0xa3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009c0000"
filename = ""
Region:
id = 2024
start_va = 0xa40000
end_va = 0xa43fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 2025
start_va = 0xa50000
end_va = 0xab5fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db")
Region:
id = 2026
start_va = 0xac0000
end_va = 0xacdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "propsys.dll.mui"
filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui")
Region:
id = 2027
start_va = 0xb50000
end_va = 0xe1efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2028
start_va = 0xe20000
end_va = 0xe27fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vsstrace.dll.mui"
filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui")
Region:
id = 2029
start_va = 0xe30000
end_va = 0xe30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000e30000"
filename = ""
Region:
id = 2030
start_va = 0xe40000
end_va = 0xe5bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "firewallapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\FirewallAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\firewallapi.dll.mui")
Region:
id = 2031
start_va = 0xe60000
end_va = 0xe60fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000e60000"
filename = ""
Region:
id = 2032
start_va = 0xe70000
end_va = 0xe70fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000e70000"
filename = ""
Region:
id = 2033
start_va = 0xe80000
end_va = 0xe99fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e80000"
filename = ""
Region:
id = 2034
start_va = 0xea0000
end_va = 0xea0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000ea0000"
filename = ""
Region:
id = 2035
start_va = 0xeb0000
end_va = 0xeb0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000eb0000"
filename = ""
Region:
id = 2036
start_va = 0xec0000
end_va = 0xecffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000ec0000"
filename = ""
Region:
id = 2037
start_va = 0xed0000
end_va = 0xedffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000ed0000"
filename = ""
Region:
id = 2038
start_va = 0xee0000
end_va = 0xeeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000ee0000"
filename = ""
Region:
id = 2039
start_va = 0xef0000
end_va = 0xefffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000ef0000"
filename = ""
Region:
id = 2040
start_va = 0xf00000
end_va = 0xf0ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f00000"
filename = ""
Region:
id = 2041
start_va = 0xf10000
end_va = 0xf1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f10000"
filename = ""
Region:
id = 2042
start_va = 0xf20000
end_va = 0xf27fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f20000"
filename = ""
Region:
id = 2043
start_va = 0xf30000
end_va = 0xf3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f30000"
filename = ""
Region:
id = 2044
start_va = 0xf40000
end_va = 0xfbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f40000"
filename = ""
Region:
id = 2045
start_va = 0xfc0000
end_va = 0xfcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000fc0000"
filename = ""
Region:
id = 2046
start_va = 0xfd0000
end_va = 0xfdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000fd0000"
filename = ""
Region:
id = 2047
start_va = 0xfe0000
end_va = 0x105ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000fe0000"
filename = ""
Region:
id = 2048
start_va = 0x1060000
end_va = 0x10dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001060000"
filename = ""
Region:
id = 2049
start_va = 0x10e0000
end_va = 0x115ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010e0000"
filename = ""
Region:
id = 2050
start_va = 0x1160000
end_va = 0x117ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001160000"
filename = ""
Region:
id = 2051
start_va = 0x11e0000
end_va = 0x11e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000011e0000"
filename = ""
Region:
id = 2052
start_va = 0x11f0000
end_va = 0x11f1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000011f0000"
filename = ""
Region:
id = 2053
start_va = 0x1200000
end_va = 0x1200fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001200000"
filename = ""
Region:
id = 2054
start_va = 0x1290000
end_va = 0x129ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001290000"
filename = ""
Region:
id = 2055
start_va = 0x12a0000
end_va = 0x131ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000012a0000"
filename = ""
Region:
id = 2056
start_va = 0x1320000
end_va = 0x1327fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001320000"
filename = ""
Region:
id = 2057
start_va = 0x1330000
end_va = 0x133ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001330000"
filename = ""
Region:
id = 2058
start_va = 0x1340000
end_va = 0x13bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001340000"
filename = ""
Region:
id = 2059
start_va = 0x13c0000
end_va = 0x13cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000013c0000"
filename = ""
Region:
id = 2060
start_va = 0x13d0000
end_va = 0x13d7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000013d0000"
filename = ""
Region:
id = 2061
start_va = 0x13e0000
end_va = 0x13effff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 2062
start_va = 0x13f0000
end_va = 0x13fffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 2063
start_va = 0x1400000
end_va = 0x140ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001400000"
filename = ""
Region:
id = 2064
start_va = 0x1410000
end_va = 0x148ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 2065
start_va = 0x1490000
end_va = 0x149ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001490000"
filename = ""
Region:
id = 2066
start_va = 0x14a0000
end_va = 0x14affff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000014a0000"
filename = ""
Region:
id = 2067
start_va = 0x14b0000
end_va = 0x14bffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000014b0000"
filename = ""
Region:
id = 2068
start_va = 0x14c0000
end_va = 0x14cffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000014c0000"
filename = ""
Region:
id = 2069
start_va = 0x14d0000
end_va = 0x14dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000014d0000"
filename = ""
Region:
id = 2070
start_va = 0x14e0000
end_va = 0x14effff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000014e0000"
filename = ""
Region:
id = 2071
start_va = 0x1570000
end_va = 0x157ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 2072
start_va = 0x1580000
end_va = 0x15fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001580000"
filename = ""
Region:
id = 2073
start_va = 0x1600000
end_va = 0x167ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001600000"
filename = ""
Region:
id = 2074
start_va = 0x1680000
end_va = 0x168ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001680000"
filename = ""
Region:
id = 2075
start_va = 0x1690000
end_va = 0x1697fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001690000"
filename = ""
Region:
id = 2076
start_va = 0x16a0000
end_va = 0x16affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000016a0000"
filename = ""
Region:
id = 2077
start_va = 0x16f0000
end_va = 0x176ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000016f0000"
filename = ""
Region:
id = 2078
start_va = 0x1780000
end_va = 0x17fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001780000"
filename = ""
Region:
id = 2079
start_va = 0x1800000
end_va = 0x187ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001800000"
filename = ""
Region:
id = 2080
start_va = 0x18b0000
end_va = 0x192ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000018b0000"
filename = ""
Region:
id = 2081
start_va = 0x1930000
end_va = 0x19affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001930000"
filename = ""
Region:
id = 2082
start_va = 0x19c0000
end_va = 0x1a3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000019c0000"
filename = ""
Region:
id = 2083
start_va = 0x1ab0000
end_va = 0x1b2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ab0000"
filename = ""
Region:
id = 2084
start_va = 0x1b30000
end_va = 0x1baffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001b30000"
filename = ""
Region:
id = 2085
start_va = 0x1bb0000
end_va = 0x1caffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001bb0000"
filename = ""
Region:
id = 2086
start_va = 0x1cb0000
end_va = 0x1daffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001cb0000"
filename = ""
Region:
id = 2087
start_va = 0x1e20000
end_va = 0x1e9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e20000"
filename = ""
Region:
id = 2088
start_va = 0x1ea0000
end_va = 0x1f1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ea0000"
filename = ""
Region:
id = 2089
start_va = 0x1fd0000
end_va = 0x204ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001fd0000"
filename = ""
Region:
id = 2090
start_va = 0x2070000
end_va = 0x20effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002070000"
filename = ""
Region:
id = 2091
start_va = 0x2120000
end_va = 0x219ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002120000"
filename = ""
Region:
id = 2092
start_va = 0x21e0000
end_va = 0x225ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021e0000"
filename = ""
Region:
id = 2093
start_va = 0x2260000
end_va = 0x229ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002260000"
filename = ""
Region:
id = 2094
start_va = 0x22a0000
end_va = 0x22dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000022a0000"
filename = ""
Region:
id = 2095
start_va = 0x22e0000
end_va = 0x22effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022e0000"
filename = ""
Region:
id = 2096
start_va = 0x22f0000
end_va = 0x23effff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000022f0000"
filename = ""
Region:
id = 2097
start_va = 0x2460000
end_va = 0x24dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002460000"
filename = ""
Region:
id = 2098
start_va = 0x24e0000
end_va = 0x255ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000024e0000"
filename = ""
Region:
id = 2099
start_va = 0x2560000
end_va = 0x265ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002560000"
filename = ""
Region:
id = 2100
start_va = 0x2660000
end_va = 0x266ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002660000"
filename = ""
Region:
id = 2101
start_va = 0x2670000
end_va = 0x276ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002670000"
filename = ""
Region:
id = 2102
start_va = 0x2800000
end_va = 0x280ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 2103
start_va = 0x2840000
end_va = 0x28bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002840000"
filename = ""
Region:
id = 2104
start_va = 0x28c0000
end_va = 0x293ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000028c0000"
filename = ""
Region:
id = 2105
start_va = 0x29e0000
end_va = 0x2a5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000029e0000"
filename = ""
Region:
id = 2106
start_va = 0x2b10000
end_va = 0x2b8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b10000"
filename = ""
Region:
id = 2107
start_va = 0x2b90000
end_va = 0x2c0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b90000"
filename = ""
Region:
id = 2108
start_va = 0x2c50000
end_va = 0x2ccffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002c50000"
filename = ""
Region:
id = 2109
start_va = 0x2d40000
end_va = 0x2dbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002d40000"
filename = ""
Region:
id = 2110
start_va = 0x2dc0000
end_va = 0x2fbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002dc0000"
filename = ""
Region:
id = 2111
start_va = 0x2fc0000
end_va = 0x30bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002fc0000"
filename = ""
Region:
id = 2112
start_va = 0x30e0000
end_va = 0x315ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000030e0000"
filename = ""
Region:
id = 2113
start_va = 0x3180000
end_va = 0x31fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003180000"
filename = ""
Region:
id = 2114
start_va = 0x3400000
end_va = 0x347ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003400000"
filename = ""
Region:
id = 2115
start_va = 0x34b0000
end_va = 0x352ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000034b0000"
filename = ""
Region:
id = 2116
start_va = 0x35d0000
end_va = 0x364ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000035d0000"
filename = ""
Region:
id = 2117
start_va = 0x3650000
end_va = 0x374ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003650000"
filename = ""
Region:
id = 2118
start_va = 0x38e0000
end_va = 0x395ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000038e0000"
filename = ""
Region:
id = 2119
start_va = 0x39b0000
end_va = 0x3a2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000039b0000"
filename = ""
Region:
id = 2120
start_va = 0x3a90000
end_va = 0x3b0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a90000"
filename = ""
Region:
id = 2121
start_va = 0x3b90000
end_va = 0x3c0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003b90000"
filename = ""
Region:
id = 2122
start_va = 0x3c10000
end_va = 0x400ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c10000"
filename = ""
Region:
id = 2123
start_va = 0x4030000
end_va = 0x40affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004030000"
filename = ""
Region:
id = 2124
start_va = 0x4160000
end_va = 0x41dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004160000"
filename = ""
Region:
id = 2125
start_va = 0x4360000
end_va = 0x441ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 2126
start_va = 0x44b0000
end_va = 0x46affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000044b0000"
filename = ""
Region:
id = 2127
start_va = 0x4820000
end_va = 0x491ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004820000"
filename = ""
Region:
id = 2128
start_va = 0x49a0000
end_va = 0x4a9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049a0000"
filename = ""
Region:
id = 2129
start_va = 0x4aa0000
end_va = 0x4b9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004aa0000"
filename = ""
Region:
id = 2130
start_va = 0x4ba0000
end_va = 0x4c9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ba0000"
filename = ""
Region:
id = 2131
start_va = 0x4d40000
end_va = 0x4dbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d40000"
filename = ""
Region:
id = 2132
start_va = 0x4dc0000
end_va = 0x4ebffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004dc0000"
filename = ""
Region:
id = 2133
start_va = 0x4ec0000
end_va = 0x4fbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ec0000"
filename = ""
Region:
id = 2134
start_va = 0x4fc0000
end_va = 0x5fbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004fc0000"
filename = ""
Region:
id = 2135
start_va = 0x5ff0000
end_va = 0x606ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005ff0000"
filename = ""
Region:
id = 2136
start_va = 0x6140000
end_va = 0x61bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006140000"
filename = ""
Region:
id = 2137
start_va = 0x6370000
end_va = 0x63effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006370000"
filename = ""
Region:
id = 2138
start_va = 0x63f0000
end_va = 0x67effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000063f0000"
filename = ""
Region:
id = 2139
start_va = 0x76d50000
end_va = 0x76e49fff
monitored = 0
entry_point = 0x76d6a2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2140
start_va = 0x76e50000
end_va = 0x76f6efff
monitored = 0
entry_point = 0x76e65340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2141
start_va = 0x76f70000
end_va = 0x77118fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2142
start_va = 0x77140000
end_va = 0x77146fff
monitored = 0
entry_point = 0x7714106c
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")
Region:
id = 2143
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 2144
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 2145
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2146
start_va = 0xff870000
end_va = 0xff87afff
monitored = 0
entry_point = 0xff87246c
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 2147
start_va = 0x7fef01f0000
end_va = 0x7fef0442fff
monitored = 0
entry_point = 0x7fef01f236c
region_type = mapped_file
name = "wuaueng.dll"
filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll")
Region:
id = 2148
start_va = 0x7fef1670000
end_va = 0x7fef1843fff
monitored = 0
entry_point = 0x7fef16a6b00
region_type = mapped_file
name = "msxml3.dll"
filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll")
Region:
id = 2149
start_va = 0x7fef1af0000
end_va = 0x7fef1bc1fff
monitored = 0
entry_point = 0x7fef1b81a10
region_type = mapped_file
name = "qmgr.dll"
filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll")
Region:
id = 2150
start_va = 0x7fef1bd0000
end_va = 0x7fef1bd9fff
monitored = 0
entry_point = 0x7fef1bd3994
region_type = mapped_file
name = "bitsperf.dll"
filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll")
Region:
id = 2151
start_va = 0x7fef1d90000
end_va = 0x7fef1d9efff
monitored = 0
entry_point = 0x7fef1d99a48
region_type = mapped_file
name = "mspatcha.dll"
filename = "\\Windows\\System32\\mspatcha.dll" (normalized: "c:\\windows\\system32\\mspatcha.dll")
Region:
id = 2152
start_va = 0x7fef2000000
end_va = 0x7fef2019fff
monitored = 0
entry_point = 0x7fef2011ae4
region_type = mapped_file
name = "rascfg.dll"
filename = "\\Windows\\System32\\rascfg.dll" (normalized: "c:\\windows\\system32\\rascfg.dll")
Region:
id = 2153
start_va = 0x7fef3710000
end_va = 0x7fef371efff
monitored = 0
entry_point = 0x7fef3716894
region_type = mapped_file
name = "ndiscapcfg.dll"
filename = "\\Windows\\System32\\ndiscapCfg.dll" (normalized: "c:\\windows\\system32\\ndiscapcfg.dll")
Region:
id = 2154
start_va = 0x7fef3810000
end_va = 0x7fef382bfff
monitored = 0
entry_point = 0x7fef38111a0
region_type = mapped_file
name = "rasman.dll"
filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll")
Region:
id = 2155
start_va = 0x7fef3830000
end_va = 0x7fef3891fff
monitored = 0
entry_point = 0x7fef3831198
region_type = mapped_file
name = "rasapi32.dll"
filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll")
Region:
id = 2156
start_va = 0x7fef38a0000
end_va = 0x7fef38d9fff
monitored = 0
entry_point = 0x7fef38a1010
region_type = mapped_file
name = "mprapi.dll"
filename = "\\Windows\\System32\\mprapi.dll" (normalized: "c:\\windows\\system32\\mprapi.dll")
Region:
id = 2157
start_va = 0x7fef3ff0000
end_va = 0x7fef4269fff
monitored = 0
entry_point = 0x7fef4022200
region_type = mapped_file
name = "esent.dll"
filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll")
Region:
id = 2158
start_va = 0x7fef49c0000
end_va = 0x7fef4aadfff
monitored = 0
entry_point = 0x7fef49c12a0
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 2159
start_va = 0x7fef4b60000
end_va = 0x7fef4b7cfff
monitored = 0
entry_point = 0x7fef4b62f18
region_type = mapped_file
name = "mmcss.dll"
filename = "\\Windows\\System32\\mmcss.dll" (normalized: "c:\\windows\\system32\\mmcss.dll")
Region:
id = 2160
start_va = 0x7fef4dd0000
end_va = 0x7fef4e11fff
monitored = 0
entry_point = 0x7fef4e00048
region_type = mapped_file
name = "tcpipcfg.dll"
filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll")
Region:
id = 2161
start_va = 0x7fef6250000
end_va = 0x7fef625bfff
monitored = 0
entry_point = 0x7fef625602c
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 2162
start_va = 0x7fef63a0000
end_va = 0x7fef63b6fff
monitored = 0
entry_point = 0x7fef63a9d50
region_type = mapped_file
name = "ncprov.dll"
filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll")
Region:
id = 2163
start_va = 0x7fef63c0000
end_va = 0x7fef643bfff
monitored = 0
entry_point = 0x7fef63c11d4
region_type = mapped_file
name = "wer.dll"
filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll")
Region:
id = 2164
start_va = 0x7fef6670000
end_va = 0x7fef6677fff
monitored = 0
entry_point = 0x7fef6671414
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")
Region:
id = 2165
start_va = 0x7fef6680000
end_va = 0x7fef66f0fff
monitored = 0
entry_point = 0x7fef66c51d0
region_type = mapped_file
name = "wbemess.dll"
filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll")
Region:
id = 2166
start_va = 0x7fef6700000
end_va = 0x7fef6711fff
monitored = 0
entry_point = 0x7fef67089d0
region_type = mapped_file
name = "ncobjapi.dll"
filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")
Region:
id = 2167
start_va = 0x7fef6720000
end_va = 0x7fef67d4fff
monitored = 0
entry_point = 0x7fef679cf80
region_type = mapped_file
name = "wmiprvsd.dll"
filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll")
Region:
id = 2168
start_va = 0x7fef67e0000
end_va = 0x7fef67f8fff
monitored = 0
entry_point = 0x7fef67e1104
region_type = mapped_file
name = "resutils.dll"
filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll")
Region:
id = 2169
start_va = 0x7fef6800000
end_va = 0x7fef684ffff
monitored = 0
entry_point = 0x7fef6801190
region_type = mapped_file
name = "clusapi.dll"
filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll")
Region:
id = 2170
start_va = 0x7fef6850000
end_va = 0x7fef6857fff
monitored = 0
entry_point = 0x7fef6851020
region_type = mapped_file
name = "sscore.dll"
filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll")
Region:
id = 2171
start_va = 0x7fef6860000
end_va = 0x7fef68b9fff
monitored = 0
entry_point = 0x7fef689dde0
region_type = mapped_file
name = "repdrvfs.dll"
filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll")
Region:
id = 2172
start_va = 0x7fef68c0000
end_va = 0x7fef68e0fff
monitored = 0
entry_point = 0x7fef68d03b0
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 2173
start_va = 0x7fef68f0000
end_va = 0x7fef695afff
monitored = 0
entry_point = 0x7fef6934344
region_type = mapped_file
name = "hnetcfg.dll"
filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll")
Region:
id = 2174
start_va = 0x7fef6960000
end_va = 0x7fef6972fff
monitored = 0
entry_point = 0x7fef6961d80
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 2175
start_va = 0x7fef6980000
end_va = 0x7fef69e1fff
monitored = 0
entry_point = 0x7fef69bbd80
region_type = mapped_file
name = "esscli.dll"
filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll")
Region:
id = 2176
start_va = 0x7fef69f0000
end_va = 0x7fef6b1bfff
monitored = 0
entry_point = 0x7fef6aa0ef0
region_type = mapped_file
name = "wbemcore.dll"
filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll")
Region:
id = 2177
start_va = 0x7fef6b20000
end_va = 0x7fef6b39fff
monitored = 0
entry_point = 0x7fef6b33fbc
region_type = mapped_file
name = "nci.dll"
filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll")
Region:
id = 2178
start_va = 0x7fef6b40000
end_va = 0x7fef6bc3fff
monitored = 0
entry_point = 0x7fef6b91118
region_type = mapped_file
name = "netcfgx.dll"
filename = "\\Windows\\System32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll")
Region:
id = 2179
start_va = 0x7fef6bd0000
end_va = 0x7fef6bf4fff
monitored = 0
entry_point = 0x7fef6be8c54
region_type = mapped_file
name = "browser.dll"
filename = "\\Windows\\System32\\browser.dll" (normalized: "c:\\windows\\system32\\browser.dll")
Region:
id = 2180
start_va = 0x7fef6c00000
end_va = 0x7fef6c3cfff
monitored = 0
entry_point = 0x7fef6c01070
region_type = mapped_file
name = "srvsvc.dll"
filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll")
Region:
id = 2181
start_va = 0x7fef6c40000
end_va = 0x7fef6c4dfff
monitored = 0
entry_point = 0x7fef6c45500
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 2182
start_va = 0x7fef6c50000
end_va = 0x7fef6c76fff
monitored = 0
entry_point = 0x7fef6c511a0
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")
Region:
id = 2183
start_va = 0x7fef6c80000
end_va = 0x7fef6d52fff
monitored = 0
entry_point = 0x7fef6cf8b00
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 2184
start_va = 0x7fef6da0000
end_va = 0x7fef6de6fff
monitored = 0
entry_point = 0x7fef6da1040
region_type = mapped_file
name = "wdscore.dll"
filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll")
Region:
id = 2185
start_va = 0x7fef6df0000
end_va = 0x7fef6e31fff
monitored = 0
entry_point = 0x7fef6df17e4
region_type = mapped_file
name = "sqmapi.dll"
filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll")
Region:
id = 2186
start_va = 0x7fef6e40000
end_va = 0x7fef6ed1fff
monitored = 0
entry_point = 0x7fef6eb51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 2187
start_va = 0x7fef6ee0000
end_va = 0x7fef6f56fff
monitored = 0
entry_point = 0x7fef6f1e7f0
region_type = mapped_file
name = "wbemcomn2.dll"
filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll")
Region:
id = 2188
start_va = 0x7fef6f60000
end_va = 0x7fef6f99fff
monitored = 0
entry_point = 0x7fef6f7d020
region_type = mapped_file
name = "wmisvc.dll"
filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll")
Region:
id = 2189
start_va = 0x7fef7010000
end_va = 0x7fef7054fff
monitored = 0
entry_point = 0x7fef7043644
region_type = mapped_file
name = "upnp.dll"
filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll")
Region:
id = 2190
start_va = 0x7fef7270000
end_va = 0x7fef7280fff
monitored = 0
entry_point = 0x7fef7279e7c
region_type = mapped_file
name = "ssdpapi.dll"
filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll")
Region:
id = 2191
start_va = 0x7fef7290000
end_va = 0x7fef72f3fff
monitored = 0
entry_point = 0x7fef7291254
region_type = mapped_file
name = "webio.dll"
filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll")
Region:
id = 2192
start_va = 0x7fef7300000
end_va = 0x7fef7370fff
monitored = 0
entry_point = 0x7fef7301010
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")
Region:
id = 2193
start_va = 0x7fef7410000
end_va = 0x7fef7426fff
monitored = 0
entry_point = 0x7fef7411060
region_type = mapped_file
name = "vsstrace.dll"
filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll")
Region:
id = 2194
start_va = 0x7fef7430000
end_va = 0x7fef75dffff
monitored = 0
entry_point = 0x7fef7431010
region_type = mapped_file
name = "vssapi.dll"
filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll")
Region:
id = 2195
start_va = 0x7fef85f0000
end_va = 0x7fef8663fff
monitored = 0
entry_point = 0x7fef85f66f0
region_type = mapped_file
name = "netprofm.dll"
filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")
Region:
id = 2196
start_va = 0x7fef9b00000
end_va = 0x7fef9b1afff
monitored = 0
entry_point = 0x7fef9b01198
region_type = mapped_file
name = "cabinet.dll"
filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll")
Region:
id = 2197
start_va = 0x7fef9e90000
end_va = 0x7fef9e98fff
monitored = 0
entry_point = 0x7fef9e911a0
region_type = mapped_file
name = "tschannel.dll"
filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll")
Region:
id = 2198
start_va = 0x7fefa0a0000
end_va = 0x7fefa116fff
monitored = 0
entry_point = 0x7fefa0aafd0
region_type = mapped_file
name = "taskcomp.dll"
filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll")
Region:
id = 2199
start_va = 0x7fefa120000
end_va = 0x7fefa129fff
monitored = 0
entry_point = 0x7fefa12260c
region_type = mapped_file
name = "ktmw32.dll"
filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll")
Region:
id = 2200
start_va = 0x7fefa130000
end_va = 0x7fefa241fff
monitored = 0
entry_point = 0x7fefa14f354
region_type = mapped_file
name = "schedsvc.dll"
filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll")
Region:
id = 2201
start_va = 0x7fefa250000
end_va = 0x7fefa25efff
monitored = 0
entry_point = 0x7fefa257e80
region_type = mapped_file
name = "wiarpc.dll"
filename = "\\Windows\\System32\\wiarpc.dll" (normalized: "c:\\windows\\system32\\wiarpc.dll")
Region:
id = 2202
start_va = 0x7fefa260000
end_va = 0x7fefa268fff
monitored = 0
entry_point = 0x7fefa263668
region_type = mapped_file
name = "fvecerts.dll"
filename = "\\Windows\\System32\\fvecerts.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll")
Region:
id = 2203
start_va = 0x7fefa270000
end_va = 0x7fefa278fff
monitored = 0
entry_point = 0x7fefa271020
region_type = mapped_file
name = "tbs.dll"
filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll")
Region:
id = 2204
start_va = 0x7fefa280000
end_va = 0x7fefa2d5fff
monitored = 0
entry_point = 0x7fefa281040
region_type = mapped_file
name = "fveapi.dll"
filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll")
Region:
id = 2205
start_va = 0x7fefa2e0000
end_va = 0x7fefa33dfff
monitored = 0
entry_point = 0x7fefa2e9024
region_type = mapped_file
name = "shsvcs.dll"
filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll")
Region:
id = 2206
start_va = 0x7fefa340000
end_va = 0x7fefa357fff
monitored = 0
entry_point = 0x7fefa341bf8
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 2207
start_va = 0x7fefa360000
end_va = 0x7fefa370fff
monitored = 0
entry_point = 0x7fefa3616ac
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 2208
start_va = 0x7fefa390000
end_va = 0x7fefa3e2fff
monitored = 0
entry_point = 0x7fefa392b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2209
start_va = 0x7fefa3f0000
end_va = 0x7fefa401fff
monitored = 0
entry_point = 0x7fefa3f90bc
region_type = mapped_file
name = "bitsigd.dll"
filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll")
Region:
id = 2210
start_va = 0x7fefa980000
end_va = 0x7fefa993fff
monitored = 0
entry_point = 0x7fefa983e64
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 2211
start_va = 0x7fefa9a0000
end_va = 0x7fefa9aafff
monitored = 0
entry_point = 0x7fefa9a1198
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 2212
start_va = 0x7fefa9b0000
end_va = 0x7fefa9d6fff
monitored = 0
entry_point = 0x7fefa9b98bc
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 2213
start_va = 0x7fefa9e0000
end_va = 0x7fefaa46fff
monitored = 0
entry_point = 0x7fefa9f6060
region_type = mapped_file
name = "es.dll"
filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")
Region:
id = 2214
start_va = 0x7fefaa60000
end_va = 0x7fefaa6afff
monitored = 0
entry_point = 0x7fefaa64f8c
region_type = mapped_file
name = "slc.dll"
filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")
Region:
id = 2215
start_va = 0x7fefaa70000
end_va = 0x7fefaa7bfff
monitored = 0
entry_point = 0x7fefaa715d8
region_type = mapped_file
name = "dsrole.dll"
filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")
Region:
id = 2216
start_va = 0x7fefaa80000
end_va = 0x7fefaa8ffff
monitored = 0
entry_point = 0x7fefaa8835c
region_type = mapped_file
name = "themeservice.dll"
filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll")
Region:
id = 2217
start_va = 0x7fefaa90000
end_va = 0x7fefaaa8fff
monitored = 0
entry_point = 0x7fefaa911a8
region_type = mapped_file
name = "atl.dll"
filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll")
Region:
id = 2218
start_va = 0x7fefaab0000
end_va = 0x7fefaae6fff
monitored = 0
entry_point = 0x7fefaab8424
region_type = mapped_file
name = "profsvc.dll"
filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll")
Region:
id = 2219
start_va = 0x7fefab30000
end_va = 0x7fefab44fff
monitored = 0
entry_point = 0x7fefab360d8
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 2220
start_va = 0x7fefab50000
end_va = 0x7fefac11fff
monitored = 0
entry_point = 0x7fefab5101c
region_type = mapped_file
name = "gpsvc.dll"
filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll")
Region:
id = 2221
start_va = 0x7fefae30000
end_va = 0x7fefae44fff
monitored = 0
entry_point = 0x7fefae31020
region_type = mapped_file
name = "appinfo.dll"
filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll")
Region:
id = 2222
start_va = 0x7fefae50000
end_va = 0x7fefae58fff
monitored = 0
entry_point = 0x7fefae51010
region_type = mapped_file
name = "avrt.dll"
filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll")
Region:
id = 2223
start_va = 0x7fefaf40000
end_va = 0x7fefaf6cfff
monitored = 0
entry_point = 0x7fefaf41010
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 2224
start_va = 0x7fefaf70000
end_va = 0x7fefaf80fff
monitored = 0
entry_point = 0x7fefaf714c0
region_type = mapped_file
name = "rtutils.dll"
filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")
Region:
id = 2225
start_va = 0x7fefafd0000
end_va = 0x7fefb040fff
monitored = 0
entry_point = 0x7fefb00ecc4
region_type = mapped_file
name = "winspool.drv"
filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv")
Region:
id = 2226
start_va = 0x7fefb0c0000
end_va = 0x7fefb0d3fff
monitored = 0
entry_point = 0x7fefb0c16b4
region_type = mapped_file
name = "samcli.dll"
filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")
Region:
id = 2227
start_va = 0x7fefb0e0000
end_va = 0x7fefb0f4fff
monitored = 0
entry_point = 0x7fefb0e1050
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 2228
start_va = 0x7fefb100000
end_va = 0x7fefb10bfff
monitored = 0
entry_point = 0x7fefb1018a4
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 2229
start_va = 0x7fefb110000
end_va = 0x7fefb125fff
monitored = 0
entry_point = 0x7fefb1111a0
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 2230
start_va = 0x7fefb240000
end_va = 0x7fefb250fff
monitored = 0
entry_point = 0x7fefb241070
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 2231
start_va = 0x7fefb3a0000
end_va = 0x7fefb3d4fff
monitored = 0
entry_point = 0x7fefb3a1064
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 2232
start_va = 0x7fefb810000
end_va = 0x7fefb865fff
monitored = 0
entry_point = 0x7fefb81bbc0
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 2233
start_va = 0x7fefb870000
end_va = 0x7fefb99bfff
monitored = 0
entry_point = 0x7fefb8794bc
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 2234
start_va = 0x7fefb9a0000
end_va = 0x7fefb9bcfff
monitored = 0
entry_point = 0x7fefb9a1ef4
region_type = mapped_file
name = "samlib.dll"
filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll")
Region:
id = 2235
start_va = 0x7fefb9f0000
end_va = 0x7fefbbe3fff
monitored = 0
entry_point = 0x7fefbb7c924
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll")
Region:
id = 2236
start_va = 0x7fefc080000
end_va = 0x7fefc08bfff
monitored = 0
entry_point = 0x7fefc081064
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 2237
start_va = 0x7fefc090000
end_va = 0x7fefc14afff
monitored = 0
entry_point = 0x7fefc096de0
region_type = mapped_file
name = "firewallapi.dll"
filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")
Region:
id = 2238
start_va = 0x7fefc150000
end_va = 0x7fefc156fff
monitored = 0
entry_point = 0x7fefc1514b0
region_type = mapped_file
name = "wshtcpip.dll"
filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll")
Region:
id = 2239
start_va = 0x7fefc240000
end_va = 0x7fefc25afff
monitored = 0
entry_point = 0x7fefc242068
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 2240
start_va = 0x7fefc260000
end_va = 0x7fefc27dfff
monitored = 0
entry_point = 0x7fefc2613b8
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 2241
start_va = 0x7fefc280000
end_va = 0x7fefc291fff
monitored = 0
entry_point = 0x7fefc281060
region_type = mapped_file
name = "devrtl.dll"
filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll")
Region:
id = 2242
start_va = 0x7fefc2a0000
end_va = 0x7fefc2befff
monitored = 0
entry_point = 0x7fefc2a5c68
region_type = mapped_file
name = "spinf.dll"
filename = "\\Windows\\System32\\SPInf.dll" (normalized: "c:\\windows\\system32\\spinf.dll")
Region:
id = 2243
start_va = 0x7fefc370000
end_va = 0x7fefc3a8fff
monitored = 0
entry_point = 0x7fefc37c0f0
region_type = mapped_file
name = "ubpm.dll"
filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll")
Region:
id = 2244
start_va = 0x7fefc3b0000
end_va = 0x7fefc3b9fff
monitored = 0
entry_point = 0x7fefc3b3cb8
region_type = mapped_file
name = "credssp.dll"
filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")
Region:
id = 2245
start_va = 0x7fefc3c0000
end_va = 0x7fefc3ccfff
monitored = 0
entry_point = 0x7fefc3c1348
region_type = mapped_file
name = "pcwum.dll"
filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll")
Region:
id = 2246
start_va = 0x7fefc4b0000
end_va = 0x7fefc4f6fff
monitored = 0
entry_point = 0x7fefc4b1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2247
start_va = 0x7fefc5a0000
end_va = 0x7fefc5cffff
monitored = 0
entry_point = 0x7fefc5a194c
region_type = mapped_file
name = "logoncli.dll"
filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")
Region:
id = 2248
start_va = 0x7fefc5d0000
end_va = 0x7fefc62afff
monitored = 0
entry_point = 0x7fefc5d6940
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 2249
start_va = 0x7fefc740000
end_va = 0x7fefc746fff
monitored = 0
entry_point = 0x7fefc74142c
region_type = mapped_file
name = "wship6.dll"
filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")
Region:
id = 2250
start_va = 0x7fefc750000
end_va = 0x7fefc7a4fff
monitored = 0
entry_point = 0x7fefc751054
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 2251
start_va = 0x7fefc7b0000
end_va = 0x7fefc7c7fff
monitored = 0
entry_point = 0x7fefc7b3b48
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 2252
start_va = 0x7fefc8c0000
end_va = 0x7fefc8f1fff
monitored = 0
entry_point = 0x7fefc8c144c
region_type = mapped_file
name = "netjoin.dll"
filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")
Region:
id = 2253
start_va = 0x7fefc900000
end_va = 0x7fefc907fff
monitored = 0
entry_point = 0x7fefc902a6c
region_type = mapped_file
name = "wmsgapi.dll"
filename = "\\Windows\\System32\\wmsgapi.dll" (normalized: "c:\\windows\\system32\\wmsgapi.dll")
Region:
id = 2254
start_va = 0x7fefc910000
end_va = 0x7fefc919fff
monitored = 0
entry_point = 0x7fefc913b40
region_type = mapped_file
name = "sysntfy.dll"
filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll")
Region:
id = 2255
start_va = 0x7fefc920000
end_va = 0x7fefc941fff
monitored = 0
entry_point = 0x7fefc925d30
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 2256
start_va = 0x7fefc9a0000
end_va = 0x7fefc9cefff
monitored = 0
entry_point = 0x7fefc9a1064
region_type = mapped_file
name = "authz.dll"
filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll")
Region:
id = 2257
start_va = 0x7fefc9e0000
end_va = 0x7fefca4cfff
monitored = 0
entry_point = 0x7fefc9e1010
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 2258
start_va = 0x7fefca50000
end_va = 0x7fefca63fff
monitored = 0
entry_point = 0x7fefca54160
region_type = mapped_file
name = "cryptdll.dll"
filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll")
Region:
id = 2259
start_va = 0x7fefccb0000
end_va = 0x7fefccd2fff
monitored = 0
entry_point = 0x7fefccb1198
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 2260
start_va = 0x7fefcd50000
end_va = 0x7fefcd5afff
monitored = 0
entry_point = 0x7fefcd51030
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 2261
start_va = 0x7fefcd80000
end_va = 0x7fefcda4fff
monitored = 0
entry_point = 0x7fefcd89658
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 2262
start_va = 0x7fefcdb0000
end_va = 0x7fefcdbefff
monitored = 0
entry_point = 0x7fefcdb1010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 2263
start_va = 0x7fefcdc0000
end_va = 0x7fefce50fff
monitored = 0
entry_point = 0x7fefcdc1440
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")
Region:
id = 2264
start_va = 0x7fefce60000
end_va = 0x7fefce9cfff
monitored = 0
entry_point = 0x7fefce618f4
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 2265
start_va = 0x7fefcea0000
end_va = 0x7fefceb3fff
monitored = 0
entry_point = 0x7fefcea10e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 2266
start_va = 0x7fefcec0000
end_va = 0x7fefcecefff
monitored = 0
entry_point = 0x7fefcec19b0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 2267
start_va = 0x7fefcf60000
end_va = 0x7fefcf6efff
monitored = 0
entry_point = 0x7fefcf61020
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 2268
start_va = 0x7fefcf70000
end_va = 0x7fefd0dcfff
monitored = 0
entry_point = 0x7fefcf710b4
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 2269
start_va = 0x7fefd180000
end_va = 0x7fefd1b5fff
monitored = 0
entry_point = 0x7fefd181474
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 2270
start_va = 0x7fefd1c0000
end_va = 0x7fefd22bfff
monitored = 0
entry_point = 0x7fefd1c2780
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2271
start_va = 0x7fefd230000
end_va = 0x7fefd26afff
monitored = 0
entry_point = 0x7fefd231324
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 2272
start_va = 0x7fefd270000
end_va = 0x7fefd289fff
monitored = 0
entry_point = 0x7fefd271558
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 2273
start_va = 0x7fefd310000
end_va = 0x7fefe097fff
monitored = 0
entry_point = 0x7fefd38cebc
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 2274
start_va = 0x7fefe1d0000
end_va = 0x7fefe2aafff
monitored = 0
entry_point = 0x7fefe1f0760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2275
start_va = 0x7fefe2d0000
end_va = 0x7fefe2d7fff
monitored = 0
entry_point = 0x7fefe2d1504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 2276
start_va = 0x7fefe2e0000
end_va = 0x7fefe331fff
monitored = 0
entry_point = 0x7fefe2e10d4
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 2277
start_va = 0x7fefe4c0000
end_va = 0x7fefe5ecfff
monitored = 0
entry_point = 0x7fefe50ed50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2278
start_va = 0x7fefe5f0000
end_va = 0x7fefe6c6fff
monitored = 0
entry_point = 0x7fefe5f3274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2279
start_va = 0x7fefe770000
end_va = 0x7fefe7d6fff
monitored = 0
entry_point = 0x7fefe77b03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2280
start_va = 0x7fefe7e0000
end_va = 0x7fefe8a8fff
monitored = 0
entry_point = 0x7fefe85a874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 2281
start_va = 0x7fefe8b0000
end_va = 0x7fefea86fff
monitored = 0
entry_point = 0x7fefe8b1010
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 2282
start_va = 0x7fefea90000
end_va = 0x7fefeabdfff
monitored = 0
entry_point = 0x7fefea91010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2283
start_va = 0x7fefeac0000
end_va = 0x7fefeb30fff
monitored = 0
entry_point = 0x7fefead1e20
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 2284
start_va = 0x7fefeb40000
end_va = 0x7fefeb5efff
monitored = 0
entry_point = 0x7fefeb460e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2285
start_va = 0x7fefeb60000
end_va = 0x7fefebacfff
monitored = 0
entry_point = 0x7fefeb61070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 2286
start_va = 0x7fefebb0000
end_va = 0x7fefebbdfff
monitored = 0
entry_point = 0x7fefebb1080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 2287
start_va = 0x7fefee20000
end_va = 0x7fefef28fff
monitored = 0
entry_point = 0x7fefee21064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 2288
start_va = 0x7fefef30000
end_va = 0x7feff132fff
monitored = 0
entry_point = 0x7fefef53330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2289
start_va = 0x7feff140000
end_va = 0x7feff1defff
monitored = 0
entry_point = 0x7feff1425a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2290
start_va = 0x7feff1e0000
end_va = 0x7feff278fff
monitored = 0
entry_point = 0x7feff1e1c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2291
start_va = 0x7feff290000
end_va = 0x7feff290fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 2292
start_va = 0x7fffff56000
end_va = 0x7fffff57fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff56000"
filename = ""
Region:
id = 2293
start_va = 0x7fffff58000
end_va = 0x7fffff59fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff58000"
filename = ""
Region:
id = 2294
start_va = 0x7fffff5a000
end_va = 0x7fffff5bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff5a000"
filename = ""
Region:
id = 2295
start_va = 0x7fffff5c000
end_va = 0x7fffff5dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff5c000"
filename = ""
Region:
id = 2296
start_va = 0x7fffff5e000
end_va = 0x7fffff5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff5e000"
filename = ""
Region:
id = 2297
start_va = 0x7fffff6a000
end_va = 0x7fffff6bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff6a000"
filename = ""
Region:
id = 2298
start_va = 0x7fffff6e000
end_va = 0x7fffff6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff6e000"
filename = ""
Region:
id = 2299
start_va = 0x7fffff70000
end_va = 0x7fffff71fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff70000"
filename = ""
Region:
id = 2300
start_va = 0x7fffff72000
end_va = 0x7fffff73fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff72000"
filename = ""
Region:
id = 2301
start_va = 0x7fffff7a000
end_va = 0x7fffff7bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff7a000"
filename = ""
Region:
id = 2302
start_va = 0x7fffff7c000
end_va = 0x7fffff7dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff7c000"
filename = ""
Region:
id = 2303
start_va = 0x7fffff7e000
end_va = 0x7fffff7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff7e000"
filename = ""
Region:
id = 2304
start_va = 0x7fffff80000
end_va = 0x7fffff81fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff80000"
filename = ""
Region:
id = 2305
start_va = 0x7fffff82000
end_va = 0x7fffff83fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff82000"
filename = ""
Region:
id = 2306
start_va = 0x7fffff84000
end_va = 0x7fffff85fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff84000"
filename = ""
Region:
id = 2307
start_va = 0x7fffff8a000
end_va = 0x7fffff8bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8a000"
filename = ""
Region:
id = 2308
start_va = 0x7fffff8c000
end_va = 0x7fffff8dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8c000"
filename = ""
Region:
id = 2309
start_va = 0x7fffff8e000
end_va = 0x7fffff8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8e000"
filename = ""
Region:
id = 2310
start_va = 0x7fffff92000
end_va = 0x7fffff93fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff92000"
filename = ""
Region:
id = 2311
start_va = 0x7fffff94000
end_va = 0x7fffff95fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff94000"
filename = ""
Region:
id = 2312
start_va = 0x7fffff96000
end_va = 0x7fffff97fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff96000"
filename = ""
Region:
id = 2313
start_va = 0x7fffff98000
end_va = 0x7fffff99fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff98000"
filename = ""
Region:
id = 2314
start_va = 0x7fffff9a000
end_va = 0x7fffff9bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9a000"
filename = ""
Region:
id = 2315
start_va = 0x7fffff9c000
end_va = 0x7fffff9dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9c000"
filename = ""
Region:
id = 2316
start_va = 0x7fffff9e000
end_va = 0x7fffff9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9e000"
filename = ""
Region:
id = 2317
start_va = 0x7fffffa0000
end_va = 0x7fffffa1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa0000"
filename = ""
Region:
id = 2318
start_va = 0x7fffffa6000
end_va = 0x7fffffa7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa6000"
filename = ""
Region:
id = 2319
start_va = 0x7fffffa8000
end_va = 0x7fffffa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa8000"
filename = ""
Region:
id = 2320
start_va = 0x7fffffaa000
end_va = 0x7fffffabfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffaa000"
filename = ""
Region:
id = 2321
start_va = 0x7fffffac000
end_va = 0x7fffffadfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffac000"
filename = ""
Region:
id = 2322
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 2323
start_va = 0x7fffffd6000
end_va = 0x7fffffd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd6000"
filename = ""
Region:
id = 2324
start_va = 0x7fffffd8000
end_va = 0x7fffffd9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd8000"
filename = ""
Region:
id = 2325
start_va = 0x7fffffda000
end_va = 0x7fffffdbfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffda000"
filename = ""
Region:
id = 2326
start_va = 0x7fffffdc000
end_va = 0x7fffffddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdc000"
filename = ""
Region:
id = 2327
start_va = 0x7fffffde000
end_va = 0x7fffffdefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Region:
id = 2687
start_va = 0x1f50000
end_va = 0x1fcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f50000"
filename = ""
Region:
id = 2688
start_va = 0x32e0000
end_va = 0x335ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000032e0000"
filename = ""
Region:
id = 2689
start_va = 0x3370000
end_va = 0x33effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003370000"
filename = ""
Region:
id = 2690
start_va = 0x3750000
end_va = 0x37cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003750000"
filename = ""
Region:
id = 2691
start_va = 0x37d0000
end_va = 0x384ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000037d0000"
filename = ""
Region:
id = 2692
start_va = 0x40e0000
end_va = 0x415ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000040e0000"
filename = ""
Region:
id = 2693
start_va = 0x7fffff88000
end_va = 0x7fffff89fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff88000"
filename = ""
Region:
id = 2694
start_va = 0x7fffff90000
end_va = 0x7fffff91fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff90000"
filename = ""
Region:
id = 2695
start_va = 0x7fffffa2000
end_va = 0x7fffffa3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa2000"
filename = ""
Region:
id = 2696
start_va = 0x7fffffa4000
end_va = 0x7fffffa5fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa4000"
filename = ""
Region:
id = 2697
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Region:
id = 2698
start_va = 0x7fffffd4000
end_va = 0x7fffffd5fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd4000"
filename = ""
Thread:
id = 31
os_tid = 0x8b0
Thread:
id = 32
os_tid = 0xa64
Thread:
id = 33
os_tid = 0xa50
Thread:
id = 34
os_tid = 0x890
Thread:
id = 35
os_tid = 0x88c
Thread:
id = 36
os_tid = 0xb4c
Thread:
id = 37
os_tid = 0x614
Thread:
id = 38
os_tid = 0xa90
Thread:
id = 39
os_tid = 0x12c
Thread:
id = 40
os_tid = 0x4b0
Thread:
id = 41
os_tid = 0x354
Thread:
id = 42
os_tid = 0x414
Thread:
id = 43
os_tid = 0x478
Thread:
id = 44
os_tid = 0x67c
Thread:
id = 45
os_tid = 0x224
Thread:
id = 46
os_tid = 0x528
Thread:
id = 47
os_tid = 0x6dc
Thread:
id = 48
os_tid = 0x6cc
Thread:
id = 49
os_tid = 0x674
Thread:
id = 50
os_tid = 0x644
Thread:
id = 51
os_tid = 0x634
Thread:
id = 52
os_tid = 0x608
Thread:
id = 53
os_tid = 0x5f4
Thread:
id = 54
os_tid = 0x454
Thread:
id = 55
os_tid = 0x450
Thread:
id = 56
os_tid = 0x35c
Thread:
id = 57
os_tid = 0x130
Thread:
id = 58
os_tid = 0x44c
Thread:
id = 59
os_tid = 0x448
Thread:
id = 60
os_tid = 0x43c
Thread:
id = 61
os_tid = 0x3ec
Thread:
id = 62
os_tid = 0x3e4
Thread:
id = 63
os_tid = 0x3d8
Thread:
id = 64
os_tid = 0x36c
Thread:
id = 65
os_tid = 0x364
Thread:
id = 86
os_tid = 0xb2c
Thread:
id = 87
os_tid = 0xad0
Thread:
id = 88
os_tid = 0xb30
Thread:
id = 89
os_tid = 0xa08
Thread:
id = 90
os_tid = 0x818
Thread:
id = 91
os_tid = 0x9cc
Process:
id = "7"
image_name = "wmiprvse.exe"
filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe"
page_root = "0x4e73b000"
os_pid = "0x9ec"
os_integrity_level = "0x4000"
os_privileges = "0x60800000"
monitor_reason = "rpc_server"
parent_id = "6"
os_parent_pid = "0x244"
cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\Network Service"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:00049ad9" [0xc000000f]
Region:
id = 2365
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2366
start_va = 0x20000
end_va = 0x20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 2367
start_va = 0x30000
end_va = 0x33fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2368
start_va = 0x40000
end_va = 0x40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 2369
start_va = 0x50000
end_va = 0x50fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 2370
start_va = 0x60000
end_va = 0x64fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "user32.dll.mui"
filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui")
Region:
id = 2371
start_va = 0x70000
end_va = 0x70fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000070000"
filename = ""
Region:
id = 2372
start_va = 0x80000
end_va = 0xfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000080000"
filename = ""
Region:
id = 2373
start_va = 0x100000
end_va = 0x166fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2374
start_va = 0x170000
end_va = 0x170fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000170000"
filename = ""
Region:
id = 2375
start_va = 0x180000
end_va = 0x180fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000180000"
filename = ""
Region:
id = 2376
start_va = 0x190000
end_va = 0x19cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "setupapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui")
Region:
id = 2377
start_va = 0x1c0000
end_va = 0x1c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cimwin32.dll.mui"
filename = "\\Windows\\System32\\wbem\\en-US\\cimwin32.dll.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\cimwin32.dll.mui")
Region:
id = 2378
start_va = 0x1d0000
end_va = 0x1dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 2379
start_va = 0x280000
end_va = 0x37ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000280000"
filename = ""
Region:
id = 2380
start_va = 0x380000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 2381
start_va = 0x480000
end_va = 0x607fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000480000"
filename = ""
Region:
id = 2382
start_va = 0x610000
end_va = 0x790fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000610000"
filename = ""
Region:
id = 2383
start_va = 0x7a0000
end_va = 0x85ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007a0000"
filename = ""
Region:
id = 2384
start_va = 0x860000
end_va = 0xb2efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2385
start_va = 0xb50000
end_va = 0xbcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b50000"
filename = ""
Region:
id = 2386
start_va = 0xbd0000
end_va = 0xc4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000bd0000"
filename = ""
Region:
id = 2387
start_va = 0xcb0000
end_va = 0xd2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000cb0000"
filename = ""
Region:
id = 2388
start_va = 0xd50000
end_va = 0xdcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d50000"
filename = ""
Region:
id = 2389
start_va = 0xe10000
end_va = 0xe8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e10000"
filename = ""
Region:
id = 2390
start_va = 0x1010000
end_va = 0x110ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001010000"
filename = ""
Region:
id = 2391
start_va = 0x1110000
end_va = 0x118ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001110000"
filename = ""
Region:
id = 2392
start_va = 0x11c0000
end_va = 0x123ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000011c0000"
filename = ""
Region:
id = 2393
start_va = 0x72450000
end_va = 0x72452fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "security.dll"
filename = "\\Windows\\System32\\security.dll" (normalized: "c:\\windows\\system32\\security.dll")
Region:
id = 2394
start_va = 0x72460000
end_va = 0x72462fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wmi.dll"
filename = "\\Windows\\System32\\wmi.dll" (normalized: "c:\\windows\\system32\\wmi.dll")
Region:
id = 2395
start_va = 0x76d50000
end_va = 0x76e49fff
monitored = 0
entry_point = 0x76d6a2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2396
start_va = 0x76e50000
end_va = 0x76f6efff
monitored = 0
entry_point = 0x76e65340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2397
start_va = 0x76f70000
end_va = 0x77118fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2398
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 2399
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 2400
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2401
start_va = 0x13f530000
end_va = 0x13f59bfff
monitored = 0
entry_point = 0x13f56b450
region_type = mapped_file
name = "wmiprvse.exe"
filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe")
Region:
id = 2402
start_va = 0x7fef0680000
end_va = 0x7fef0879fff
monitored = 1
entry_point = 0x7fef0694c9c
region_type = mapped_file
name = "cimwin32.dll"
filename = "\\Windows\\System32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll")
Region:
id = 2403
start_va = 0x7fef1dd0000
end_va = 0x7fef1dd9fff
monitored = 0
entry_point = 0x7fef1dd31c8
region_type = mapped_file
name = "schedcli.dll"
filename = "\\Windows\\System32\\schedcli.dll" (normalized: "c:\\windows\\system32\\schedcli.dll")
Region:
id = 2404
start_va = 0x7fef4be0000
end_va = 0x7fef4c22fff
monitored = 0
entry_point = 0x7fef4c01b50
region_type = mapped_file
name = "framedynos.dll"
filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll")
Region:
id = 2405
start_va = 0x7fef4c30000
end_va = 0x7fef4c5bfff
monitored = 0
entry_point = 0x7fef4c48194
region_type = mapped_file
name = "wmipcima.dll"
filename = "\\Windows\\System32\\wbem\\wmipcima.dll" (normalized: "c:\\windows\\system32\\wbem\\wmipcima.dll")
Region:
id = 2406
start_va = 0x7fef6700000
end_va = 0x7fef6711fff
monitored = 0
entry_point = 0x7fef67089d0
region_type = mapped_file
name = "ncobjapi.dll"
filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")
Region:
id = 2407
start_va = 0x7fef68c0000
end_va = 0x7fef68e0fff
monitored = 0
entry_point = 0x7fef68d03b0
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 2408
start_va = 0x7fef6960000
end_va = 0x7fef6972fff
monitored = 0
entry_point = 0x7fef6961d80
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 2409
start_va = 0x7fef6c40000
end_va = 0x7fef6c4dfff
monitored = 0
entry_point = 0x7fef6c45500
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 2410
start_va = 0x7fef6c50000
end_va = 0x7fef6c76fff
monitored = 0
entry_point = 0x7fef6c511a0
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")
Region:
id = 2411
start_va = 0x7fef6c80000
end_va = 0x7fef6d52fff
monitored = 0
entry_point = 0x7fef6cf8b00
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 2412
start_va = 0x7fef6ee0000
end_va = 0x7fef6f56fff
monitored = 1
entry_point = 0x7fef6f1e7f0
region_type = mapped_file
name = "wbemcomn2.dll"
filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll")
Region:
id = 2413
start_va = 0x7fef6fd0000
end_va = 0x7fef6fe1fff
monitored = 0
entry_point = 0x7fef6fdaab8
region_type = mapped_file
name = "browcli.dll"
filename = "\\Windows\\System32\\browcli.dll" (normalized: "c:\\windows\\system32\\browcli.dll")
Region:
id = 2414
start_va = 0x7fefa820000
end_va = 0x7fefa82efff
monitored = 0
entry_point = 0x7fefa821040
region_type = mapped_file
name = "cscapi.dll"
filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")
Region:
id = 2415
start_va = 0x7fefaa70000
end_va = 0x7fefaa7bfff
monitored = 0
entry_point = 0x7fefaa715d8
region_type = mapped_file
name = "dsrole.dll"
filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")
Region:
id = 2416
start_va = 0x7fefae60000
end_va = 0x7fefae8bfff
monitored = 0
entry_point = 0x7fefae615c4
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 2417
start_va = 0x7fefaf40000
end_va = 0x7fefaf6cfff
monitored = 0
entry_point = 0x7fefaf41010
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 2418
start_va = 0x7fefafa0000
end_va = 0x7fefafa7fff
monitored = 0
entry_point = 0x7fefafa11a0
region_type = mapped_file
name = "winbrand.dll"
filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll")
Region:
id = 2419
start_va = 0x7fefb0c0000
end_va = 0x7fefb0d3fff
monitored = 0
entry_point = 0x7fefb0c16b4
region_type = mapped_file
name = "samcli.dll"
filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")
Region:
id = 2420
start_va = 0x7fefb0e0000
end_va = 0x7fefb0f4fff
monitored = 0
entry_point = 0x7fefb0e1050
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 2421
start_va = 0x7fefb100000
end_va = 0x7fefb10bfff
monitored = 0
entry_point = 0x7fefb1018a4
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 2422
start_va = 0x7fefb110000
end_va = 0x7fefb125fff
monitored = 0
entry_point = 0x7fefb1111a0
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 2423
start_va = 0x7fefb240000
end_va = 0x7fefb250fff
monitored = 0
entry_point = 0x7fefb241070
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 2424
start_va = 0x7fefc3b0000
end_va = 0x7fefc3b9fff
monitored = 0
entry_point = 0x7fefc3b3cb8
region_type = mapped_file
name = "credssp.dll"
filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")
Region:
id = 2425
start_va = 0x7fefc4b0000
end_va = 0x7fefc4f6fff
monitored = 0
entry_point = 0x7fefc4b1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2426
start_va = 0x7fefc540000
end_va = 0x7fefc596fff
monitored = 0
entry_point = 0x7fefc545e38
region_type = mapped_file
name = "schannel.dll"
filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll")
Region:
id = 2427
start_va = 0x7fefc5a0000
end_va = 0x7fefc5cffff
monitored = 0
entry_point = 0x7fefc5a194c
region_type = mapped_file
name = "logoncli.dll"
filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")
Region:
id = 2428
start_va = 0x7fefc7b0000
end_va = 0x7fefc7c7fff
monitored = 0
entry_point = 0x7fefc7b3b48
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 2429
start_va = 0x7fefc920000
end_va = 0x7fefc941fff
monitored = 0
entry_point = 0x7fefc925d30
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 2430
start_va = 0x7fefccb0000
end_va = 0x7fefccd2fff
monitored = 0
entry_point = 0x7fefccb1198
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 2431
start_va = 0x7fefcd50000
end_va = 0x7fefcd5afff
monitored = 0
entry_point = 0x7fefcd51030
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 2432
start_va = 0x7fefcd80000
end_va = 0x7fefcda4fff
monitored = 0
entry_point = 0x7fefcd89658
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 2433
start_va = 0x7fefcdb0000
end_va = 0x7fefcdbefff
monitored = 0
entry_point = 0x7fefcdb1010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 2434
start_va = 0x7fefce60000
end_va = 0x7fefce9cfff
monitored = 0
entry_point = 0x7fefce618f4
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 2435
start_va = 0x7fefcea0000
end_va = 0x7fefceb3fff
monitored = 0
entry_point = 0x7fefcea10e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 2436
start_va = 0x7fefcf60000
end_va = 0x7fefcf6efff
monitored = 0
entry_point = 0x7fefcf61020
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 2437
start_va = 0x7fefcf70000
end_va = 0x7fefd0dcfff
monitored = 0
entry_point = 0x7fefcf710b4
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 2438
start_va = 0x7fefd180000
end_va = 0x7fefd1b5fff
monitored = 0
entry_point = 0x7fefd181474
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 2439
start_va = 0x7fefd1c0000
end_va = 0x7fefd22bfff
monitored = 0
entry_point = 0x7fefd1c2780
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2440
start_va = 0x7fefd230000
end_va = 0x7fefd26afff
monitored = 0
entry_point = 0x7fefd231324
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 2441
start_va = 0x7fefd270000
end_va = 0x7fefd289fff
monitored = 0
entry_point = 0x7fefd271558
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 2442
start_va = 0x7fefe1d0000
end_va = 0x7fefe2aafff
monitored = 0
entry_point = 0x7fefe1f0760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2443
start_va = 0x7fefe2d0000
end_va = 0x7fefe2d7fff
monitored = 0
entry_point = 0x7fefe2d1504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 2444
start_va = 0x7fefe2e0000
end_va = 0x7fefe331fff
monitored = 0
entry_point = 0x7fefe2e10d4
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 2445
start_va = 0x7fefe4c0000
end_va = 0x7fefe5ecfff
monitored = 0
entry_point = 0x7fefe50ed50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2446
start_va = 0x7fefe5f0000
end_va = 0x7fefe6c6fff
monitored = 0
entry_point = 0x7fefe5f3274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2447
start_va = 0x7fefe770000
end_va = 0x7fefe7d6fff
monitored = 0
entry_point = 0x7fefe77b03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2448
start_va = 0x7fefe7e0000
end_va = 0x7fefe8a8fff
monitored = 0
entry_point = 0x7fefe85a874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 2449
start_va = 0x7fefe8b0000
end_va = 0x7fefea86fff
monitored = 0
entry_point = 0x7fefe8b1010
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 2450
start_va = 0x7fefea90000
end_va = 0x7fefeabdfff
monitored = 0
entry_point = 0x7fefea91010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2451
start_va = 0x7fefeb40000
end_va = 0x7fefeb5efff
monitored = 0
entry_point = 0x7fefeb460e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2452
start_va = 0x7fefeb60000
end_va = 0x7fefebacfff
monitored = 0
entry_point = 0x7fefeb61070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 2453
start_va = 0x7fefebb0000
end_va = 0x7fefebbdfff
monitored = 0
entry_point = 0x7fefebb1080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 2454
start_va = 0x7fefee20000
end_va = 0x7fefef28fff
monitored = 0
entry_point = 0x7fefee21064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 2455
start_va = 0x7fefef30000
end_va = 0x7feff132fff
monitored = 0
entry_point = 0x7fefef53330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2456
start_va = 0x7feff140000
end_va = 0x7feff1defff
monitored = 0
entry_point = 0x7feff1425a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2457
start_va = 0x7feff1e0000
end_va = 0x7feff278fff
monitored = 0
entry_point = 0x7feff1e1c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2458
start_va = 0x7feff290000
end_va = 0x7feff290fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 2459
start_va = 0x7fffffa8000
end_va = 0x7fffffa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa8000"
filename = ""
Region:
id = 2460
start_va = 0x7fffffaa000
end_va = 0x7fffffabfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffaa000"
filename = ""
Region:
id = 2461
start_va = 0x7fffffac000
end_va = 0x7fffffadfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffac000"
filename = ""
Region:
id = 2462
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Region:
id = 2463
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 2464
start_va = 0x7fffffd6000
end_va = 0x7fffffd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd6000"
filename = ""
Region:
id = 2465
start_va = 0x7fffffd8000
end_va = 0x7fffffd9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd8000"
filename = ""
Region:
id = 2466
start_va = 0x7fffffda000
end_va = 0x7fffffdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffda000"
filename = ""
Region:
id = 2467
start_va = 0x7fffffdc000
end_va = 0x7fffffddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdc000"
filename = ""
Region:
id = 2468
start_va = 0x7fffffde000
end_va = 0x7fffffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Region:
id = 2540
start_va = 0x1a0000
end_va = 0x1a1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001a0000"
filename = ""
Region:
id = 2700
start_va = 0x1b0000
end_va = 0x1b4fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001b0000"
filename = ""
Region:
id = 2701
start_va = 0x1e0000
end_va = 0x1f9fff
monitored = 1
entry_point = 0x1e1380
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 2702
start_va = 0x1b0000
end_va = 0x1b5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui")
Region:
id = 2703
start_va = 0x1e0000
end_va = 0x1f9fff
monitored = 1
entry_point = 0x1e1380
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 2704
start_va = 0x1b0000
end_va = 0x1b5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui")
Region:
id = 2705
start_va = 0x1e0000
end_va = 0x233fff
monitored = 0
entry_point = 0x1f3450
region_type = mapped_file
name = "lsm.exe"
filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe")
Region:
id = 2706
start_va = 0x1b0000
end_va = 0x1b1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsm.exe.mui"
filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui")
Region:
id = 2707
start_va = 0x1e0000
end_va = 0x233fff
monitored = 0
entry_point = 0x1f3450
region_type = mapped_file
name = "lsm.exe"
filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe")
Region:
id = 2708
start_va = 0x1b0000
end_va = 0x1b1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsm.exe.mui"
filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui")
Region:
id = 2709
start_va = 0x1e0000
end_va = 0x200fff
monitored = 0
entry_point = 0x1fa06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 2710
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 2711
start_va = 0x1e0000
end_va = 0x200fff
monitored = 0
entry_point = 0x1fa06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 2712
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 2713
start_va = 0x1e0000
end_va = 0x200fff
monitored = 0
entry_point = 0x1fa06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 2714
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 2715
start_va = 0x1e0000
end_va = 0x200fff
monitored = 0
entry_point = 0x1fa06c
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 2716
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 2717
start_va = 0x1e0000
end_va = 0x22ffff
monitored = 0
entry_point = 0x1e2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2718
start_va = 0x230000
end_va = 0x242fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2719
start_va = 0x1e0000
end_va = 0x22ffff
monitored = 0
entry_point = 0x1e2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2720
start_va = 0x230000
end_va = 0x242fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2721
start_va = 0x1e0000
end_va = 0x22ffff
monitored = 0
entry_point = 0x1e2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2722
start_va = 0x230000
end_va = 0x242fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2723
start_va = 0x1e0000
end_va = 0x22ffff
monitored = 0
entry_point = 0x1e2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2724
start_va = 0x230000
end_va = 0x242fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2725
start_va = 0x1e0000
end_va = 0x22ffff
monitored = 0
entry_point = 0x1e2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2726
start_va = 0x230000
end_va = 0x242fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2727
start_va = 0x1e0000
end_va = 0x22ffff
monitored = 0
entry_point = 0x1e2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2728
start_va = 0x230000
end_va = 0x242fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2729
start_va = 0x1e0000
end_va = 0x22ffff
monitored = 0
entry_point = 0x1e2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2730
start_va = 0x230000
end_va = 0x242fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2731
start_va = 0x1e0000
end_va = 0x22ffff
monitored = 0
entry_point = 0x1e2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2732
start_va = 0x230000
end_va = 0x242fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2733
start_va = 0x1e0000
end_va = 0x22ffff
monitored = 0
entry_point = 0x2268c8
region_type = mapped_file
name = "pnrpsvc.dll"
filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll")
Region:
id = 2734
start_va = 0x1b0000
end_va = 0x1b2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pnrpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui")
Region:
id = 2735
start_va = 0x1e0000
end_va = 0x22ffff
monitored = 0
entry_point = 0x2268c8
region_type = mapped_file
name = "pnrpsvc.dll"
filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll")
Region:
id = 2736
start_va = 0x1b0000
end_va = 0x1b2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pnrpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui")
Region:
id = 2737
start_va = 0xe90000
end_va = 0xf6bfff
monitored = 0
entry_point = 0xf05ec8
region_type = mapped_file
name = "azroles.dll"
filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll")
Region:
id = 2738
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "azroles.dll.mui"
filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui")
Region:
id = 2739
start_va = 0xe90000
end_va = 0xf6bfff
monitored = 0
entry_point = 0xf05ec8
region_type = mapped_file
name = "azroles.dll"
filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll")
Region:
id = 2740
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "azroles.dll.mui"
filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui")
Region:
id = 2741
start_va = 0xe90000
end_va = 0xf71fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll"
filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll")
Region:
id = 2742
start_va = 0x1e0000
end_va = 0x208fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll.mui"
filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui")
Region:
id = 2743
start_va = 0xe90000
end_va = 0xf71fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll"
filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll")
Region:
id = 2744
start_va = 0x1e0000
end_va = 0x208fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll.mui"
filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui")
Region:
id = 2745
start_va = 0xe90000
end_va = 0xf38fff
monitored = 0
entry_point = 0xea18d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 2746
start_va = 0x1b0000
end_va = 0x1b4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 2747
start_va = 0xe90000
end_va = 0xf38fff
monitored = 0
entry_point = 0xea18d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 2748
start_va = 0x1b0000
end_va = 0x1b4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 2749
start_va = 0xe90000
end_va = 0xf38fff
monitored = 0
entry_point = 0xea18d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 2750
start_va = 0x1b0000
end_va = 0x1b4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 2751
start_va = 0xe90000
end_va = 0xf38fff
monitored = 0
entry_point = 0xea18d0
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 2752
start_va = 0x1b0000
end_va = 0x1b4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 2753
start_va = 0x1e0000
end_va = 0x22ffff
monitored = 0
entry_point = 0x1e2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2754
start_va = 0x230000
end_va = 0x242fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2755
start_va = 0x1e0000
end_va = 0x22ffff
monitored = 0
entry_point = 0x1e2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2756
start_va = 0x230000
end_va = 0x242fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2757
start_va = 0x1e0000
end_va = 0x22ffff
monitored = 0
entry_point = 0x1e2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2758
start_va = 0x230000
end_va = 0x242fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2759
start_va = 0x1e0000
end_va = 0x22ffff
monitored = 0
entry_point = 0x1e2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2760
start_va = 0x230000
end_va = 0x242fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2761
start_va = 0x1e0000
end_va = 0x22ffff
monitored = 0
entry_point = 0x1e2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2762
start_va = 0x230000
end_va = 0x242fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2763
start_va = 0x1e0000
end_va = 0x22ffff
monitored = 0
entry_point = 0x1e2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2764
start_va = 0x230000
end_va = 0x242fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2765
start_va = 0x1e0000
end_va = 0x22ffff
monitored = 0
entry_point = 0x1e2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2766
start_va = 0x230000
end_va = 0x242fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2767
start_va = 0x1e0000
end_va = 0x22ffff
monitored = 0
entry_point = 0x1e2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2768
start_va = 0x230000
end_va = 0x242fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2769
start_va = 0x1e0000
end_va = 0x22ffff
monitored = 0
entry_point = 0x1e2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2770
start_va = 0x230000
end_va = 0x242fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2771
start_va = 0x1e0000
end_va = 0x22ffff
monitored = 0
entry_point = 0x1e2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2772
start_va = 0x230000
end_va = 0x242fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2773
start_va = 0x1e0000
end_va = 0x22ffff
monitored = 0
entry_point = 0x1e2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2774
start_va = 0x230000
end_va = 0x242fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2775
start_va = 0x1e0000
end_va = 0x22ffff
monitored = 0
entry_point = 0x1e2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2776
start_va = 0x230000
end_va = 0x242fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2777
start_va = 0x1e0000
end_va = 0x22ffff
monitored = 0
entry_point = 0x1e2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2778
start_va = 0x230000
end_va = 0x242fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2779
start_va = 0x1e0000
end_va = 0x22ffff
monitored = 0
entry_point = 0x1e2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2780
start_va = 0x230000
end_va = 0x242fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 2781
start_va = 0x1e0000
end_va = 0x26afff
monitored = 0
entry_point = 0x2551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 2782
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 2783
start_va = 0x1e0000
end_va = 0x26afff
monitored = 0
entry_point = 0x2551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 2784
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 2785
start_va = 0x1e0000
end_va = 0x26afff
monitored = 0
entry_point = 0x2551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 2786
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 2787
start_va = 0x1e0000
end_va = 0x26afff
monitored = 0
entry_point = 0x2551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 2788
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 2789
start_va = 0x1e0000
end_va = 0x26afff
monitored = 0
entry_point = 0x2551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 2790
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 2791
start_va = 0x1e0000
end_va = 0x26afff
monitored = 0
entry_point = 0x2551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 2792
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 2793
start_va = 0x1e0000
end_va = 0x26afff
monitored = 0
entry_point = 0x2551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 2794
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 2795
start_va = 0x1e0000
end_va = 0x26afff
monitored = 0
entry_point = 0x2551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 2796
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 2797
start_va = 0x1e0000
end_va = 0x26afff
monitored = 0
entry_point = 0x2551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 2798
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 2799
start_va = 0x1e0000
end_va = 0x26afff
monitored = 0
entry_point = 0x2551ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 2800
start_va = 0x1b0000
end_va = 0x1b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 2801
start_va = 0x1e0000
end_va = 0x1f9fff
monitored = 1
entry_point = 0x1e1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 2802
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 2803
start_va = 0x1e0000
end_va = 0x1f9fff
monitored = 1
entry_point = 0x1e1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 2804
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 2805
start_va = 0x1e0000
end_va = 0x1f9fff
monitored = 1
entry_point = 0x1e1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 2806
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 2807
start_va = 0x1e0000
end_va = 0x1f9fff
monitored = 1
entry_point = 0x1e1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 2808
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 2809
start_va = 0x1e0000
end_va = 0x1f9fff
monitored = 1
entry_point = 0x1e1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 2810
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 2811
start_va = 0x1e0000
end_va = 0x1f9fff
monitored = 1
entry_point = 0x1e1380
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 2812
start_va = 0x1b0000
end_va = 0x1bbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 2813
start_va = 0x1e0000
end_va = 0x207fff
monitored = 0
entry_point = 0x1e1860
region_type = mapped_file
name = "umpo.dll"
filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll")
Region:
id = 2814
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "umpo.dll.mui"
filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui")
Region:
id = 2815
start_va = 0x1e0000
end_va = 0x207fff
monitored = 0
entry_point = 0x1e1860
region_type = mapped_file
name = "umpo.dll"
filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll")
Region:
id = 2816
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "umpo.dll.mui"
filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui")
Region:
id = 2817
start_va = 0x1b0000
end_va = 0x1bafff
monitored = 0
entry_point = 0x1b11a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 2818
start_va = 0x1e0000
end_va = 0x1e1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 2819
start_va = 0x1b0000
end_va = 0x1bafff
monitored = 0
entry_point = 0x1b11a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 2820
start_va = 0x1e0000
end_va = 0x1e1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 2821
start_va = 0x1b0000
end_va = 0x1bafff
monitored = 0
entry_point = 0x1b11a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 2822
start_va = 0x1e0000
end_va = 0x1e1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 2823
start_va = 0x1b0000
end_va = 0x1bafff
monitored = 0
entry_point = 0x1b11a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 2824
start_va = 0x1e0000
end_va = 0x1e1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 2825
start_va = 0x1b0000
end_va = 0x1bafff
monitored = 0
entry_point = 0x1b11a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 2826
start_va = 0x1e0000
end_va = 0x1e1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 2827
start_va = 0x1b0000
end_va = 0x1bafff
monitored = 0
entry_point = 0x1b11a8
region_type = mapped_file
name = "httpapi.dll"
filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll")
Region:
id = 2828
start_va = 0x1e0000
end_va = 0x1e1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "httpapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui")
Region:
id = 2829
start_va = 0x1b0000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "psevents.dll"
filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll")
Region:
id = 2830
start_va = 0x1e0000
end_va = 0x1edfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "psevents.dll.mui"
filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui")
Region:
id = 2831
start_va = 0x1b0000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "psevents.dll"
filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll")
Region:
id = 2832
start_va = 0x1e0000
end_va = 0x1edfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "psevents.dll.mui"
filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui")
Region:
id = 2833
start_va = 0x1240000
end_va = 0x2034fff
monitored = 0
entry_point = 0x1323268
region_type = mapped_file
name = "wmp.dll"
filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll")
Region:
id = 2834
start_va = 0x1240000
end_va = 0x2034fff
monitored = 0
entry_point = 0x1323268
region_type = mapped_file
name = "wmp.dll"
filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll")
Region:
id = 2835
start_va = 0xe90000
end_va = 0xf39fff
monitored = 0
entry_point = 0xea4100
region_type = mapped_file
name = "netlogon.dll"
filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll")
Region:
id = 2836
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netlogon.dll.mui"
filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui")
Thread:
id = 66
os_tid = 0x848
[0166.759] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2
[0166.826] SetLastError (dwErrCode=0x0)
[0166.826] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xe8e4f8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xe8e400 | out: pulNumLanguages=0xe8e4f8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xe8e400) returned 1
[0166.826] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x2bd900
[0166.826] SetLastError (dwErrCode=0x0)
[0166.826] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xe8e4f8, pwszLanguagesBuffer=0x2bd900, pcchLanguagesBuffer=0xe8e400 | out: pulNumLanguages=0xe8e4f8, pwszLanguagesBuffer=0x2bd900, pcchLanguagesBuffer=0xe8e400) returned 1
[0166.826] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x2bd960
[0166.826] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2bd900 | out: hHeap=0x280000) returned 1
[0166.826] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x14) returned 0x2eef20
[0166.827] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x2eef20, pulNumLanguages=0xe8e4f8 | out: pulNumLanguages=0xe8e4f8) returned 1
[0166.827] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2eef20 | out: hHeap=0x280000) returned 1
[0166.834] LoadStringW (in: hInstance=0x7fef0680000, uID=0x3e, lpBuffer=0xe8dad0, cchBufferMax=256 | out: lpBuffer="Base Board") returned 0xa
[0166.836] lstrlenW (lpString="Dell") returned 4
[0166.837] lstrlenW (lpString="0D61XP") returned 6
[0166.837] lstrlenW (lpString="A00") returned 3
[0166.837] lstrlenW (lpString="..CN747510BO0504.") returned 17
[0166.843] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x4) returned 0x2bd900
[0166.843] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x2bd900, pulNumLanguages=0xe8e4f0 | out: pulNumLanguages=0xe8e4f0) returned 1
[0166.843] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2bd900 | out: hHeap=0x280000) returned 1
[0176.795] SetLastError (dwErrCode=0x0)
[0176.795] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xe8e4f8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xe8e400 | out: pulNumLanguages=0xe8e4f8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xe8e400) returned 1
[0176.795] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x2bd950
[0176.796] SetLastError (dwErrCode=0x0)
[0176.796] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xe8e4f8, pwszLanguagesBuffer=0x2bd950, pcchLanguagesBuffer=0xe8e400 | out: pulNumLanguages=0xe8e4f8, pwszLanguagesBuffer=0x2bd950, pcchLanguagesBuffer=0xe8e400) returned 1
[0176.796] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x2bd960
[0176.796] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2bd950 | out: hHeap=0x280000) returned 1
[0176.796] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x14) returned 0x2ef3c0
[0176.796] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x2ef3c0, pulNumLanguages=0xe8e4f8 | out: pulNumLanguages=0xe8e4f8) returned 1
[0176.796] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2ef3c0 | out: hHeap=0x280000) returned 1
[0176.978] malloc (_Size=0x600) returned 0x3d36a0
[0176.978] GetLogicalProcessorInformationEx (in: RelationshipType=0xffff, Buffer=0x0, ReturnedLength=0xe8dc1c | out: Buffer=0x0, ReturnedLength=0xe8dc1c) returned 0
[0176.978] GetLastError () returned 0x7a
[0176.978] malloc (_Size=0x250) returned 0x3d3cb0
[0176.978] GetLogicalProcessorInformationEx (in: RelationshipType=0xffff, Buffer=0x3d3cb0, ReturnedLength=0xe8dc1c | out: Buffer=0x3d3cb0, ReturnedLength=0xe8dc1c) returned 1
[0176.979] GetActiveProcessorCount (GroupNumber=0xffff) returned 0x4
[0176.979] GetMaximumProcessorGroupCount () returned 0x1
[0176.979] malloc (_Size=0x40) returned 0x3ad8b0
[0176.979] malloc (_Size=0x40) returned 0x3ad900
[0176.979] malloc (_Size=0x8) returned 0x3b7830
[0177.084] memcpy (in: _Dst=0x3ad8b0, _Src=0x3d3cd0, _Size=0x10 | out: _Dst=0x3ad8b0) returned 0x3ad8b0
[0177.147] GetActiveProcessorCount (GroupNumber=0x0) returned 0x4
[0177.147] NtPowerInformation (in: InformationLevel=0x2e, InputBuffer=0xe8dc14, InputBufferLength=0x2, OutputBuffer=0x3d36a0, OutputBufferLength=0x60 | out: OutputBuffer=0x3d36a0) returned 0x0
[0177.147] _vsnwprintf (in: _Buffer=0xe8dab0, _BufferCount=0x63, _Format="CPU%d", _ArgList=0xe8d3a8 | out: _Buffer="CPU0") returned 4
[0177.148] GetCurrentThread () returned 0xfffffffffffffffe
[0177.148] SetThreadGroupAffinity (in: hThread=0xfffffffffffffffe, GroupAffinity=0xe8d280, PreviousGroupAffinity=0xe8d290 | out: PreviousGroupAffinity=0xe8d290) returned 1
[0177.148] GetSystemInfo (in: lpSystemInfo=0xe8d440 | out: lpSystemInfo=0xe8d440*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504))
[0177.148] mbstowcs (in: _Dest=0xe8d6c8, _Source="GenuineIntel", _MaxCount=0x28 | out: _Dest="GenuineIntel") returned 0xc
[0177.148] _wcsicmp (_String1="GenuineIntel", _String2="GenuineIntel") returned 0
[0177.151] mbstowcs (in: _Dest=0xe8d538, _Source="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", _MaxCount=0x28 | out: _Dest="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x27
[0177.151] GetCurrentThread () returned 0xfffffffffffffffe
[0177.151] SetThreadGroupAffinity (in: hThread=0xfffffffffffffffe, GroupAffinity=0xe8d290, PreviousGroupAffinity=0x0 | out: PreviousGroupAffinity=0x0) returned 1
[0177.154] LoadStringW (in: hInstance=0x7fef0680000, uID=0x2c, lpBuffer=0xe8d100, cchBufferMax=256 | out: lpBuffer="CPU %d") returned 0x6
Thread:
id = 67
os_tid = 0xa9c
Thread:
id = 68
os_tid = 0xa80
Thread:
id = 69
os_tid = 0xa7c
[0173.489] DllCanUnloadNow () returned 0x1
Thread:
id = 70
os_tid = 0xa78
Thread:
id = 71
os_tid = 0xa6c
Thread:
id = 72
os_tid = 0x9fc
Thread:
id = 73
os_tid = 0x9f0
Process:
id = "8"
image_name = "wmiprvse.exe"
filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe"
page_root = "0x5d327000"
os_pid = "0x79c"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "rpc_server"
parent_id = "6"
os_parent_pid = "0x244"
cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d8ed" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 2548
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2549
start_va = 0x20000
end_va = 0x20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 2550
start_va = 0x30000
end_va = 0x33fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2551
start_va = 0x40000
end_va = 0x40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 2552
start_va = 0x50000
end_va = 0xb6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2553
start_va = 0xc0000
end_va = 0x1bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 2554
start_va = 0x1c0000
end_va = 0x23ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 2555
start_va = 0x240000
end_va = 0x2fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000240000"
filename = ""
Region:
id = 2556
start_va = 0x300000
end_va = 0x300fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000300000"
filename = ""
Region:
id = 2557
start_va = 0x310000
end_va = 0x314fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "user32.dll.mui"
filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui")
Region:
id = 2558
start_va = 0x320000
end_va = 0x320fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000320000"
filename = ""
Region:
id = 2559
start_va = 0x330000
end_va = 0x330fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000330000"
filename = ""
Region:
id = 2560
start_va = 0x340000
end_va = 0x340fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000340000"
filename = ""
Region:
id = 2561
start_va = 0x350000
end_va = 0x44ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000350000"
filename = ""
Region:
id = 2562
start_va = 0x460000
end_va = 0x4dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000460000"
filename = ""
Region:
id = 2563
start_va = 0x560000
end_va = 0x56ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000560000"
filename = ""
Region:
id = 2564
start_va = 0x570000
end_va = 0x6f7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000570000"
filename = ""
Region:
id = 2565
start_va = 0x700000
end_va = 0x880fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000700000"
filename = ""
Region:
id = 2566
start_va = 0x890000
end_va = 0xb5efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2567
start_va = 0xb80000
end_va = 0xbfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b80000"
filename = ""
Region:
id = 2568
start_va = 0xc50000
end_va = 0xccffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c50000"
filename = ""
Region:
id = 2569
start_va = 0xdd0000
end_va = 0xe4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000dd0000"
filename = ""
Region:
id = 2570
start_va = 0xe50000
end_va = 0xf4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 2571
start_va = 0xff0000
end_va = 0x106ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ff0000"
filename = ""
Region:
id = 2572
start_va = 0x1100000
end_va = 0x117ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001100000"
filename = ""
Region:
id = 2573
start_va = 0x11c0000
end_va = 0x123ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000011c0000"
filename = ""
Region:
id = 2574
start_va = 0x1250000
end_va = 0x12cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001250000"
filename = ""
Region:
id = 2575
start_va = 0x14b0000
end_va = 0x152ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000014b0000"
filename = ""
Region:
id = 2576
start_va = 0x76d50000
end_va = 0x76e49fff
monitored = 0
entry_point = 0x76d6a2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2577
start_va = 0x76e50000
end_va = 0x76f6efff
monitored = 0
entry_point = 0x76e65340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2578
start_va = 0x76f70000
end_va = 0x77118fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2579
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 2580
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 2581
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2582
start_va = 0x13f530000
end_va = 0x13f59bfff
monitored = 0
entry_point = 0x13f56b450
region_type = mapped_file
name = "wmiprvse.exe"
filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe")
Region:
id = 2583
start_va = 0x7fef0630000
end_va = 0x7fef067dfff
monitored = 0
entry_point = 0x7fef0631198
region_type = mapped_file
name = "pdh.dll"
filename = "\\Windows\\System32\\pdh.dll" (normalized: "c:\\windows\\system32\\pdh.dll")
Region:
id = 2584
start_va = 0x7fef1da0000
end_va = 0x7fef1dc4fff
monitored = 1
entry_point = 0x7fef1db8d6c
region_type = mapped_file
name = "wmiperfclass.dll"
filename = "\\Windows\\System32\\wbem\\WmiPerfClass.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiperfclass.dll")
Region:
id = 2585
start_va = 0x7fef1e30000
end_va = 0x7fef1eb5fff
monitored = 1
entry_point = 0x7fef1e3ffd0
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 2586
start_va = 0x7fef4b80000
end_va = 0x7fef4bbbfff
monitored = 1
entry_point = 0x7fef4ba5aa8
region_type = mapped_file
name = "wmiprov.dll"
filename = "\\Windows\\System32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll")
Region:
id = 2587
start_va = 0x7fef6700000
end_va = 0x7fef6711fff
monitored = 0
entry_point = 0x7fef67089d0
region_type = mapped_file
name = "ncobjapi.dll"
filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")
Region:
id = 2588
start_va = 0x7fef68c0000
end_va = 0x7fef68e0fff
monitored = 0
entry_point = 0x7fef68d03b0
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 2589
start_va = 0x7fef6960000
end_va = 0x7fef6972fff
monitored = 0
entry_point = 0x7fef6961d80
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 2590
start_va = 0x7fef6c40000
end_va = 0x7fef6c4dfff
monitored = 0
entry_point = 0x7fef6c45500
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 2591
start_va = 0x7fef6c50000
end_va = 0x7fef6c76fff
monitored = 0
entry_point = 0x7fef6c511a0
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")
Region:
id = 2592
start_va = 0x7fef6c80000
end_va = 0x7fef6d52fff
monitored = 0
entry_point = 0x7fef6cf8b00
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 2593
start_va = 0x7fef6ee0000
end_va = 0x7fef6f56fff
monitored = 1
entry_point = 0x7fef6f1e7f0
region_type = mapped_file
name = "wbemcomn2.dll"
filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll")
Region:
id = 2594
start_va = 0x7fefaf40000
end_va = 0x7fefaf6cfff
monitored = 0
entry_point = 0x7fefaf41010
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 2595
start_va = 0x7fefc4b0000
end_va = 0x7fefc4f6fff
monitored = 0
entry_point = 0x7fefc4b1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2596
start_va = 0x7fefc7b0000
end_va = 0x7fefc7c7fff
monitored = 0
entry_point = 0x7fefc7b3b48
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 2597
start_va = 0x7fefc920000
end_va = 0x7fefc941fff
monitored = 0
entry_point = 0x7fefc925d30
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 2598
start_va = 0x7fefc9e0000
end_va = 0x7fefca4cfff
monitored = 0
entry_point = 0x7fefc9e1010
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 2599
start_va = 0x7fefcdb0000
end_va = 0x7fefcdbefff
monitored = 0
entry_point = 0x7fefcdb1010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 2600
start_va = 0x7fefcea0000
end_va = 0x7fefceb3fff
monitored = 0
entry_point = 0x7fefcea10e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 2601
start_va = 0x7fefd1c0000
end_va = 0x7fefd22bfff
monitored = 0
entry_point = 0x7fefd1c2780
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2602
start_va = 0x7fefe1d0000
end_va = 0x7fefe2aafff
monitored = 0
entry_point = 0x7fefe1f0760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2603
start_va = 0x7fefe2d0000
end_va = 0x7fefe2d7fff
monitored = 0
entry_point = 0x7fefe2d1504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 2604
start_va = 0x7fefe2e0000
end_va = 0x7fefe331fff
monitored = 0
entry_point = 0x7fefe2e10d4
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 2605
start_va = 0x7fefe4c0000
end_va = 0x7fefe5ecfff
monitored = 0
entry_point = 0x7fefe50ed50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2606
start_va = 0x7fefe5f0000
end_va = 0x7fefe6c6fff
monitored = 0
entry_point = 0x7fefe5f3274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2607
start_va = 0x7fefe770000
end_va = 0x7fefe7d6fff
monitored = 0
entry_point = 0x7fefe77b03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2608
start_va = 0x7fefe7e0000
end_va = 0x7fefe8a8fff
monitored = 0
entry_point = 0x7fefe85a874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 2609
start_va = 0x7fefea90000
end_va = 0x7fefeabdfff
monitored = 0
entry_point = 0x7fefea91010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2610
start_va = 0x7fefeb40000
end_va = 0x7fefeb5efff
monitored = 0
entry_point = 0x7fefeb460e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2611
start_va = 0x7fefeb60000
end_va = 0x7fefebacfff
monitored = 0
entry_point = 0x7fefeb61070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 2612
start_va = 0x7fefebb0000
end_va = 0x7fefebbdfff
monitored = 0
entry_point = 0x7fefebb1080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 2613
start_va = 0x7fefee20000
end_va = 0x7fefef28fff
monitored = 0
entry_point = 0x7fefee21064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 2614
start_va = 0x7fefef30000
end_va = 0x7feff132fff
monitored = 0
entry_point = 0x7fefef53330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2615
start_va = 0x7feff140000
end_va = 0x7feff1defff
monitored = 0
entry_point = 0x7feff1425a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2616
start_va = 0x7feff1e0000
end_va = 0x7feff278fff
monitored = 0
entry_point = 0x7feff1e1c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2617
start_va = 0x7feff290000
end_va = 0x7feff290fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 2618
start_va = 0x7fffffac000
end_va = 0x7fffffadfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffac000"
filename = ""
Region:
id = 2619
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Region:
id = 2620
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 2621
start_va = 0x7fffffd3000
end_va = 0x7fffffd4fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd3000"
filename = ""
Region:
id = 2622
start_va = 0x7fffffd5000
end_va = 0x7fffffd6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd5000"
filename = ""
Region:
id = 2623
start_va = 0x7fffffd7000
end_va = 0x7fffffd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd7000"
filename = ""
Region:
id = 2624
start_va = 0x7fffffd8000
end_va = 0x7fffffd9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd8000"
filename = ""
Region:
id = 2625
start_va = 0x7fffffda000
end_va = 0x7fffffdbfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffda000"
filename = ""
Region:
id = 2626
start_va = 0x7fffffdc000
end_va = 0x7fffffddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdc000"
filename = ""
Region:
id = 2627
start_va = 0x7fffffde000
end_va = 0x7fffffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Thread:
id = 74
os_tid = 0xa60
Thread:
id = 75
os_tid = 0x6d8
Thread:
id = 76
os_tid = 0x630
[0173.780] DllCanUnloadNow () returned 0x1
[0173.780] DllCanUnloadNow () returned 0x1
Thread:
id = 77
os_tid = 0x610
Thread:
id = 78
os_tid = 0x62c
Thread:
id = 79
os_tid = 0x620
Thread:
id = 80
os_tid = 0x61c
Thread:
id = 81
os_tid = 0x338
Process:
id = "9"
image_name = "taskeng.exe"
filename = "c:\\windows\\system32\\taskeng.exe"
page_root = "0x21229000"
os_pid = "0x508"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "created_scheduled_job"
parent_id = "4"
os_parent_pid = "0x344"
cmd_line = "taskeng.exe {2B54E3AB-81FE-4D04-A684-ECB55DA39E7A} S-1-5-21-4219442223-4223814209-3835049652-1000:Q9IATRKPRH\\kEecfMwgj:Interactive:LUA[1]"
cur_dir = "C:\\Windows\\system32\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fab9" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 2941
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 2942
start_va = 0x30000
end_va = 0x33fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2943
start_va = 0x40000
end_va = 0x40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 2944
start_va = 0x210000
end_va = 0x28ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000210000"
filename = ""
Region:
id = 2945
start_va = 0x77960000
end_va = 0x77b08fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2946
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 2947
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2948
start_va = 0xffc50000
end_va = 0xffcc3fff
monitored = 0
entry_point = 0xffc5f44c
region_type = mapped_file
name = "taskeng.exe"
filename = "\\Windows\\System32\\taskeng.exe" (normalized: "c:\\windows\\system32\\taskeng.exe")
Region:
id = 2949
start_va = 0x7feffc80000
end_va = 0x7feffc80fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 2950
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 2951
start_va = 0x7fffffd5000
end_va = 0x7fffffd5fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd5000"
filename = ""
Region:
id = 2952
start_va = 0x7fffffde000
end_va = 0x7fffffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Region:
id = 3083
start_va = 0x290000
end_va = 0x4cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000290000"
filename = ""
Region:
id = 3084
start_va = 0x77840000
end_va = 0x7795efff
monitored = 0
entry_point = 0x77855340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 3085
start_va = 0x7fefd9a0000
end_va = 0x7fefda0bfff
monitored = 0
entry_point = 0x7fefd9a2780
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 3086
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 3087
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 3088
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 3089
start_va = 0x50000
end_va = 0xb6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 3090
start_va = 0x77740000
end_va = 0x77839fff
monitored = 0
entry_point = 0x7775a2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 3091
start_va = 0x7feff100000
end_va = 0x7feff166fff
monitored = 0
entry_point = 0x7feff10b03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 3092
start_va = 0x7fefdf10000
end_va = 0x7fefdf1dfff
monitored = 0
entry_point = 0x7fefdf11080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 3093
start_va = 0x7feffb70000
end_va = 0x7feffc38fff
monitored = 0
entry_point = 0x7feffbea874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 3094
start_va = 0x7fefdf20000
end_va = 0x7fefdfbefff
monitored = 0
entry_point = 0x7fefdf225a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 3095
start_va = 0x7feff860000
end_va = 0x7feffa62fff
monitored = 0
entry_point = 0x7feff883330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 3096
start_va = 0x7fefe0d0000
end_va = 0x7fefe1fcfff
monitored = 0
entry_point = 0x7fefe11ed50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 3097
start_va = 0x7fefddb0000
end_va = 0x7fefde86fff
monitored = 0
entry_point = 0x7fefddb3274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 3098
start_va = 0x7fefae40000
end_va = 0x7fefae49fff
monitored = 0
entry_point = 0x7fefae4260c
region_type = mapped_file
name = "ktmw32.dll"
filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll")
Region:
id = 3099
start_va = 0x7fefd3d0000
end_va = 0x7fefd43cfff
monitored = 0
entry_point = 0x7fefd3d1010
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 3100
start_va = 0xc0000
end_va = 0xeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 3101
start_va = 0xf0000
end_va = 0x1effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 3102
start_va = 0x290000
end_va = 0x2b8fff
monitored = 0
entry_point = 0x291010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 3103
start_va = 0x3d0000
end_va = 0x4cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003d0000"
filename = ""
Region:
id = 3104
start_va = 0x4d0000
end_va = 0x657fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004d0000"
filename = ""
Region:
id = 3105
start_va = 0x290000
end_va = 0x2b8fff
monitored = 0
entry_point = 0x291010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 3106
start_va = 0x7feffc40000
end_va = 0x7feffc6dfff
monitored = 0
entry_point = 0x7feffc41010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 3107
start_va = 0x7fefdfc0000
end_va = 0x7fefe0c8fff
monitored = 0
entry_point = 0x7fefdfc1064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 3108
start_va = 0x660000
end_va = 0x7e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000660000"
filename = ""
Region:
id = 3109
start_va = 0x7f0000
end_va = 0x1beffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007f0000"
filename = ""
Region:
id = 3110
start_va = 0x20000
end_va = 0x20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "taskeng.exe.mui"
filename = "\\Windows\\System32\\en-US\\TaskEng.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\taskeng.exe.mui")
Region:
id = 3111
start_va = 0xc0000
end_va = 0xc0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 3112
start_va = 0xd0000
end_va = 0xd0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000d0000"
filename = ""
Region:
id = 3113
start_va = 0xe0000
end_va = 0xeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000e0000"
filename = ""
Region:
id = 3114
start_va = 0x290000
end_va = 0x31ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000290000"
filename = ""
Region:
id = 3115
start_va = 0x320000
end_va = 0x39cfff
monitored = 0
entry_point = 0x32cec8
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 3116
start_va = 0x320000
end_va = 0x39cfff
monitored = 0
entry_point = 0x32cec8
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 3117
start_va = 0x7fefd7a0000
end_va = 0x7fefd7aefff
monitored = 0
entry_point = 0x7fefd7a1010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 3118
start_va = 0x7feff630000
end_va = 0x7feff64efff
monitored = 0
entry_point = 0x7feff6360e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 3119
start_va = 0x1d90000
end_va = 0x1e0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001d90000"
filename = ""
Region:
id = 3120
start_va = 0x7fffffdc000
end_va = 0x7fffffddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdc000"
filename = ""
Region:
id = 3121
start_va = 0x7feff170000
end_va = 0x7feff24afff
monitored = 0
entry_point = 0x7feff190760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 3122
start_va = 0x7fefd1a0000
end_va = 0x7fefd1b7fff
monitored = 0
entry_point = 0x7fefd1a3b48
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 3123
start_va = 0x320000
end_va = 0x364fff
monitored = 0
entry_point = 0x321064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 3124
start_va = 0x320000
end_va = 0x364fff
monitored = 0
entry_point = 0x321064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 3125
start_va = 0x320000
end_va = 0x364fff
monitored = 0
entry_point = 0x321064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 3126
start_va = 0x320000
end_va = 0x364fff
monitored = 0
entry_point = 0x321064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 3127
start_va = 0x320000
end_va = 0x364fff
monitored = 0
entry_point = 0x321064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 3128
start_va = 0x7fefcea0000
end_va = 0x7fefcee6fff
monitored = 0
entry_point = 0x7fefcea1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 3129
start_va = 0x7feff080000
end_va = 0x7feff0f0fff
monitored = 0
entry_point = 0x7feff091e20
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 3130
start_va = 0x1c50000
end_va = 0x1ccffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001c50000"
filename = ""
Region:
id = 3131
start_va = 0x7fffffda000
end_va = 0x7fffffdbfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffda000"
filename = ""
Region:
id = 3132
start_va = 0x7fefd770000
end_va = 0x7fefd794fff
monitored = 0
entry_point = 0x7fefd779658
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 3133
start_va = 0x1e10000
end_va = 0x1f0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e10000"
filename = ""
Region:
id = 3134
start_va = 0x1f40000
end_va = 0x1fbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f40000"
filename = ""
Region:
id = 3135
start_va = 0x7fffffd8000
end_va = 0x7fffffd9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd8000"
filename = ""
Region:
id = 3136
start_va = 0x1fc0000
end_va = 0x228efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 3137
start_va = 0x7fefd890000
end_va = 0x7fefd8a3fff
monitored = 0
entry_point = 0x7fefd8910e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 3138
start_va = 0x2320000
end_va = 0x239ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002320000"
filename = ""
Region:
id = 3139
start_va = 0x7fffffd6000
end_va = 0x7fffffd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd6000"
filename = ""
Region:
id = 3140
start_va = 0x2450000
end_va = 0x24cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002450000"
filename = ""
Region:
id = 3141
start_va = 0x7fffffd3000
end_va = 0x7fffffd4fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd3000"
filename = ""
Region:
id = 3142
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 3143
start_va = 0x7fefe200000
end_va = 0x7fefe298fff
monitored = 0
entry_point = 0x7fefe201c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 3144
start_va = 0x7fefab40000
end_va = 0x7fefab48fff
monitored = 0
entry_point = 0x7fefab411a0
region_type = mapped_file
name = "tschannel.dll"
filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll")
Region:
id = 3145
start_va = 0x7fefc200000
end_va = 0x7fefc255fff
monitored = 0
entry_point = 0x7fefc20bbc0
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 3146
start_va = 0x24d0000
end_va = 0x25fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000024d0000"
filename = ""
Region:
id = 3147
start_va = 0x7fefbd90000
end_va = 0x7fefbdc4fff
monitored = 0
entry_point = 0x7fefbd91064
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 3148
start_va = 0x1cf0000
end_va = 0x1d6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001cf0000"
filename = ""
Region:
id = 3149
start_va = 0x2600000
end_va = 0x26defff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002600000"
filename = ""
Region:
id = 3150
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Region:
id = 3151
start_va = 0x7fefbdd0000
end_va = 0x7fefbde7fff
monitored = 0
entry_point = 0x7fefbdd1130
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Thread:
id = 114
os_tid = 0x50c
Thread:
id = 115
os_tid = 0x51c
Thread:
id = 116
os_tid = 0x530
Thread:
id = 117
os_tid = 0x544
Thread:
id = 118
os_tid = 0x550
Thread:
id = 119
os_tid = 0x554
Thread:
id = 120
os_tid = 0x558
Process:
id = "10"
image_name = "zwllfjvv.exe"
filename = "c:\\users\\keecfmwgj\\appdata\\roaming\\zwllfjvv.exe"
page_root = "0x20de6000"
os_pid = "0x55c"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "child_process"
parent_id = "9"
os_parent_pid = "0x508"
cmd_line = "C:\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe "
cur_dir = "C:\\Windows\\system32\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fab9" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 3152
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 3153
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 3154
start_va = 0x40000
end_va = 0x40fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 3155
start_va = 0x70000
end_va = 0xaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000070000"
filename = ""
Region:
id = 3156
start_va = 0x190000
end_va = 0x28ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000190000"
filename = ""
Region:
id = 3157
start_va = 0x920000
end_va = 0x9dffff
monitored = 1
entry_point = 0x9d990e
region_type = mapped_file
name = "zwllfjvv.exe"
filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\zwllfjvv.exe")
Region:
id = 3158
start_va = 0x77960000
end_va = 0x77b08fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 3159
start_va = 0x77b40000
end_va = 0x77cbffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 3160
start_va = 0x7efb0000
end_va = 0x7efd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efb0000"
filename = ""
Region:
id = 3161
start_va = 0x7efdb000
end_va = 0x7efddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdb000"
filename = ""
Region:
id = 3162
start_va = 0x7efde000
end_va = 0x7efdefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efde000"
filename = ""
Region:
id = 3163
start_va = 0x7efdf000
end_va = 0x7efdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdf000"
filename = ""
Region:
id = 3164
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 3165
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 3166
start_va = 0x7fff0000
end_va = 0x7fffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 3331
start_va = 0x50000
end_va = 0x53fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 3332
start_va = 0xb0000
end_va = 0x12ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000b0000"
filename = ""
Region:
id = 3333
start_va = 0x742d0000
end_va = 0x7430efff
monitored = 0
entry_point = 0x742fe088
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 3453
start_va = 0x74260000
end_va = 0x742bbfff
monitored = 0
entry_point = 0x7429f9f4
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 3605
start_va = 0x74250000
end_va = 0x74257fff
monitored = 0
entry_point = 0x742520f8
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 3607
start_va = 0x77840000
end_va = 0x7795efff
monitored = 0
entry_point = 0x77855340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 3608
start_va = 0x75db0000
end_va = 0x75ebffff
monitored = 0
entry_point = 0x75dc3283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 3609
start_va = 0x77840000
end_va = 0x7795efff
monitored = 0
entry_point = 0x77855340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 3610
start_va = 0x77840000
end_va = 0x7795efff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000077840000"
filename = ""
Region:
id = 3611
start_va = 0x77740000
end_va = 0x77839fff
monitored = 0
entry_point = 0x7775a2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 3612
start_va = 0x77740000
end_va = 0x77839fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000077740000"
filename = ""
Region:
id = 3613
start_va = 0x290000
end_va = 0x38ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000290000"
filename = ""
Region:
id = 3614
start_va = 0x74200000
end_va = 0x74249fff
monitored = 1
entry_point = 0x74202e54
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll")
Region:
id = 3615
start_va = 0x75db0000
end_va = 0x75ebffff
monitored = 0
entry_point = 0x75dc3283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 3616
start_va = 0x76040000
end_va = 0x76086fff
monitored = 0
entry_point = 0x760474c1
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 3617
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 3618
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 3619
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 3620
start_va = 0x390000
end_va = 0x3f6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 3621
start_va = 0x400000
end_va = 0x5cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 3622
start_va = 0x400000
end_va = 0x4fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 3623
start_va = 0x5c0000
end_va = 0x5cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005c0000"
filename = ""
Region:
id = 3624
start_va = 0x75ae0000
end_va = 0x75b7ffff
monitored = 0
entry_point = 0x75af49e5
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 3625
start_va = 0x763e0000
end_va = 0x7648bfff
monitored = 0
entry_point = 0x763ea472
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 3626
start_va = 0x76150000
end_va = 0x76168fff
monitored = 0
entry_point = 0x76154975
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 3627
start_va = 0x75f50000
end_va = 0x7603ffff
monitored = 0
entry_point = 0x75f60569
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 3628
start_va = 0x75690000
end_va = 0x756effff
monitored = 0
entry_point = 0x756aa3b3
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 3629
start_va = 0x75680000
end_va = 0x7568bfff
monitored = 0
entry_point = 0x756810e1
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 3630
start_va = 0x5d0000
end_va = 0x79ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005d0000"
filename = ""
Region:
id = 3631
start_va = 0x74170000
end_va = 0x741fcfff
monitored = 1
entry_point = 0x74182860
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")
Region:
id = 3632
start_va = 0x74160000
end_va = 0x74162fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-synch-l1-2-0.dll"
filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")
Region:
id = 3634
start_va = 0x761f0000
end_va = 0x76246fff
monitored = 0
entry_point = 0x76209ba6
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 3635
start_va = 0x75ec0000
end_va = 0x75f4ffff
monitored = 0
entry_point = 0x75ed6343
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 3636
start_va = 0x77500000
end_va = 0x775fffff
monitored = 0
entry_point = 0x7751b6ed
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 3637
start_va = 0x77b10000
end_va = 0x77b19fff
monitored = 0
entry_point = 0x77b136a0
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")
Region:
id = 3638
start_va = 0x75700000
end_va = 0x7579cfff
monitored = 0
entry_point = 0x75733fd7
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")
Region:
id = 3639
start_va = 0x5d0000
end_va = 0x757fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005d0000"
filename = ""
Region:
id = 3640
start_va = 0x790000
end_va = 0x79ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000790000"
filename = ""
Region:
id = 3641
start_va = 0x20000
end_va = 0x3dfff
monitored = 0
entry_point = 0x3158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 3642
start_va = 0x20000
end_va = 0x3dfff
monitored = 0
entry_point = 0x3158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 3643
start_va = 0x76750000
end_va = 0x767affff
monitored = 0
entry_point = 0x7676158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 3644
start_va = 0x77430000
end_va = 0x774fbfff
monitored = 0
entry_point = 0x7743168b
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 3645
start_va = 0x9e0000
end_va = 0xb60fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000009e0000"
filename = ""
Region:
id = 3646
start_va = 0xb70000
end_va = 0x1f6ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000b70000"
filename = ""
Region:
id = 3647
start_va = 0x20000
end_va = 0x20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 3648
start_va = 0x30000
end_va = 0x30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 3649
start_va = 0x400000
end_va = 0x4bafff
monitored = 1
entry_point = 0x4b990e
region_type = mapped_file
name = "zwllfjvv.exe"
filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\zwllfjvv.exe")
Region:
id = 3650
start_va = 0x4c0000
end_va = 0x4fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004c0000"
filename = ""
Region:
id = 3651
start_va = 0x400000
end_va = 0x4bafff
monitored = 1
entry_point = 0x4b990e
region_type = mapped_file
name = "zwllfjvv.exe"
filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\zwllfjvv.exe")
Region:
id = 3652
start_va = 0x74150000
end_va = 0x74158fff
monitored = 0
entry_point = 0x74151220
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 3653
start_va = 0x739a0000
end_va = 0x7414efff
monitored = 1
entry_point = 0x739bd0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 3654
start_va = 0x731f0000
end_va = 0x7399efff
monitored = 1
entry_point = 0x7320d0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 3655
start_va = 0x739a0000
end_va = 0x7414efff
monitored = 1
entry_point = 0x739bd0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 3656
start_va = 0x73980000
end_va = 0x73993fff
monitored = 0
entry_point = 0x7398ac00
region_type = mapped_file
name = "vcruntime140_clr0400.dll"
filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")
Region:
id = 3657
start_va = 0x738d0000
end_va = 0x7397afff
monitored = 0
entry_point = 0x73965f20
region_type = mapped_file
name = "ucrtbase_clr0400.dll"
filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")
Region:
id = 3658
start_va = 0x60000
end_va = 0x60fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000060000"
filename = ""
Region:
id = 3659
start_va = 0x130000
end_va = 0x13ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000130000"
filename = ""
Region:
id = 3660
start_va = 0x140000
end_va = 0x14ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000140000"
filename = ""
Region:
id = 3661
start_va = 0x150000
end_va = 0x15ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000150000"
filename = ""
Region:
id = 3662
start_va = 0x160000
end_va = 0x16ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 3663
start_va = 0x170000
end_va = 0x17ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000170000"
filename = ""
Region:
id = 3664
start_va = 0x180000
end_va = 0x18ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000180000"
filename = ""
Region:
id = 3665
start_va = 0x400000
end_va = 0x400fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 3666
start_va = 0x410000
end_va = 0x410fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000410000"
filename = ""
Region:
id = 3667
start_va = 0x7a0000
end_va = 0x87ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 3668
start_va = 0x1f70000
end_va = 0x20cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f70000"
filename = ""
Region:
id = 3669
start_va = 0x8b0000
end_va = 0x8effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008b0000"
filename = ""
Region:
id = 3670
start_va = 0x2180000
end_va = 0x227ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002180000"
filename = ""
Region:
id = 3671
start_va = 0x7efd8000
end_va = 0x7efdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd8000"
filename = ""
Region:
id = 3672
start_va = 0x420000
end_va = 0x42ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000420000"
filename = ""
Region:
id = 3673
start_va = 0x2280000
end_va = 0x427ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002280000"
filename = ""
Region:
id = 3674
start_va = 0x420000
end_va = 0x4bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000420000"
filename = ""
Region:
id = 3675
start_va = 0x1f70000
end_va = 0x1faffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f70000"
filename = ""
Region:
id = 3676
start_va = 0x2090000
end_va = 0x20cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002090000"
filename = ""
Region:
id = 3677
start_va = 0x4420000
end_va = 0x451ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004420000"
filename = ""
Region:
id = 3678
start_va = 0x7efd5000
end_va = 0x7efd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd5000"
filename = ""
Region:
id = 3679
start_va = 0x4520000
end_va = 0x47eefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 3680
start_va = 0x1fd0000
end_va = 0x200ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001fd0000"
filename = ""
Region:
id = 3681
start_va = 0x4300000
end_va = 0x43fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004300000"
filename = ""
Region:
id = 3682
start_va = 0x7efad000
end_va = 0x7efaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efad000"
filename = ""
Region:
id = 3683
start_va = 0x724c0000
end_va = 0x738cafff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")
Region:
id = 3684
start_va = 0x75980000
end_va = 0x75adbfff
monitored = 0
entry_point = 0x759cba3d
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 3685
start_va = 0x72440000
end_va = 0x724bffff
monitored = 0
entry_point = 0x724537c9
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 3686
start_va = 0x47f0000
end_va = 0x490ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047f0000"
filename = ""
Region:
id = 3687
start_va = 0x47f0000
end_va = 0x48cefff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000047f0000"
filename = ""
Region:
id = 3688
start_va = 0x48d0000
end_va = 0x490ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048d0000"
filename = ""
Region:
id = 3689
start_va = 0x500000
end_va = 0x50ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000500000"
filename = ""
Region:
id = 3690
start_va = 0x510000
end_va = 0x51ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000510000"
filename = ""
Region:
id = 3691
start_va = 0x72430000
end_va = 0x72432fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-xstate-l2-1-0.dll"
filename = "\\Windows\\SysWOW64\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")
Region:
id = 3692
start_va = 0x723a0000
end_va = 0x72428fff
monitored = 1
entry_point = 0x723a1130
region_type = mapped_file
name = "clrjit.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")
Region:
id = 3693
start_va = 0x75b80000
end_va = 0x75c0efff
monitored = 0
entry_point = 0x75b83fb1
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 3694
start_va = 0x520000
end_va = 0x52ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000520000"
filename = ""
Region:
id = 3697
start_va = 0x71940000
end_va = 0x72394fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")
Region:
id = 3698
start_va = 0x71790000
end_va = 0x71932fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.drawing.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")
Region:
id = 3699
start_va = 0x70920000
end_va = 0x71785fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.windows.forms.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")
Region:
id = 3700
start_va = 0x70370000
end_va = 0x70913fff
monitored = 1
entry_point = 0x708fb692
region_type = mapped_file
name = "system.windows.forms.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.windows.forms\\v4.0_4.0.0.0__b77a5c561934e089\\system.windows.forms.dll")
Region:
id = 3701
start_va = 0x530000
end_va = 0x531fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000530000"
filename = ""
Region:
id = 3702
start_va = 0x70900000
end_va = 0x70912fff
monitored = 1
entry_point = 0x7090d900
region_type = mapped_file
name = "nlssorting.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")
Region:
id = 3703
start_va = 0x4910000
end_va = 0x4be1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nlp"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp")
Region:
id = 3704
start_va = 0x540000
end_va = 0x54ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000540000"
filename = ""
Region:
id = 3705
start_va = 0x550000
end_va = 0x55ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000550000"
filename = ""
Region:
id = 3706
start_va = 0x560000
end_va = 0x56ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000560000"
filename = ""
Region:
id = 3707
start_va = 0x570000
end_va = 0x57ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000570000"
filename = ""
Region:
id = 3708
start_va = 0x580000
end_va = 0x58ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 3709
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 3710
start_va = 0x5a0000
end_va = 0x5affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005a0000"
filename = ""
Region:
id = 3711
start_va = 0x5b0000
end_va = 0x5bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005b0000"
filename = ""
Region:
id = 3712
start_va = 0x760000
end_va = 0x76ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000760000"
filename = ""
Region:
id = 3713
start_va = 0x770000
end_va = 0x77ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000770000"
filename = ""
Region:
id = 3714
start_va = 0x780000
end_va = 0x78ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000780000"
filename = ""
Region:
id = 3715
start_va = 0x7a0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 3716
start_va = 0x840000
end_va = 0x87ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000840000"
filename = ""
Region:
id = 3717
start_va = 0x7b0000
end_va = 0x7bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007b0000"
filename = ""
Region:
id = 3718
start_va = 0x7c0000
end_va = 0x7cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007c0000"
filename = ""
Region:
id = 3719
start_va = 0x7d0000
end_va = 0x7dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007d0000"
filename = ""
Region:
id = 3720
start_va = 0x7e0000
end_va = 0x7effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007e0000"
filename = ""
Region:
id = 3721
start_va = 0x7f0000
end_va = 0x7fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007f0000"
filename = ""
Region:
id = 3722
start_va = 0x700e0000
end_va = 0x708f7fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.core.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")
Region:
id = 3723
start_va = 0x6ffd0000
end_va = 0x700d4fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.configuration.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")
Region:
id = 3724
start_va = 0x6f850000
end_va = 0x6ffc3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.xml.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")
Region:
id = 3725
start_va = 0x767b0000
end_va = 0x773f9fff
monitored = 0
entry_point = 0x76831601
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 3726
start_va = 0x540000
end_va = 0x540fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000540000"
filename = ""
Region:
id = 3727
start_va = 0x6f840000
end_va = 0x6f84afff
monitored = 0
entry_point = 0x6f841992
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")
Region:
id = 3728
start_va = 0x4bf0000
end_va = 0x4d7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004bf0000"
filename = ""
Region:
id = 3729
start_va = 0x6f820000
end_va = 0x6f836fff
monitored = 0
entry_point = 0x6f8235fa
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")
Region:
id = 3730
start_va = 0x6f800000
end_va = 0x6f816fff
monitored = 0
entry_point = 0x6f803573
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")
Region:
id = 3731
start_va = 0x550000
end_va = 0x58bfff
monitored = 0
entry_point = 0x55128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 3732
start_va = 0x550000
end_va = 0x58bfff
monitored = 0
entry_point = 0x55128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 3733
start_va = 0x550000
end_va = 0x58bfff
monitored = 0
entry_point = 0x55128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 3734
start_va = 0x550000
end_va = 0x58bfff
monitored = 0
entry_point = 0x55128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 3735
start_va = 0x550000
end_va = 0x58bfff
monitored = 0
entry_point = 0x55128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 3736
start_va = 0x6f7c0000
end_va = 0x6f7fafff
monitored = 0
entry_point = 0x6f7c128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 3737
start_va = 0x7a0000
end_va = 0x821fff
monitored = 0
entry_point = 0x7a19a9
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 3738
start_va = 0x7a0000
end_va = 0x821fff
monitored = 0
entry_point = 0x7a19a9
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 3739
start_va = 0x6f730000
end_va = 0x6f7b3fff
monitored = 0
entry_point = 0x6f7319a9
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 3740
start_va = 0x7a0000
end_va = 0x82ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 3741
start_va = 0x550000
end_va = 0x55ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000550000"
filename = ""
Region:
id = 3742
start_va = 0x560000
end_va = 0x56ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000560000"
filename = ""
Region:
id = 3743
start_va = 0x570000
end_va = 0x57ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000570000"
filename = ""
Region:
id = 3744
start_va = 0x580000
end_va = 0x58ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 3745
start_va = 0x6f5a0000
end_va = 0x6f72ffff
monitored = 0
entry_point = 0x6f63d026
region_type = mapped_file
name = "gdiplus.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")
Region:
id = 3746
start_va = 0x4bf0000
end_va = 0x4d3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004bf0000"
filename = ""
Region:
id = 3747
start_va = 0x4d40000
end_va = 0x4d7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d40000"
filename = ""
Region:
id = 3748
start_va = 0x550000
end_va = 0x56bfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "gdipfontcachev1.dat"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\gdipfontcachev1.dat")
Region:
id = 3749
start_va = 0x4280000
end_va = 0x42bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004280000"
filename = ""
Region:
id = 3750
start_va = 0x4e70000
end_va = 0x4f6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e70000"
filename = ""
Region:
id = 3751
start_va = 0x7efaa000
end_va = 0x7efacfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efaa000"
filename = ""
Region:
id = 3752
start_va = 0x4bf0000
end_va = 0x4ceffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004bf0000"
filename = ""
Region:
id = 3753
start_va = 0x4d30000
end_va = 0x4d3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d30000"
filename = ""
Region:
id = 3754
start_va = 0x20d0000
end_va = 0x217afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tahoma.ttf"
filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf")
Region:
id = 3755
start_va = 0x20d0000
end_va = 0x217afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tahoma.ttf"
filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf")
Region:
id = 3756
start_va = 0x4f70000
end_va = 0x6418fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msjh.ttf"
filename = "\\Windows\\Fonts\\msjh.ttf" (normalized: "c:\\windows\\fonts\\msjh.ttf")
Region:
id = 3757
start_va = 0x4f70000
end_va = 0x6418fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msjh.ttf"
filename = "\\Windows\\Fonts\\msjh.ttf" (normalized: "c:\\windows\\fonts\\msjh.ttf")
Region:
id = 3758
start_va = 0x4f70000
end_va = 0x6432fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msyh.ttf"
filename = "\\Windows\\Fonts\\msyh.ttf" (normalized: "c:\\windows\\fonts\\msyh.ttf")
Region:
id = 3759
start_va = 0x4f70000
end_va = 0x6432fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msyh.ttf"
filename = "\\Windows\\Fonts\\msyh.ttf" (normalized: "c:\\windows\\fonts\\msyh.ttf")
Region:
id = 3760
start_va = 0x4f70000
end_va = 0x5392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "malgun.ttf"
filename = "\\Windows\\Fonts\\malgun.ttf" (normalized: "c:\\windows\\fonts\\malgun.ttf")
Region:
id = 3761
start_va = 0x4f70000
end_va = 0x5392fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "malgun.ttf"
filename = "\\Windows\\Fonts\\malgun.ttf" (normalized: "c:\\windows\\fonts\\malgun.ttf")
Region:
id = 3762
start_va = 0x20d0000
end_va = 0x216ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "micross.ttf"
filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf")
Region:
id = 3763
start_va = 0x20d0000
end_va = 0x216ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "micross.ttf"
filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf")
Region:
id = 3764
start_va = 0x7a0000
end_va = 0x81efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeui.ttf"
filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf")
Region:
id = 3765
start_va = 0x820000
end_va = 0x82ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000820000"
filename = ""
Region:
id = 3766
start_va = 0x7a0000
end_va = 0x81efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeui.ttf"
filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf")
Region:
id = 3767
start_va = 0x4f70000
end_va = 0x516ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004f70000"
filename = ""
Region:
id = 3768
start_va = 0x4d80000
end_va = 0x4e4bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "times.ttf"
filename = "\\Windows\\Fonts\\times.ttf" (normalized: "c:\\windows\\fonts\\times.ttf")
Region:
id = 3769
start_va = 0x4d80000
end_va = 0x4e4bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "times.ttf"
filename = "\\Windows\\Fonts\\times.ttf" (normalized: "c:\\windows\\fonts\\times.ttf")
Region:
id = 3770
start_va = 0x4d80000
end_va = 0x4e4dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "timesbd.ttf"
filename = "\\Windows\\Fonts\\timesbd.ttf" (normalized: "c:\\windows\\fonts\\timesbd.ttf")
Region:
id = 3771
start_va = 0x4d80000
end_va = 0x4e4dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "timesbd.ttf"
filename = "\\Windows\\Fonts\\timesbd.ttf" (normalized: "c:\\windows\\fonts\\timesbd.ttf")
Region:
id = 3772
start_va = 0x20d0000
end_va = 0x2171fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "timesi.ttf"
filename = "\\Windows\\Fonts\\timesi.ttf" (normalized: "c:\\windows\\fonts\\timesi.ttf")
Region:
id = 3773
start_va = 0x20d0000
end_va = 0x2171fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "timesi.ttf"
filename = "\\Windows\\Fonts\\timesi.ttf" (normalized: "c:\\windows\\fonts\\timesi.ttf")
Region:
id = 3774
start_va = 0x20d0000
end_va = 0x2167fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "timesbi.ttf"
filename = "\\Windows\\Fonts\\timesbi.ttf" (normalized: "c:\\windows\\fonts\\timesbi.ttf")
Region:
id = 3775
start_va = 0x20d0000
end_va = 0x2167fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "timesbi.ttf"
filename = "\\Windows\\Fonts\\timesbi.ttf" (normalized: "c:\\windows\\fonts\\timesbi.ttf")
Region:
id = 3776
start_va = 0x550000
end_va = 0x55ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000550000"
filename = ""
Region:
id = 3777
start_va = 0x550000
end_va = 0x5b1fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorrc.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll")
Region:
id = 3778
start_va = 0x760000
end_va = 0x76ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000760000"
filename = ""
Region:
id = 3779
start_va = 0x770000
end_va = 0x77ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000770000"
filename = ""
Region:
id = 3780
start_va = 0x780000
end_va = 0x78ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000780000"
filename = ""
Region:
id = 3781
start_va = 0x6f3b0000
end_va = 0x6f591fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "microsoft.visualbasic.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")
Region:
id = 3782
start_va = 0x7a0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 3783
start_va = 0x7b0000
end_va = 0x7bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007b0000"
filename = ""
Region:
id = 3784
start_va = 0x7c0000
end_va = 0x7cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007c0000"
filename = ""
Region:
id = 3785
start_va = 0x760000
end_va = 0x778fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000760000"
filename = ""
Region:
id = 3786
start_va = 0x780000
end_va = 0x78ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000780000"
filename = ""
Region:
id = 3787
start_va = 0x4d80000
end_va = 0x4e4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d80000"
filename = ""
Region:
id = 3788
start_va = 0x5170000
end_va = 0x5a9ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 3789
start_va = 0x7a0000
end_va = 0x7a0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 3790
start_va = 0x7b0000
end_va = 0x7bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007b0000"
filename = ""
Region:
id = 3791
start_va = 0x7c0000
end_va = 0x7cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007c0000"
filename = ""
Region:
id = 3792
start_va = 0x7d0000
end_va = 0x7dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007d0000"
filename = ""
Region:
id = 3793
start_va = 0x7b0000
end_va = 0x7bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007b0000"
filename = ""
Thread:
id = 121
os_tid = 0x560
[0266.434] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0268.460] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x28eb50 | out: phkResult=0x28eb50*=0x0) returned 0x2
[0268.461] RegCloseKey (hKey=0x80000002) returned 0x0
[0268.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x28edd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77
[0268.495] IsAppThemed () returned 0x1
[0268.502] CoTaskMemAlloc (cb=0xf0) returned 0x2e7cf8
[0268.502] CreateActCtxA (pActCtx=0x28f2f8) returned 0x2e613c
[0268.715] CoTaskMemFree (pv=0x2e7cf8)
[0268.758] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc076
[0268.759] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc077
[0269.980] GetCurrentProcess () returned 0xffffffff
[0269.981] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28ef58 | out: TokenHandle=0x28ef58*=0x1f0) returned 1
[0269.985] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x28ea10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e
[0269.990] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x28ef50 | out: lpFileInformation=0x28ef50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0269.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x28e9dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0269.992] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x28ef58 | out: lpFileInformation=0x28ef58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0269.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x28e978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0269.995] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28ee90) returned 1
[0269.996] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x40
[0269.996] GetFileType (hFile=0x40) returned 0x1
[0269.996] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28ee8c) returned 1
[0269.996] GetFileType (hFile=0x40) returned 0x1
[0270.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x28e1c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43
[0270.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x28e22c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43
[0270.203] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28e46c) returned 1
[0270.203] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x28e730 | out: lpFileInformation=0x28e730*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0270.203] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28e468) returned 1
[0270.355] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x28e5fc | out: pfEnabled=0x28e5fc) returned 0x0
[0270.633] GetFileSize (in: hFile=0x40, lpFileSizeHigh=0x28ef4c | out: lpFileSizeHigh=0x28ef4c*=0x0) returned 0x8c8e
[0270.633] ReadFile (in: hFile=0x40, lpBuffer=0x22b44ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ef08, lpOverlapped=0x0 | out: lpBuffer=0x22b44ec*, lpNumberOfBytesRead=0x28ef08*=0x1000, lpOverlapped=0x0) returned 1
[0270.655] ReadFile (in: hFile=0x40, lpBuffer=0x22b44ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28edb8, lpOverlapped=0x0 | out: lpBuffer=0x22b44ec*, lpNumberOfBytesRead=0x28edb8*=0x1000, lpOverlapped=0x0) returned 1
[0270.657] ReadFile (in: hFile=0x40, lpBuffer=0x22b44ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ec6c, lpOverlapped=0x0 | out: lpBuffer=0x22b44ec*, lpNumberOfBytesRead=0x28ec6c*=0x1000, lpOverlapped=0x0) returned 1
[0270.657] ReadFile (in: hFile=0x40, lpBuffer=0x22b44ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ec6c, lpOverlapped=0x0 | out: lpBuffer=0x22b44ec*, lpNumberOfBytesRead=0x28ec6c*=0x1000, lpOverlapped=0x0) returned 1
[0270.659] ReadFile (in: hFile=0x40, lpBuffer=0x22b44ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ec6c, lpOverlapped=0x0 | out: lpBuffer=0x22b44ec*, lpNumberOfBytesRead=0x28ec6c*=0x1000, lpOverlapped=0x0) returned 1
[0270.659] ReadFile (in: hFile=0x40, lpBuffer=0x22b44ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28eba4, lpOverlapped=0x0 | out: lpBuffer=0x22b44ec*, lpNumberOfBytesRead=0x28eba4*=0x1000, lpOverlapped=0x0) returned 1
[0270.666] ReadFile (in: hFile=0x40, lpBuffer=0x22b44ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ed10, lpOverlapped=0x0 | out: lpBuffer=0x22b44ec*, lpNumberOfBytesRead=0x28ed10*=0x1000, lpOverlapped=0x0) returned 1
[0270.668] ReadFile (in: hFile=0x40, lpBuffer=0x22b44ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ec04, lpOverlapped=0x0 | out: lpBuffer=0x22b44ec*, lpNumberOfBytesRead=0x28ec04*=0x1000, lpOverlapped=0x0) returned 1
[0270.668] ReadFile (in: hFile=0x40, lpBuffer=0x22b44ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ec04, lpOverlapped=0x0 | out: lpBuffer=0x22b44ec*, lpNumberOfBytesRead=0x28ec04*=0xc8e, lpOverlapped=0x0) returned 1
[0270.669] ReadFile (in: hFile=0x40, lpBuffer=0x22b44ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ecc8, lpOverlapped=0x0 | out: lpBuffer=0x22b44ec*, lpNumberOfBytesRead=0x28ecc8*=0x0, lpOverlapped=0x0) returned 1
[0270.669] CloseHandle (hObject=0x40) returned 1
[0270.669] CloseHandle (hObject=0x1f0) returned 1
[0270.670] GetCurrentProcess () returned 0xffffffff
[0270.671] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28f0a4 | out: TokenHandle=0x28f0a4*=0x1f0) returned 1
[0270.671] CloseHandle (hObject=0x1f0) returned 1
[0270.672] GetCurrentProcess () returned 0xffffffff
[0270.672] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28f0a4 | out: TokenHandle=0x28f0a4*=0x1f0) returned 1
[0270.672] CloseHandle (hObject=0x1f0) returned 1
[0270.681] GetCurrentProcess () returned 0xffffffff
[0270.681] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28ef58 | out: TokenHandle=0x28ef58*=0x1f0) returned 1
[0270.682] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe.config" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\zwllfjvv.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x28ef50 | out: lpFileInformation=0x28ef50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0270.682] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe.config", nBufferLength=0x105, lpBuffer=0x28e9dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe.config", lpFilePart=0x0) returned 0x36
[0270.682] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe.config" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\zwllfjvv.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x28ef58 | out: lpFileInformation=0x28ef58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0270.683] CloseHandle (hObject=0x1f0) returned 1
[0270.683] GetCurrentProcess () returned 0xffffffff
[0270.683] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28f0a4 | out: TokenHandle=0x28f0a4*=0x1f0) returned 1
[0270.684] CloseHandle (hObject=0x1f0) returned 1
[0270.685] GetCurrentProcess () returned 0xffffffff
[0270.685] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28f0a4 | out: TokenHandle=0x28f0a4*=0x1f0) returned 1
[0270.686] CloseHandle (hObject=0x1f0) returned 1
[0270.709] GetCurrentProcess () returned 0xffffffff
[0270.710] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28eebc | out: TokenHandle=0x28eebc*=0x1f0) returned 1
[0270.717] CloseHandle (hObject=0x1f0) returned 1
[0270.717] GetCurrentProcess () returned 0xffffffff
[0270.717] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28eed4 | out: TokenHandle=0x28eed4*=0x1f0) returned 1
[0270.724] CloseHandle (hObject=0x1f0) returned 1
[0270.729] GetSystemMetrics (nIndex=75) returned 1
[0270.735] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0
[0270.750] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75db0000
[0270.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AddDllDirectory", cchWideChar=15, lpMultiByteStr=0x28f1a0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AddDllDirectory", lpUsedDefaultChar=0x0) returned 15
[0270.758] GetProcAddress (hModule=0x75db0000, lpProcName="AddDllDirectory") returned 0x76051e91
[0270.758] LoadLibraryExW (lpLibFileName="comctl32.dll", hFile=0x0, dwFlags=0x800) returned 0x6f730000
[0270.843] AdjustWindowRectEx (in: lpRect=0x28f308, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x28f308) returned 1
[0270.849] GetCurrentProcess () returned 0xffffffff
[0270.849] GetCurrentThread () returned 0xfffffffe
[0270.849] GetCurrentProcess () returned 0xffffffff
[0270.850] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x28f220, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x28f220*=0x40) returned 1
[0270.853] GetCurrentThreadId () returned 0x560
[0270.870] GetCurrentActCtx (in: lphActCtx=0x28f180 | out: lphActCtx=0x28f180*=0x0) returned 1
[0270.870] ActivateActCtx (in: hActCtx=0x2e613c, lpCookie=0x28f190 | out: hActCtx=0x2e613c, lpCookie=0x28f190) returned 1
[0270.873] GetModuleHandleW (lpModuleName="user32.dll") returned 0x77500000
[0270.873] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x28f038, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW´pB±S\x03Dþ\x9asLõ(", lpUsedDefaultChar=0x0) returned 14
[0270.873] GetProcAddress (hModule=0x77500000, lpProcName="DefWindowProcW") returned 0x77b725dd
[0270.874] GetStockObject (i=5) returned 0x1900015
[0270.879] GetModuleHandleW (lpModuleName=0x0) returned 0x920000
[0270.883] CoTaskMemAlloc (cb=0x5c) returned 0x2ed090
[0270.883] RegisterClassW (lpWndClass=0x28f028) returned 0xc078
[0270.883] CoTaskMemFree (pv=0x2ed090)
[0270.884] GetModuleHandleW (lpModuleName=0x0) returned 0x920000
[0270.884] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r14_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x920000, lpParam=0x0) returned 0x1005c
[0270.885] SetWindowLongW (hWnd=0x1005c, nIndex=-4, dwNewLong=2008491485) returned 81004758
[0270.886] GetWindowLongW (hWnd=0x1005c, nIndex=-4) returned 2008491485
[0270.892] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x28e93c | out: phkResult=0x28e93c*=0x23c) returned 0x0
[0270.893] RegQueryValueExW (in: hKey=0x23c, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x28e95c, lpData=0x0, lpcbData=0x28e958*=0x0 | out: lpType=0x28e95c*=0x0, lpData=0x0, lpcbData=0x28e958*=0x0) returned 0x2
[0270.893] RegQueryValueExW (in: hKey=0x23c, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x28e95c, lpData=0x0, lpcbData=0x28e958*=0x0 | out: lpType=0x28e95c*=0x0, lpData=0x0, lpcbData=0x28e958*=0x0) returned 0x2
[0270.894] RegCloseKey (hKey=0x23c) returned 0x0
[0270.896] SetWindowLongW (hWnd=0x1005c, nIndex=-4, dwNewLong=81004798) returned 2008491485
[0270.896] GetWindowLongW (hWnd=0x1005c, nIndex=-4) returned 81004798
[0270.896] GetWindowLongW (hWnd=0x1005c, nIndex=-16) returned 113311744
[0270.897] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc079
[0270.898] CallWindowProcW (lpPrevWndFunc=0x77b725dd, hWnd=0x1005c, Msg=0x24, wParam=0x0, lParam=0x28ec14) returned 0x0
[0270.898] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc07a
[0270.898] CallWindowProcW (lpPrevWndFunc=0x77b725dd, hWnd=0x1005c, Msg=0x81, wParam=0x0, lParam=0x28ec08) returned 0x1
[0270.899] CallWindowProcW (lpPrevWndFunc=0x77b725dd, hWnd=0x1005c, Msg=0x83, wParam=0x0, lParam=0x28ebf4) returned 0x0
[0270.899] CallWindowProcW (lpPrevWndFunc=0x77b725dd, hWnd=0x1005c, Msg=0x1, wParam=0x0, lParam=0x28ec08) returned 0x0
[0270.899] GetClientRect (in: hWnd=0x1005c, lpRect=0x28e970 | out: lpRect=0x28e970) returned 1
[0270.900] GetWindowRect (in: hWnd=0x1005c, lpRect=0x28e970 | out: lpRect=0x28e970) returned 1
[0270.901] GetParent (hWnd=0x1005c) returned 0x0
[0270.901] DeactivateActCtx (dwFlags=0x0, ulCookie=0x16260001) returned 1
[0271.047] GetSystemDefaultLCID () returned 0x409
[0271.048] GetStockObject (i=17) returned 0x18a0025
[0271.050] GetObjectW (in: h=0x18a0025, c=92, pv=0x28ee78 | out: pv=0x28ee78) returned 92
[0271.051] GetDC (hWnd=0x0) returned 0x1001018a
[0271.139] GdiplusStartup (in: token=0x166298, input=0x28e440, output=0x28e490 | out: token=0x166298, output=0x28e490) returned 0x0
[0271.168] CoTaskMemAlloc (cb=0x5c) returned 0x2ed090
[0271.169] GdipCreateFontFromLogfontW (hdc=0x1001018a, logfont=0x2ed090, font=0x28ef40) returned 0x0
[0271.334] CoTaskMemFree (pv=0x2ed090)
[0271.335] CoTaskMemAlloc (cb=0x5c) returned 0x2ed090
[0271.335] CoTaskMemFree (pv=0x2ed090)
[0271.336] CoTaskMemAlloc (cb=0x5c) returned 0x2ed090
[0271.336] CoTaskMemFree (pv=0x2ed090)
[0271.337] GdipGetFontUnit (font=0x4d32230, unit=0x28ef08) returned 0x0
[0271.337] GdipGetFontSize (font=0x4d32230, size=0x28ef0c) returned 0x0
[0271.337] GdipGetFontStyle (font=0x4d32230, style=0x28ef04) returned 0x0
[0271.337] GdipGetFamily (font=0x4d32230, family=0x28ef00) returned 0x0
[0271.338] GdipGetFontSize (font=0x4d32230, size=0x22d0ea0) returned 0x0
[0271.339] ReleaseDC (hWnd=0x0, hDC=0x1001018a) returned 1
[0271.339] GetDC (hWnd=0x0) returned 0x1001018a
[0271.341] GdipCreateFromHDC (hdc=0x1001018a, graphics=0x28ef1c) returned 0x0
[0271.343] GdipGetDpiY (graphics=0x4cd9118, dpi=0x22d0f7c) returned 0x0
[0271.343] GdipGetFontHeight (font=0x4d32230, graphics=0x4cd9118, height=0x28ef14) returned 0x0
[0271.344] GdipGetEmHeight (family=0x4d3f358, style=0, EmHeight=0x28ef1c) returned 0x0
[0271.344] GdipGetLineSpacing (family=0x4d3f358, style=0, LineSpacing=0x28ef1c) returned 0x0
[0271.345] GdipDeleteGraphics (graphics=0x4cd9118) returned 0x0
[0271.345] ReleaseDC (hWnd=0x0, hDC=0x1001018a) returned 1
[0271.347] GdipCreateFont (fontFamily=0x4d3f358, emSize=0x41040000, style=0, unit=0x3, font=0x22d0f98) returned 0x0
[0271.347] GdipGetFontSize (font=0x4c925c0, size=0x22d0f9c) returned 0x0
[0271.348] GdipDeleteFont (font=0x4d32230) returned 0x0
[0271.350] GetDC (hWnd=0x0) returned 0x1001018a
[0271.350] GdipCreateFromHDC (hdc=0x1001018a, graphics=0x28ef90) returned 0x0
[0271.350] GdipGetFontHeight (font=0x4c925c0, graphics=0x4cd9118, height=0x28ef88) returned 0x0
[0271.350] GdipDeleteGraphics (graphics=0x4cd9118) returned 0x0
[0271.350] ReleaseDC (hWnd=0x0, hDC=0x1001018a) returned 1
[0271.351] GetSystemMetrics (nIndex=5) returned 1
[0271.351] GetSystemMetrics (nIndex=6) returned 1
[0271.352] AdjustWindowRectEx (in: lpRect=0x28f0b8, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x28f0b8) returned 1
[0271.358] AdjustWindowRectEx (in: lpRect=0x28f0bc, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28f0bc) returned 1
[0271.359] AdjustWindowRectEx (in: lpRect=0x28f0b8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28f0b8) returned 1
[0271.360] AdjustWindowRectEx (in: lpRect=0x28f0b8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28f0b8) returned 1
[0271.363] GetDC (hWnd=0x0) returned 0x1401007f
[0271.363] GdipCreateFromHDC (hdc=0x1401007f, graphics=0x28ef90) returned 0x0
[0271.363] GdipGetFontHeight (font=0x4c925c0, graphics=0x4cd9118, height=0x28ef88) returned 0x0
[0271.363] GdipDeleteGraphics (graphics=0x4cd9118) returned 0x0
[0271.363] ReleaseDC (hWnd=0x0, hDC=0x1401007f) returned 1
[0271.363] GetSystemMetrics (nIndex=5) returned 1
[0271.363] GetSystemMetrics (nIndex=6) returned 1
[0271.363] AdjustWindowRectEx (in: lpRect=0x28f0b8, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x28f0b8) returned 1
[0271.366] AdjustWindowRectEx (in: lpRect=0x28f0c0, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28f0c0) returned 1
[0271.366] AdjustWindowRectEx (in: lpRect=0x28f0c0, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28f0c0) returned 1
[0271.367] AdjustWindowRectEx (in: lpRect=0x28f0c0, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28f0c0) returned 1
[0271.371] GetSystemMetrics (nIndex=5) returned 1
[0271.371] GetSystemMetrics (nIndex=6) returned 1
[0271.372] AdjustWindowRectEx (in: lpRect=0x28f01c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x28f01c) returned 1
[0271.376] GetSystemMetrics (nIndex=5) returned 1
[0271.376] GetSystemMetrics (nIndex=6) returned 1
[0271.376] AdjustWindowRectEx (in: lpRect=0x28efb4, dwStyle=0x56010044, bMenu=0, dwExStyle=0x200 | out: lpRect=0x28efb4) returned 1
[0271.378] AdjustWindowRectEx (in: lpRect=0x28efb4, dwStyle=0x56010044, bMenu=0, dwExStyle=0x200 | out: lpRect=0x28efb4) returned 1
[0271.383] AdjustWindowRectEx (in: lpRect=0x28f01c, dwStyle=0x56010044, bMenu=0, dwExStyle=0x200 | out: lpRect=0x28f01c) returned 1
[0271.388] GdipCreateFontFamilyFromName (name="Times New Roman", fontCollection=0x0, fontFamily=0x28f098) returned 0x0
[0271.389] GdipCreateFont (fontFamily=0x4c0e238, emSize=0x41900000, style=0, unit=0x3, font=0x22d1e94) returned 0x0
[0271.447] GdipGetFontSize (font=0x4d32230, size=0x22d1e98) returned 0x0
[0271.449] AdjustWindowRectEx (in: lpRect=0x28f01c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28f01c) returned 1
[0271.457] GetProcessWindowStation () returned 0x60
[0271.460] GetUserObjectInformationA (in: hObj=0x60, nIndex=1, pvInfo=0x22d25dc, nLength=0xc, lpnLengthNeeded=0x28eef8 | out: pvInfo=0x22d25dc, lpnLengthNeeded=0x28eef8) returned 1
[0271.462] SetConsoleCtrlHandler (HandlerRoutine=0x4d40926, Add=1) returned 1
[0271.463] GetModuleHandleW (lpModuleName=0x0) returned 0x920000
[0271.463] GetModuleHandleW (lpModuleName=0x0) returned 0x920000
[0271.465] GetClassInfoW (in: hInstance=0x920000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWndClass=0x22d2640 | out: lpWndClass=0x22d2640) returned 0
[0271.467] CoTaskMemAlloc (cb=0x58) returned 0x309040
[0271.467] RegisterClassW (lpWndClass=0x28ee48) returned 0xc07b
[0271.467] CoTaskMemFree (pv=0x309040)
[0271.468] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x920000, lpParam=0x0) returned 0x10062
[0271.468] NtdllDefWindowProc_W () returned 0x1
[0271.469] NtdllDefWindowProc_W () returned 0x0
[0271.470] NtdllDefWindowProc_W () returned 0x0
[0271.470] NtdllDefWindowProc_W () returned 0x0
[0271.470] NtdllDefWindowProc_W () returned 0x0
[0271.473] GetSysColor (nIndex=10) returned 0xb4b4b4
[0271.473] GetSysColor (nIndex=2) returned 0xd1b499
[0271.473] GetSysColor (nIndex=9) returned 0x0
[0271.473] GetSysColor (nIndex=12) returned 0xababab
[0271.473] GetSysColor (nIndex=15) returned 0xf0f0f0
[0271.473] GetSysColor (nIndex=20) returned 0xffffff
[0271.473] GetSysColor (nIndex=16) returned 0xa0a0a0
[0271.473] GetSysColor (nIndex=15) returned 0xf0f0f0
[0271.473] GetSysColor (nIndex=16) returned 0xa0a0a0
[0271.474] GetSysColor (nIndex=21) returned 0x696969
[0271.474] GetSysColor (nIndex=22) returned 0xe3e3e3
[0271.474] GetSysColor (nIndex=20) returned 0xffffff
[0271.474] GetSysColor (nIndex=18) returned 0x0
[0271.474] GetSysColor (nIndex=1) returned 0x0
[0271.474] GetSysColor (nIndex=27) returned 0xead1b9
[0271.474] GetSysColor (nIndex=28) returned 0xf2e4d7
[0271.474] GetSysColor (nIndex=17) returned 0x6d6d6d
[0271.474] GetSysColor (nIndex=13) returned 0xff9933
[0271.474] GetSysColor (nIndex=14) returned 0xffffff
[0271.474] GetSysColor (nIndex=26) returned 0xcc6600
[0271.474] GetSysColor (nIndex=11) returned 0xfcf7f4
[0271.474] GetSysColor (nIndex=3) returned 0xdbcdbf
[0271.474] GetSysColor (nIndex=19) returned 0x544e43
[0271.474] GetSysColor (nIndex=24) returned 0xe1ffff
[0271.474] GetSysColor (nIndex=23) returned 0x0
[0271.474] GetSysColor (nIndex=4) returned 0xf0f0f0
[0271.477] GetSysColor (nIndex=30) returned 0xf0f0f0
[0271.477] GetSysColor (nIndex=29) returned 0xff9933
[0271.477] GetSysColor (nIndex=7) returned 0x0
[0271.477] GetSysColor (nIndex=0) returned 0xc8c8c8
[0271.477] GetSysColor (nIndex=5) returned 0xffffff
[0271.477] GetSysColor (nIndex=6) returned 0x646464
[0271.477] GetSysColor (nIndex=8) returned 0x0
[0271.477] AdjustWindowRectEx (in: lpRect=0x28f01c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28f01c) returned 1
[0271.494] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x28f098) returned 0x0
[0271.495] GdipCreateFont (fontFamily=0x4d3f358, emSize=0x41040000, style=1, unit=0x3, font=0x22d3c94) returned 0x0
[0271.495] GdipGetFontSize (font=0x4c415c0, size=0x22d3c98) returned 0x0
[0271.503] AdjustWindowRectEx (in: lpRect=0x28f048, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28f048) returned 1
[0271.503] AdjustWindowRectEx (in: lpRect=0x28f048, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28f048) returned 1
[0271.508] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x28f098) returned 0x0
[0271.509] GdipCreateFont (fontFamily=0x4d3f358, emSize=0x41040000, style=1, unit=0x3, font=0x22d3f6c) returned 0x0
[0271.509] GdipGetFontSize (font=0x4c415e8, size=0x22d3f70) returned 0x0
[0271.511] AdjustWindowRectEx (in: lpRect=0x28f048, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28f048) returned 1
[0271.511] AdjustWindowRectEx (in: lpRect=0x28f048, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28f048) returned 1
[0271.514] GetSystemMetrics (nIndex=5) returned 1
[0271.514] GetSystemMetrics (nIndex=6) returned 1
[0271.514] AdjustWindowRectEx (in: lpRect=0x28f01c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x28f01c) returned 1
[0271.514] GetSystemMetrics (nIndex=5) returned 1
[0271.514] GetSystemMetrics (nIndex=6) returned 1
[0271.514] AdjustWindowRectEx (in: lpRect=0x28efb4, dwStyle=0x56010044, bMenu=0, dwExStyle=0x200 | out: lpRect=0x28efb4) returned 1
[0271.514] AdjustWindowRectEx (in: lpRect=0x28efb4, dwStyle=0x56010044, bMenu=0, dwExStyle=0x200 | out: lpRect=0x28efb4) returned 1
[0271.514] AdjustWindowRectEx (in: lpRect=0x28f01c, dwStyle=0x56010044, bMenu=0, dwExStyle=0x200 | out: lpRect=0x28f01c) returned 1
[0271.514] AdjustWindowRectEx (in: lpRect=0x28f048, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28f048) returned 1
[0271.517] AdjustWindowRectEx (in: lpRect=0x28f034, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28f034) returned 1
[0271.521] AdjustWindowRectEx (in: lpRect=0x28f048, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28f048) returned 1
[0271.521] AdjustWindowRectEx (in: lpRect=0x28f048, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28f048) returned 1
[0271.521] AdjustWindowRectEx (in: lpRect=0x28f048, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28f048) returned 1
[0271.521] AdjustWindowRectEx (in: lpRect=0x28f048, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28f048) returned 1
[0271.613] EtwEventRegister () returned 0x0
[0271.619] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28eb24) returned 1
[0271.619] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\zwLLFjVv.exe.config" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\zwllfjvv.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x28ede8 | out: lpFileInformation=0x28ede8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0271.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28eb20) returned 1
[0272.356] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x18200, lpName=0x0) returned 0x248
[0272.357] memcpy (in: _Dst=0x760000, _Src=0x32a9560, _Size=0x18200 | out: _Dst=0x760000) returned 0x760000
[0272.358] CloseHandle (hObject=0x248) returned 1
[0272.551] AdjustWindowRectEx (in: lpRect=0x28f07c, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x28f07c) returned 1
[0272.551] GetSystemMetrics (nIndex=59) returned 1460
[0272.551] GetSystemMetrics (nIndex=60) returned 920
[0272.551] GetSystemMetrics (nIndex=34) returned 132
[0272.551] GetSystemMetrics (nIndex=35) returned 38
[0272.551] AdjustWindowRectEx (in: lpRect=0x28ef7c, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x28ef7c) returned 1
[0272.552] GetCurrentThreadId () returned 0x560
[0272.552] GetCurrentThreadId () returned 0x560
[0272.558] GetCurrentThreadId () returned 0x560
[0272.558] GetCurrentThreadId () returned 0x560
[0272.558] GetCurrentThreadId () returned 0x560
[0272.558] GetCurrentThreadId () returned 0x560
[0272.558] GetCurrentThreadId () returned 0x560
[0272.558] GetCurrentThreadId () returned 0x560
[0272.559] AdjustWindowRectEx (in: lpRect=0x28ee74, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28ee74) returned 1
[0272.567] GdipGetFamilyName (in: family=0x4c0e238, name=0x28ed60, language=0x409 | out: name="Times New Roman") returned 0x0
[0272.568] CreateCompatibleDC (hdc=0x0) returned 0x2a0101c4
[0272.570] GetCurrentObject (hdc=0x2a0101c4, type=0x1) returned 0x1b00017
[0272.570] GetCurrentObject (hdc=0x2a0101c4, type=0x2) returned 0x1900010
[0272.570] GetCurrentObject (hdc=0x2a0101c4, type=0x7) returned 0x185000f
[0272.570] GetCurrentObject (hdc=0x2a0101c4, type=0x6) returned 0x18a002e
[0272.572] SaveDC (hdc=0x2a0101c4) returned 1
[0272.574] GetDeviceCaps (hdc=0x2a0101c4, index=90) returned 96
[0272.575] CoTaskMemAlloc (cb=0x5c) returned 0x2ed090
[0272.575] CreateFontIndirectW (lplf=0x2ed090) returned 0x2a0a017e
[0272.575] CoTaskMemFree (pv=0x2ed090)
[0272.576] GetObjectW (in: h=0x2a0a017e, c=92, pv=0x28ed24 | out: pv=0x28ed24) returned 92
[0272.578] GetCurrentObject (hdc=0x2a0101c4, type=0x6) returned 0x18a002e
[0272.578] GetObjectW (in: h=0x18a002e, c=92, pv=0x28ec8c | out: pv=0x28ec8c) returned 92
[0272.580] SelectObject (hdc=0x2a0101c4, h=0x2a0a017e) returned 0x18a002e
[0272.581] GetMapMode (hdc=0x2a0101c4) returned 1
[0272.581] GetTextMetricsW (in: hdc=0x2a0101c4, lptm=0x28ed54 | out: lptm=0x28ed54) returned 1
[0272.588] DrawTextExW (in: hdc=0x2a0101c4, lpchText="Login System", cchText=12, lprc=0x28ee60, format=0x2400, lpdtp=0x231ddf4 | out: lpchText="Login System", lprc=0x28ee60) returned 27
[0272.773] GetCurrentThreadId () returned 0x560
[0272.773] GetCurrentThreadId () returned 0x560
[0272.773] GetCurrentThreadId () returned 0x560
[0272.773] GetCurrentThreadId () returned 0x560
[0272.774] GetCurrentThreadId () returned 0x560
[0272.774] GetCurrentThreadId () returned 0x560
[0272.774] GetCurrentThreadId () returned 0x560
[0272.774] GetCurrentThreadId () returned 0x560
[0272.845] CreateCompatibleDC (hdc=0x0) returned 0x9010181
[0272.846] GetDC (hWnd=0x0) returned 0x1401007f
[0272.847] GdipCreateFromHDC (hdc=0x1401007f, graphics=0x28ee94) returned 0x0
[0272.847] CoTaskMemAlloc (cb=0x5c) returned 0x2ed090
[0272.847] GdipGetLogFontW (font=0x4c925c0, graphics=0x4fc3ca8, logfontW=0x2ed090) returned 0x0
[0272.848] CoTaskMemFree (pv=0x2ed090)
[0272.848] CoTaskMemAlloc (cb=0x5c) returned 0x2ed090
[0272.848] CoTaskMemFree (pv=0x2ed090)
[0272.849] CoTaskMemAlloc (cb=0x5c) returned 0x2ed090
[0272.849] CoTaskMemFree (pv=0x2ed090)
[0272.849] GdipDeleteGraphics (graphics=0x4fc3ca8) returned 0x0
[0272.849] ReleaseDC (hWnd=0x0, hDC=0x1401007f) returned 1
[0272.849] CoTaskMemAlloc (cb=0x5c) returned 0x2ed090
[0272.849] CreateFontIndirectW (lplf=0x2ed090) returned 0xf0a017d
[0272.850] CoTaskMemFree (pv=0x2ed090)
[0272.850] SelectObject (hdc=0x9010181, h=0xf0a017d) returned 0x18a002e
[0272.850] GetTextMetricsW (in: hdc=0x9010181, lptm=0x28efa0 | out: lptm=0x28efa0) returned 1
[0272.851] GetTextExtentPoint32W (in: hdc=0x9010181, lpString="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", c=52, psizl=0x231e718 | out: psizl=0x231e718) returned 1
[0272.851] SelectObject (hdc=0x9010181, h=0x18a002e) returned 0xf0a017d
[0272.852] DeleteDC (hdc=0x9010181) returned 1
[0272.852] AdjustWindowRectEx (in: lpRect=0x28ed08, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x28ed08) returned 1
[0272.852] AdjustWindowRectEx (in: lpRect=0x28ef2c, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x28ef2c) returned 1
[0272.852] AdjustWindowRectEx (in: lpRect=0x28ec80, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x28ec80) returned 1
[0272.852] AdjustWindowRectEx (in: lpRect=0x28ed64, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x28ed64) returned 1
[0272.852] GetSystemMetrics (nIndex=34) returned 132
[0272.852] GetSystemMetrics (nIndex=35) returned 38
[0272.853] AdjustWindowRectEx (in: lpRect=0x28ef1c, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28ef1c) returned 1
[0272.853] AdjustWindowRectEx (in: lpRect=0x28ed80, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28ed80) returned 1
[0272.853] AdjustWindowRectEx (in: lpRect=0x28ef1c, dwStyle=0x56010044, bMenu=0, dwExStyle=0x200 | out: lpRect=0x28ef1c) returned 1
[0272.853] AdjustWindowRectEx (in: lpRect=0x28ed80, dwStyle=0x56010044, bMenu=0, dwExStyle=0x200 | out: lpRect=0x28ed80) returned 1
[0272.853] AdjustWindowRectEx (in: lpRect=0x28ef1c, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28ef1c) returned 1
[0272.853] AdjustWindowRectEx (in: lpRect=0x28ed80, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28ed80) returned 1
[0272.853] AdjustWindowRectEx (in: lpRect=0x28ef1c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28ef1c) returned 1
[0272.854] AdjustWindowRectEx (in: lpRect=0x28ed80, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28ed80) returned 1
[0272.854] AdjustWindowRectEx (in: lpRect=0x28ebd8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28ebd8) returned 1
[0272.854] AdjustWindowRectEx (in: lpRect=0x28ef1c, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28ef1c) returned 1
[0272.854] AdjustWindowRectEx (in: lpRect=0x28ed80, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28ed80) returned 1
[0272.854] AdjustWindowRectEx (in: lpRect=0x28ef1c, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28ef1c) returned 1
[0272.854] AdjustWindowRectEx (in: lpRect=0x28ed80, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28ed80) returned 1
[0272.854] AdjustWindowRectEx (in: lpRect=0x28ef1c, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28ef1c) returned 1
[0272.854] AdjustWindowRectEx (in: lpRect=0x28ed80, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x28ed80) returned 1
[0272.854] AdjustWindowRectEx (in: lpRect=0x28ef1c, dwStyle=0x56010044, bMenu=0, dwExStyle=0x200 | out: lpRect=0x28ef1c) returned 1
[0272.854] AdjustWindowRectEx (in: lpRect=0x28ed80, dwStyle=0x56010044, bMenu=0, dwExStyle=0x200 | out: lpRect=0x28ed80) returned 1
Thread:
id = 187
os_tid = 0x758
Thread:
id = 188
os_tid = 0x75c
[0266.619] CoGetContextToken (in: pToken=0x451f99c | out: pToken=0x451f99c) returned 0x800401f0
[0266.621] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
Thread:
id = 189
os_tid = 0x760
Thread:
id = 190
os_tid = 0x76c
Process:
id = "11"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x2510b000"
os_pid = "0x344"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "rpc_server"
parent_id = "9"
os_parent_pid = "0x1bc"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000dd0a" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 3167
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 3168
start_va = 0x20000
end_va = 0x20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "svchost.exe.mui"
filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui")
Region:
id = 3169
start_va = 0x30000
end_va = 0x33fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 3170
start_va = 0x40000
end_va = 0x40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 3171
start_va = 0x50000
end_va = 0x50fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 3172
start_va = 0x60000
end_va = 0x60fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 3173
start_va = 0x70000
end_va = 0x70fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000070000"
filename = ""
Region:
id = 3174
start_va = 0x80000
end_va = 0x80fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000080000"
filename = ""
Region:
id = 3175
start_va = 0x90000
end_va = 0x10ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000090000"
filename = ""
Region:
id = 3176
start_va = 0x110000
end_va = 0x176fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 3177
start_va = 0x180000
end_va = 0x180fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000180000"
filename = ""
Region:
id = 3178
start_va = 0x190000
end_va = 0x19afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui")
Region:
id = 3179
start_va = 0x1a0000
end_va = 0x1acfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "setupapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui")
Region:
id = 3180
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "taskcomp.dll.mui"
filename = "\\Windows\\System32\\en-US\\taskcomp.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\taskcomp.dll.mui")
Region:
id = 3181
start_va = 0x1c0000
end_va = 0x1c9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "schedsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\schedsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\schedsvc.dll.mui")
Region:
id = 3182
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 3183
start_va = 0x1e0000
end_va = 0x1effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 3184
start_va = 0x1f0000
end_va = 0x1f1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 3185
start_va = 0x200000
end_va = 0x203fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 3186
start_va = 0x210000
end_va = 0x211fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000210000"
filename = ""
Region:
id = 3187
start_va = 0x220000
end_va = 0x223fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 3188
start_va = 0x230000
end_va = 0x23dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "propsys.dll.mui"
filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui")
Region:
id = 3189
start_va = 0x240000
end_va = 0x33ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000240000"
filename = ""
Region:
id = 3190
start_va = 0x340000
end_va = 0x43ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000340000"
filename = ""
Region:
id = 3191
start_va = 0x440000
end_va = 0x5c7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000440000"
filename = ""
Region:
id = 3192
start_va = 0x5d0000
end_va = 0x750fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005d0000"
filename = ""
Region:
id = 3193
start_va = 0x760000
end_va = 0x81ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000760000"
filename = ""
Region:
id = 3194
start_va = 0x820000
end_va = 0x84ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000e.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db")
Region:
id = 3195
start_va = 0x880000
end_va = 0x88ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000880000"
filename = ""
Region:
id = 3196
start_va = 0x8c0000
end_va = 0x93ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 3197
start_va = 0x980000
end_va = 0x9fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000980000"
filename = ""
Region:
id = 3198
start_va = 0xa00000
end_va = 0xa7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a00000"
filename = ""
Region:
id = 3199
start_va = 0xa80000
end_va = 0xae5fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db")
Region:
id = 3200
start_va = 0xaf0000
end_va = 0xb6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000af0000"
filename = ""
Region:
id = 3201
start_va = 0xb70000
end_va = 0xbeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b70000"
filename = ""
Region:
id = 3202
start_va = 0xbf0000
end_va = 0xc6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000bf0000"
filename = ""
Region:
id = 3203
start_va = 0xc80000
end_va = 0xcfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c80000"
filename = ""
Region:
id = 3204
start_va = 0xd00000
end_va = 0xfcefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 3205
start_va = 0xfe0000
end_va = 0x105ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000fe0000"
filename = ""
Region:
id = 3206
start_va = 0x1060000
end_va = 0x10dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001060000"
filename = ""
Region:
id = 3207
start_va = 0x1150000
end_va = 0x11cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001150000"
filename = ""
Region:
id = 3208
start_va = 0x1230000
end_va = 0x12affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001230000"
filename = ""
Region:
id = 3209
start_va = 0x12b0000
end_va = 0x132ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000012b0000"
filename = ""
Region:
id = 3210
start_va = 0x1340000
end_va = 0x13bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001340000"
filename = ""
Region:
id = 3211
start_va = 0x1400000
end_va = 0x147ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001400000"
filename = ""
Region:
id = 3212
start_va = 0x14e0000
end_va = 0x155ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 3213
start_va = 0x1570000
end_va = 0x15effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 3214
start_va = 0x1680000
end_va = 0x16fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001680000"
filename = ""
Region:
id = 3215
start_va = 0x1710000
end_va = 0x178ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001710000"
filename = ""
Region:
id = 3216
start_va = 0x1790000
end_va = 0x188ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001790000"
filename = ""
Region:
id = 3217
start_va = 0x1890000
end_va = 0x190ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001890000"
filename = ""
Region:
id = 3218
start_va = 0x1920000
end_va = 0x199ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001920000"
filename = ""
Region:
id = 3219
start_va = 0x19b0000
end_va = 0x1a2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000019b0000"
filename = ""
Region:
id = 3220
start_va = 0x1ad0000
end_va = 0x1b4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ad0000"
filename = ""
Region:
id = 3221
start_va = 0x1c10000
end_va = 0x1c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001c10000"
filename = ""
Region:
id = 3222
start_va = 0x1c90000
end_va = 0x1d8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001c90000"
filename = ""
Region:
id = 3223
start_va = 0x77740000
end_va = 0x77839fff
monitored = 0
entry_point = 0x7775a2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 3224
start_va = 0x77840000
end_va = 0x7795efff
monitored = 0
entry_point = 0x77855340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 3225
start_va = 0x77960000
end_va = 0x77b08fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 3226
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 3227
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 3228
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 3229
start_va = 0xff7c0000
end_va = 0xff7cafff
monitored = 0
entry_point = 0xff7c246c
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 3230
start_va = 0x7fefab40000
end_va = 0x7fefab48fff
monitored = 0
entry_point = 0x7fefab411a0
region_type = mapped_file
name = "tschannel.dll"
filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll")
Region:
id = 3231
start_va = 0x7fefadb0000
end_va = 0x7fefae26fff
monitored = 0
entry_point = 0x7fefadbafd0
region_type = mapped_file
name = "taskcomp.dll"
filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll")
Region:
id = 3232
start_va = 0x7fefae30000
end_va = 0x7fefae3efff
monitored = 0
entry_point = 0x7fefae37e80
region_type = mapped_file
name = "wiarpc.dll"
filename = "\\Windows\\System32\\wiarpc.dll" (normalized: "c:\\windows\\system32\\wiarpc.dll")
Region:
id = 3233
start_va = 0x7fefae40000
end_va = 0x7fefae49fff
monitored = 0
entry_point = 0x7fefae4260c
region_type = mapped_file
name = "ktmw32.dll"
filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll")
Region:
id = 3234
start_va = 0x7fefae50000
end_va = 0x7fefaf61fff
monitored = 0
entry_point = 0x7fefae6f354
region_type = mapped_file
name = "schedsvc.dll"
filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll")
Region:
id = 3235
start_va = 0x7fefaf70000
end_va = 0x7fefaf78fff
monitored = 0
entry_point = 0x7fefaf73668
region_type = mapped_file
name = "fvecerts.dll"
filename = "\\Windows\\System32\\fvecerts.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll")
Region:
id = 3236
start_va = 0x7fefaf80000
end_va = 0x7fefaf88fff
monitored = 0
entry_point = 0x7fefaf81020
region_type = mapped_file
name = "tbs.dll"
filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll")
Region:
id = 3237
start_va = 0x7fefaf90000
end_va = 0x7fefafe5fff
monitored = 0
entry_point = 0x7fefaf91040
region_type = mapped_file
name = "fveapi.dll"
filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll")
Region:
id = 3238
start_va = 0x7fefb010000
end_va = 0x7fefb06dfff
monitored = 0
entry_point = 0x7fefb019024
region_type = mapped_file
name = "shsvcs.dll"
filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll")
Region:
id = 3239
start_va = 0x7fefb370000
end_va = 0x7fefb383fff
monitored = 0
entry_point = 0x7fefb373e64
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 3240
start_va = 0x7fefb3e0000
end_va = 0x7fefb446fff
monitored = 0
entry_point = 0x7fefb3f6060
region_type = mapped_file
name = "es.dll"
filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")
Region:
id = 3241
start_va = 0x7fefb490000
end_va = 0x7fefb49afff
monitored = 0
entry_point = 0x7fefb494f8c
region_type = mapped_file
name = "slc.dll"
filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")
Region:
id = 3242
start_va = 0x7fefb4a0000
end_va = 0x7fefb4abfff
monitored = 0
entry_point = 0x7fefb4a15d8
region_type = mapped_file
name = "dsrole.dll"
filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")
Region:
id = 3243
start_va = 0x7fefb4b0000
end_va = 0x7fefb4bffff
monitored = 0
entry_point = 0x7fefb4b835c
region_type = mapped_file
name = "themeservice.dll"
filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll")
Region:
id = 3244
start_va = 0x7fefb4c0000
end_va = 0x7fefb4d8fff
monitored = 0
entry_point = 0x7fefb4c11a8
region_type = mapped_file
name = "atl.dll"
filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll")
Region:
id = 3245
start_va = 0x7fefb610000
end_va = 0x7fefb646fff
monitored = 0
entry_point = 0x7fefb618424
region_type = mapped_file
name = "profsvc.dll"
filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll")
Region:
id = 3246
start_va = 0x7fefb680000
end_va = 0x7fefb694fff
monitored = 0
entry_point = 0x7fefb6860d8
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 3247
start_va = 0x7fefb6a0000
end_va = 0x7fefb761fff
monitored = 0
entry_point = 0x7fefb6a101c
region_type = mapped_file
name = "gpsvc.dll"
filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll")
Region:
id = 3248
start_va = 0x7fefb820000
end_va = 0x7fefb84cfff
monitored = 0
entry_point = 0x7fefb821010
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 3249
start_va = 0x7fefb9a0000
end_va = 0x7fefb9a8fff
monitored = 0
entry_point = 0x7fefb9a1010
region_type = mapped_file
name = "avrt.dll"
filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll")
Region:
id = 3250
start_va = 0x7fefb9b0000
end_va = 0x7fefb9ccfff
monitored = 0
entry_point = 0x7fefb9b2f18
region_type = mapped_file
name = "mmcss.dll"
filename = "\\Windows\\System32\\mmcss.dll" (normalized: "c:\\windows\\system32\\mmcss.dll")
Region:
id = 3251
start_va = 0x7fefbad0000
end_va = 0x7fefbae4fff
monitored = 0
entry_point = 0x7fefbad1050
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 3252
start_va = 0x7fefbaf0000
end_va = 0x7fefbafbfff
monitored = 0
entry_point = 0x7fefbaf18a4
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 3253
start_va = 0x7fefbb00000
end_va = 0x7fefbb15fff
monitored = 0
entry_point = 0x7fefbb011a0
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 3254
start_va = 0x7fefbc30000
end_va = 0x7fefbc40fff
monitored = 0
entry_point = 0x7fefbc31070
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 3255
start_va = 0x7fefbd90000
end_va = 0x7fefbdc4fff
monitored = 0
entry_point = 0x7fefbd91064
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 3256
start_va = 0x7fefc200000
end_va = 0x7fefc255fff
monitored = 0
entry_point = 0x7fefc20bbc0
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 3257
start_va = 0x7fefc260000
end_va = 0x7fefc38bfff
monitored = 0
entry_point = 0x7fefc2694bc
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 3258
start_va = 0x7fefc390000
end_va = 0x7fefc3acfff
monitored = 0
entry_point = 0x7fefc391ef4
region_type = mapped_file
name = "samlib.dll"
filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll")
Region:
id = 3259
start_va = 0x7fefc3e0000
end_va = 0x7fefc5d3fff
monitored = 0
entry_point = 0x7fefc56c924
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll")
Region:
id = 3260
start_va = 0x7fefca70000
end_va = 0x7fefca7bfff
monitored = 0
entry_point = 0x7fefca71064
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 3261
start_va = 0x7fefcb40000
end_va = 0x7fefcb46fff
monitored = 0
entry_point = 0x7fefcb414b0
region_type = mapped_file
name = "wshtcpip.dll"
filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll")
Region:
id = 3262
start_va = 0x7fefcc00000
end_va = 0x7fefcc0cfff
monitored = 0
entry_point = 0x7fefcc01348
region_type = mapped_file
name = "pcwum.dll"
filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll")
Region:
id = 3263
start_va = 0x7fefcc40000
end_va = 0x7fefcc5afff
monitored = 0
entry_point = 0x7fefcc42068
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 3264
start_va = 0x7fefcc60000
end_va = 0x7fefcc7dfff
monitored = 0
entry_point = 0x7fefcc613b8
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 3265
start_va = 0x7fefcd30000
end_va = 0x7fefcd68fff
monitored = 0
entry_point = 0x7fefcd3c0f0
region_type = mapped_file
name = "ubpm.dll"
filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll")
Region:
id = 3266
start_va = 0x7fefcd70000
end_va = 0x7fefcd79fff
monitored = 0
entry_point = 0x7fefcd73cb8
region_type = mapped_file
name = "credssp.dll"
filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")
Region:
id = 3267
start_va = 0x7fefcea0000
end_va = 0x7fefcee6fff
monitored = 0
entry_point = 0x7fefcea1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 3268
start_va = 0x7fefcf90000
end_va = 0x7fefcfbffff
monitored = 0
entry_point = 0x7fefcf9194c
region_type = mapped_file
name = "logoncli.dll"
filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")
Region:
id = 3269
start_va = 0x7fefd130000
end_va = 0x7fefd136fff
monitored = 0
entry_point = 0x7fefd13142c
region_type = mapped_file
name = "wship6.dll"
filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")
Region:
id = 3270
start_va = 0x7fefd140000
end_va = 0x7fefd194fff
monitored = 0
entry_point = 0x7fefd141054
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 3271
start_va = 0x7fefd1a0000
end_va = 0x7fefd1b7fff
monitored = 0
entry_point = 0x7fefd1a3b48
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 3272
start_va = 0x7fefd2b0000
end_va = 0x7fefd2e1fff
monitored = 0
entry_point = 0x7fefd2b144c
region_type = mapped_file
name = "netjoin.dll"
filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")
Region:
id = 3273
start_va = 0x7fefd370000
end_va = 0x7fefd39efff
monitored = 0
entry_point = 0x7fefd371064
region_type = mapped_file
name = "authz.dll"
filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll")
Region:
id = 3274
start_va = 0x7fefd3c0000
end_va = 0x7fefd3c9fff
monitored = 0
entry_point = 0x7fefd3c3b40
region_type = mapped_file
name = "sysntfy.dll"
filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll")
Region:
id = 3275
start_va = 0x7fefd3d0000
end_va = 0x7fefd43cfff
monitored = 0
entry_point = 0x7fefd3d1010
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 3276
start_va = 0x7fefd460000
end_va = 0x7fefd482fff
monitored = 0
entry_point = 0x7fefd461198
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 3277
start_va = 0x7fefd730000
end_va = 0x7fefd73afff
monitored = 0
entry_point = 0x7fefd731030
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 3278
start_va = 0x7fefd770000
end_va = 0x7fefd794fff
monitored = 0
entry_point = 0x7fefd779658
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 3279
start_va = 0x7fefd7a0000
end_va = 0x7fefd7aefff
monitored = 0
entry_point = 0x7fefd7a1010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 3280
start_va = 0x7fefd7b0000
end_va = 0x7fefd840fff
monitored = 0
entry_point = 0x7fefd7b1440
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")
Region:
id = 3281
start_va = 0x7fefd850000
end_va = 0x7fefd88cfff
monitored = 0
entry_point = 0x7fefd8518f4
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 3282
start_va = 0x7fefd890000
end_va = 0x7fefd8a3fff
monitored = 0
entry_point = 0x7fefd8910e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 3283
start_va = 0x7fefd8b0000
end_va = 0x7fefd8befff
monitored = 0
entry_point = 0x7fefd8b19b0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 3284
start_va = 0x7fefd950000
end_va = 0x7fefd95efff
monitored = 0
entry_point = 0x7fefd951020
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 3285
start_va = 0x7fefd960000
end_va = 0x7fefd99afff
monitored = 0
entry_point = 0x7fefd961324
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 3286
start_va = 0x7fefd9a0000
end_va = 0x7fefda0bfff
monitored = 0
entry_point = 0x7fefd9a2780
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 3287
start_va = 0x7fefda10000
end_va = 0x7fefda29fff
monitored = 0
entry_point = 0x7fefda11558
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 3288
start_va = 0x7fefda30000
end_va = 0x7fefdb9cfff
monitored = 0
entry_point = 0x7fefda310b4
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 3289
start_va = 0x7fefdba0000
end_va = 0x7fefdbd5fff
monitored = 0
entry_point = 0x7fefdba1474
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 3290
start_va = 0x7fefddb0000
end_va = 0x7fefde86fff
monitored = 0
entry_point = 0x7fefddb3274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 3291
start_va = 0x7fefdf10000
end_va = 0x7fefdf1dfff
monitored = 0
entry_point = 0x7fefdf11080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 3292
start_va = 0x7fefdf20000
end_va = 0x7fefdfbefff
monitored = 0
entry_point = 0x7fefdf225a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 3293
start_va = 0x7fefdfc0000
end_va = 0x7fefe0c8fff
monitored = 0
entry_point = 0x7fefdfc1064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 3294
start_va = 0x7fefe0d0000
end_va = 0x7fefe1fcfff
monitored = 0
entry_point = 0x7fefe11ed50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 3295
start_va = 0x7fefe200000
end_va = 0x7fefe298fff
monitored = 0
entry_point = 0x7fefe201c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 3296
start_va = 0x7fefe2a0000
end_va = 0x7feff027fff
monitored = 0
entry_point = 0x7fefe31cebc
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 3297
start_va = 0x7feff030000
end_va = 0x7feff07cfff
monitored = 0
entry_point = 0x7feff031070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 3298
start_va = 0x7feff080000
end_va = 0x7feff0f0fff
monitored = 0
entry_point = 0x7feff091e20
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 3299
start_va = 0x7feff100000
end_va = 0x7feff166fff
monitored = 0
entry_point = 0x7feff10b03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 3300
start_va = 0x7feff170000
end_va = 0x7feff24afff
monitored = 0
entry_point = 0x7feff190760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 3301
start_va = 0x7feff630000
end_va = 0x7feff64efff
monitored = 0
entry_point = 0x7feff6360e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 3302
start_va = 0x7feff650000
end_va = 0x7feff657fff
monitored = 0
entry_point = 0x7feff651504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 3303
start_va = 0x7feff660000
end_va = 0x7feff836fff
monitored = 0
entry_point = 0x7feff661010
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 3304
start_va = 0x7feff860000
end_va = 0x7feffa62fff
monitored = 0
entry_point = 0x7feff883330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 3305
start_va = 0x7feffb10000
end_va = 0x7feffb61fff
monitored = 0
entry_point = 0x7feffb110d4
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 3306
start_va = 0x7feffb70000
end_va = 0x7feffc38fff
monitored = 0
entry_point = 0x7feffbea874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 3307
start_va = 0x7feffc40000
end_va = 0x7feffc6dfff
monitored = 0
entry_point = 0x7feffc41010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 3308
start_va = 0x7feffc80000
end_va = 0x7feffc80fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 3309
start_va = 0x7fffff92000
end_va = 0x7fffff93fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff92000"
filename = ""
Region:
id = 3310
start_va = 0x7fffff94000
end_va = 0x7fffff95fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff94000"
filename = ""
Region:
id = 3311
start_va = 0x7fffff96000
end_va = 0x7fffff97fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff96000"
filename = ""
Region:
id = 3312
start_va = 0x7fffff98000
end_va = 0x7fffff99fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff98000"
filename = ""
Region:
id = 3313
start_va = 0x7fffff9a000
end_va = 0x7fffff9bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9a000"
filename = ""
Region:
id = 3314
start_va = 0x7fffff9c000
end_va = 0x7fffff9dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9c000"
filename = ""
Region:
id = 3315
start_va = 0x7fffff9e000
end_va = 0x7fffff9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9e000"
filename = ""
Region:
id = 3316
start_va = 0x7fffffa0000
end_va = 0x7fffffa1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa0000"
filename = ""
Region:
id = 3317
start_va = 0x7fffffa2000
end_va = 0x7fffffa3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa2000"
filename = ""
Region:
id = 3318
start_va = 0x7fffffa4000
end_va = 0x7fffffa5fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa4000"
filename = ""
Region:
id = 3319
start_va = 0x7fffffa6000
end_va = 0x7fffffa7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa6000"
filename = ""
Region:
id = 3320
start_va = 0x7fffffa8000
end_va = 0x7fffffa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa8000"
filename = ""
Region:
id = 3321
start_va = 0x7fffffaa000
end_va = 0x7fffffabfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffaa000"
filename = ""
Region:
id = 3322
start_va = 0x7fffffac000
end_va = 0x7fffffadfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffac000"
filename = ""
Region:
id = 3323
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Region:
id = 3324
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 3325
start_va = 0x7fffffd4000
end_va = 0x7fffffd5fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd4000"
filename = ""
Region:
id = 3326
start_va = 0x7fffffd6000
end_va = 0x7fffffd6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd6000"
filename = ""
Region:
id = 3327
start_va = 0x7fffffd8000
end_va = 0x7fffffd9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd8000"
filename = ""
Region:
id = 3328
start_va = 0x7fffffda000
end_va = 0x7fffffdbfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffda000"
filename = ""
Region:
id = 3329
start_va = 0x7fffffdc000
end_va = 0x7fffffddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdc000"
filename = ""
Region:
id = 3330
start_va = 0x7fffffde000
end_va = 0x7fffffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Region:
id = 3334
start_va = 0x1b80000
end_va = 0x1bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001b80000"
filename = ""
Region:
id = 3335
start_va = 0x7fef8a70000
end_va = 0x7fef8aa9fff
monitored = 0
entry_point = 0x7fef8a8d020
region_type = mapped_file
name = "wmisvc.dll"
filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll")
Region:
id = 3336
start_va = 0x7fffff90000
end_va = 0x7fffff91fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff90000"
filename = ""
Region:
id = 3337
start_va = 0x7fef8820000
end_va = 0x7fef8896fff
monitored = 0
entry_point = 0x7fef885e7f0
region_type = mapped_file
name = "wbemcomn2.dll"
filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll")
Region:
id = 3338
start_va = 0x7fefd2f0000
end_va = 0x7fefd311fff
monitored = 0
entry_point = 0x7fefd2f5d30
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 3339
start_va = 0x1e60000
end_va = 0x1edffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e60000"
filename = ""
Region:
id = 3340
start_va = 0x7fffff8e000
end_va = 0x7fffff8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8e000"
filename = ""
Region:
id = 3341
start_va = 0x7fef8730000
end_va = 0x7fef876cfff
monitored = 0
entry_point = 0x7fef8731070
region_type = mapped_file
name = "srvsvc.dll"
filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll")
Region:
id = 3342
start_va = 0x7fefb3a0000
end_va = 0x7fefb3c6fff
monitored = 0
entry_point = 0x7fefb3a98bc
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 3343
start_va = 0x7fefb390000
end_va = 0x7fefb39afff
monitored = 0
entry_point = 0x7fefb391198
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 3344
start_va = 0x7fef8700000
end_va = 0x7fef8724fff
monitored = 0
entry_point = 0x7fef8718c54
region_type = mapped_file
name = "browser.dll"
filename = "\\Windows\\System32\\browser.dll" (normalized: "c:\\windows\\system32\\browser.dll")
Region:
id = 3345
start_va = 0x742b0000
end_va = 0x742b1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netmsg.dll"
filename = "\\Windows\\System32\\netmsg.dll" (normalized: "c:\\windows\\system32\\netmsg.dll")
Region:
id = 3346
start_va = 0x850000
end_va = 0x87ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netmsg.dll.mui"
filename = "\\Windows\\System32\\en-US\\netmsg.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netmsg.dll.mui")
Region:
id = 3347
start_va = 0x1a50000
end_va = 0x1acffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001a50000"
filename = ""
Region:
id = 3348
start_va = 0x7fef8470000
end_va = 0x7fef8501fff
monitored = 0
entry_point = 0x7fef84e51ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 3349
start_va = 0x7fffff8c000
end_va = 0x7fffff8dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8c000"
filename = ""
Region:
id = 3350
start_va = 0x7fefca80000
end_va = 0x7fefcb3afff
monitored = 0
entry_point = 0x7fefca86de0
region_type = mapped_file
name = "firewallapi.dll"
filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")
Region:
id = 3351
start_va = 0x7fefb0a0000
end_va = 0x7fefb0f2fff
monitored = 0
entry_point = 0x7fefb0a2b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 3352
start_va = 0x7fefb850000
end_va = 0x7fefb860fff
monitored = 0
entry_point = 0x7fefb8514c0
region_type = mapped_file
name = "rtutils.dll"
filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")
Region:
id = 3353
start_va = 0x7fef82f0000
end_va = 0x7fef8331fff
monitored = 0
entry_point = 0x7fef82f17e4
region_type = mapped_file
name = "sqmapi.dll"
filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll")
Region:
id = 3354
start_va = 0x7fef8190000
end_va = 0x7fef81d6fff
monitored = 0
entry_point = 0x7fef8191040
region_type = mapped_file
name = "wdscore.dll"
filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll")
Region:
id = 3355
start_va = 0x1ee0000
end_va = 0x211ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ee0000"
filename = ""
Region:
id = 3356
start_va = 0x1ee0000
end_va = 0x1fdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ee0000"
filename = ""
Region:
id = 3357
start_va = 0x20a0000
end_va = 0x211ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000020a0000"
filename = ""
Region:
id = 3358
start_va = 0x1ee0000
end_va = 0x1fbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ee0000"
filename = ""
Region:
id = 3359
start_va = 0x1fd0000
end_va = 0x1fdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001fd0000"
filename = ""
Region:
id = 3360
start_va = 0x7fef88c0000
end_va = 0x7fef8a6ffff
monitored = 0
entry_point = 0x7fef88c1010
region_type = mapped_file
name = "vssapi.dll"
filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll")
Region:
id = 3361
start_va = 0x7fefb270000
end_va = 0x7fefb286fff
monitored = 0
entry_point = 0x7fefb271060
region_type = mapped_file
name = "vsstrace.dll"
filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll")
Region:
id = 3362
start_va = 0x850000
end_va = 0x857fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vsstrace.dll.mui"
filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui")
Region:
id = 3363
start_va = 0x21b0000
end_va = 0x222ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021b0000"
filename = ""
Region:
id = 3364
start_va = 0x7fefbab0000
end_va = 0x7fefbac3fff
monitored = 0
entry_point = 0x7fefbab16b4
region_type = mapped_file
name = "samcli.dll"
filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")
Region:
id = 3365
start_va = 0x7fffff8a000
end_va = 0x7fffff8bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8a000"
filename = ""
Region:
id = 3366
start_va = 0x860000
end_va = 0x860fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 3367
start_va = 0x860000
end_va = 0x860fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 3368
start_va = 0x860000
end_va = 0x860fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 3369
start_va = 0x860000
end_va = 0x860fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 3370
start_va = 0x860000
end_va = 0x860fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 3371
start_va = 0x860000
end_va = 0x860fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 3372
start_va = 0x860000
end_va = 0x860fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 3373
start_va = 0x860000
end_va = 0x860fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 3374
start_va = 0x860000
end_va = 0x860fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 3375
start_va = 0x860000
end_va = 0x860fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 3376
start_va = 0x860000
end_va = 0x860fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 3377
start_va = 0x860000
end_va = 0x860fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 3378
start_va = 0x860000
end_va = 0x860fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 3379
start_va = 0x860000
end_va = 0x860fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 3380
start_va = 0x860000
end_va = 0x860fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 3381
start_va = 0x860000
end_va = 0x860fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 3382
start_va = 0x860000
end_va = 0x860fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 3383
start_va = 0x7fef8180000
end_va = 0x7fef8187fff
monitored = 0
entry_point = 0x7fef8181020
region_type = mapped_file
name = "sscore.dll"
filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll")
Region:
id = 3390
start_va = 0x7fef8050000
end_va = 0x7fef817bfff
monitored = 0
entry_point = 0x7fef8100ef0
region_type = mapped_file
name = "wbemcore.dll"
filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll")
Region:
id = 3391
start_va = 0x7fef7fe0000
end_va = 0x7fef8041fff
monitored = 0
entry_point = 0x7fef801bd80
region_type = mapped_file
name = "esscli.dll"
filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll")
Region:
id = 3392
start_va = 0x7fef8210000
end_va = 0x7fef82e2fff
monitored = 0
entry_point = 0x7fef8288b00
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 3393
start_va = 0x7fef81e0000
end_va = 0x7fef8206fff
monitored = 0
entry_point = 0x7fef81e11a0
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")
Region:
id = 3394
start_va = 0x2120000
end_va = 0x22bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002120000"
filename = ""
Region:
id = 3395
start_va = 0x7fef7f90000
end_va = 0x7fef7fdffff
monitored = 0
entry_point = 0x7fef7f91190
region_type = mapped_file
name = "clusapi.dll"
filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll")
Region:
id = 3396
start_va = 0x7fefd440000
end_va = 0x7fefd453fff
monitored = 0
entry_point = 0x7fefd444160
region_type = mapped_file
name = "cryptdll.dll"
filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll")
Region:
id = 3397
start_va = 0x7fef7f70000
end_va = 0x7fef7f88fff
monitored = 0
entry_point = 0x7fef7f71104
region_type = mapped_file
name = "resutils.dll"
filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll")
Region:
id = 3398
start_va = 0x7fef7f50000
end_va = 0x7fef7f62fff
monitored = 0
entry_point = 0x7fef7f51d80
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 3399
start_va = 0x1a30000
end_va = 0x1aaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001a30000"
filename = ""
Region:
id = 3400
start_va = 0x1db0000
end_va = 0x1e2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001db0000"
filename = ""
Region:
id = 3401
start_va = 0x1fe0000
end_va = 0x205ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001fe0000"
filename = ""
Region:
id = 3402
start_va = 0x2300000
end_va = 0x237ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002300000"
filename = ""
Region:
id = 3403
start_va = 0x7fffff88000
end_va = 0x7fffff89fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff88000"
filename = ""
Region:
id = 3404
start_va = 0x7fffff8a000
end_va = 0x7fffff8bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8a000"
filename = ""
Region:
id = 3405
start_va = 0x7fffff86000
end_va = 0x7fffff87fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff86000"
filename = ""
Region:
id = 3406
start_va = 0x7fef7f20000
end_va = 0x7fef7f40fff
monitored = 0
entry_point = 0x7fef7f303b0
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 3407
start_va = 0x2410000
end_va = 0x248ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002410000"
filename = ""
Region:
id = 3408
start_va = 0x7fffff84000
end_va = 0x7fffff85fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff84000"
filename = ""
Region:
id = 3409
start_va = 0x2490000
end_va = 0x26fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002490000"
filename = ""
Region:
id = 3410
start_va = 0x2490000
end_va = 0x262ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002490000"
filename = ""
Region:
id = 3411
start_va = 0x2680000
end_va = 0x26fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 3412
start_va = 0x2120000
end_va = 0x221ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002120000"
filename = ""
Region:
id = 3413
start_va = 0x2240000
end_va = 0x22bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002240000"
filename = ""
Region:
id = 3414
start_va = 0x2700000
end_va = 0x289ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 3415
start_va = 0x2790000
end_va = 0x280ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 3416
start_va = 0x2820000
end_va = 0x289ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 3417
start_va = 0x7fffff82000
end_va = 0x7fffff83fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff82000"
filename = ""
Region:
id = 3418
start_va = 0x7fef7e90000
end_va = 0x7fef7f13fff
monitored = 0
entry_point = 0x7fef7ee1118
region_type = mapped_file
name = "netcfgx.dll"
filename = "\\Windows\\System32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll")
Region:
id = 3419
start_va = 0x10e0000
end_va = 0x113ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010e0000"
filename = ""
Region:
id = 3420
start_va = 0x2490000
end_va = 0x258ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002490000"
filename = ""
Region:
id = 3421
start_va = 0x25b0000
end_va = 0x262ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 3422
start_va = 0x7fefb070000
end_va = 0x7fefb080fff
monitored = 0
entry_point = 0x7fefb0716ac
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 3423
start_va = 0x28a0000
end_va = 0x2a3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000028a0000"
filename = ""
Region:
id = 3424
start_va = 0x7fef7e20000
end_va = 0x7fef7e8afff
monitored = 0
entry_point = 0x7fef7e64344
region_type = mapped_file
name = "hnetcfg.dll"
filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll")
Region:
id = 3425
start_va = 0x2a40000
end_va = 0x2abffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002a40000"
filename = ""
Region:
id = 3426
start_va = 0x7fffff80000
end_va = 0x7fffff81fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff80000"
filename = ""
Region:
id = 3427
start_va = 0x7fef7dc0000
end_va = 0x7fef7e19fff
monitored = 0
entry_point = 0x7fef7dfdde0
region_type = mapped_file
name = "repdrvfs.dll"
filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll")
Region:
id = 3428
start_va = 0x7fefcc80000
end_va = 0x7fefcc91fff
monitored = 0
entry_point = 0x7fefcc81060
region_type = mapped_file
name = "devrtl.dll"
filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll")
Region:
id = 3429
start_va = 0x7fefa8a0000
end_va = 0x7fefa8adfff
monitored = 0
entry_point = 0x7fefa8a5500
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 3430
start_va = 0x28a0000
end_va = 0x299ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000028a0000"
filename = ""
Region:
id = 3431
start_va = 0x2a30000
end_va = 0x2a3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002a30000"
filename = ""
Region:
id = 3432
start_va = 0x7fefaff0000
end_va = 0x7fefb007fff
monitored = 0
entry_point = 0x7fefaff1bf8
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 3433
start_va = 0x2be0000
end_va = 0x2c5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002be0000"
filename = ""
Region:
id = 3434
start_va = 0x7fffff7e000
end_va = 0x7fffff7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff7e000"
filename = ""
Region:
id = 3435
start_va = 0x7fef7cb0000
end_va = 0x7fef7cc9fff
monitored = 0
entry_point = 0x7fef7cc3fbc
region_type = mapped_file
name = "nci.dll"
filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll")
Region:
id = 3436
start_va = 0x2b00000
end_va = 0x2b7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b00000"
filename = ""
Region:
id = 3437
start_va = 0x7fffff7c000
end_va = 0x7fffff7dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff7c000"
filename = ""
Region:
id = 3438
start_va = 0x15f0000
end_va = 0x166ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000015f0000"
filename = ""
Region:
id = 3439
start_va = 0x2c60000
end_va = 0x2cdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002c60000"
filename = ""
Region:
id = 3440
start_va = 0x7fffff78000
end_va = 0x7fffff79fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff78000"
filename = ""
Region:
id = 3441
start_va = 0x7fffff7a000
end_va = 0x7fffff7bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff7a000"
filename = ""
Region:
id = 3442
start_va = 0x2de0000
end_va = 0x2e5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002de0000"
filename = ""
Region:
id = 3443
start_va = 0x7fef9340000
end_va = 0x7fef93b3fff
monitored = 0
entry_point = 0x7fef93466f0
region_type = mapped_file
name = "netprofm.dll"
filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")
Region:
id = 3444
start_va = 0x7fffff76000
end_va = 0x7fffff77fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff76000"
filename = ""
Region:
id = 3445
start_va = 0x7fefcfc0000
end_va = 0x7fefd01afff
monitored = 0
entry_point = 0x7fefcfc6940
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 3446
start_va = 0x2e60000
end_va = 0x304ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002e60000"
filename = ""
Region:
id = 3447
start_va = 0x3050000
end_va = 0x324ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003050000"
filename = ""
Region:
id = 3448
start_va = 0x860000
end_va = 0x860fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 3449
start_va = 0x860000
end_va = 0x860fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 3450
start_va = 0x7fefa950000
end_va = 0x7fefa957fff
monitored = 0
entry_point = 0x7fefa951414
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")
Region:
id = 3451
start_va = 0x860000
end_va = 0x860fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 3452
start_va = 0x3250000
end_va = 0x364ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003250000"
filename = ""
Region:
id = 3454
start_va = 0x7fef7100000
end_va = 0x7fef710bfff
monitored = 0
entry_point = 0x7fef710602c
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 3455
start_va = 0x2d20000
end_va = 0x2d9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002d20000"
filename = ""
Region:
id = 3456
start_va = 0x2f10000
end_va = 0x2f8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002f10000"
filename = ""
Region:
id = 3457
start_va = 0x2fd0000
end_va = 0x304ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002fd0000"
filename = ""
Region:
id = 3458
start_va = 0x7fffff72000
end_va = 0x7fffff73fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff72000"
filename = ""
Region:
id = 3459
start_va = 0x7fffff74000
end_va = 0x7fffff75fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff74000"
filename = ""
Region:
id = 3460
start_va = 0x2e60000
end_va = 0x2edffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002e60000"
filename = ""
Region:
id = 3461
start_va = 0x3750000
end_va = 0x37cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003750000"
filename = ""
Region:
id = 3462
start_va = 0x7fffff6e000
end_va = 0x7fffff6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff6e000"
filename = ""
Region:
id = 3463
start_va = 0x7fffff70000
end_va = 0x7fffff71fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff70000"
filename = ""
Region:
id = 3464
start_va = 0x3800000
end_va = 0x387ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003800000"
filename = ""
Region:
id = 3465
start_va = 0x7fffff6c000
end_va = 0x7fffff6dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff6c000"
filename = ""
Region:
id = 3466
start_va = 0x3880000
end_va = 0x407ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003880000"
filename = ""
Region:
id = 3467
start_va = 0x3670000
end_va = 0x36effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003670000"
filename = ""
Region:
id = 3468
start_va = 0x7fffff6a000
end_va = 0x7fffff6bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff6a000"
filename = ""
Region:
id = 3469
start_va = 0x4200000
end_va = 0x427ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004200000"
filename = ""
Region:
id = 3470
start_va = 0x7fffff68000
end_va = 0x7fffff69fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff68000"
filename = ""
Region:
id = 3471
start_va = 0x4290000
end_va = 0x430ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004290000"
filename = ""
Region:
id = 3472
start_va = 0x7fffff66000
end_va = 0x7fffff67fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff66000"
filename = ""
Region:
id = 3473
start_va = 0x860000
end_va = 0x860fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 3474
start_va = 0x4310000
end_va = 0x52dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004310000"
filename = ""
Region:
id = 3475
start_va = 0x4080000
end_va = 0x417ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004080000"
filename = ""
Region:
id = 3476
start_va = 0x7fef7040000
end_va = 0x7fef70f4fff
monitored = 0
entry_point = 0x7fef70bcf80
region_type = mapped_file
name = "wmiprvsd.dll"
filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll")
Region:
id = 3477
start_va = 0x7fef7020000
end_va = 0x7fef7031fff
monitored = 0
entry_point = 0x7fef70289d0
region_type = mapped_file
name = "ncobjapi.dll"
filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")
Region:
id = 3478
start_va = 0x860000
end_va = 0x860fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000860000"
filename = ""
Region:
id = 3479
start_va = 0x4180000
end_va = 0x41fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004180000"
filename = ""
Region:
id = 3480
start_va = 0x7fffff64000
end_va = 0x7fffff65fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff64000"
filename = ""
Region:
id = 3481
start_va = 0x7fef6fa0000
end_va = 0x7fef7010fff
monitored = 0
entry_point = 0x7fef6fe51d0
region_type = mapped_file
name = "wbemess.dll"
filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll")
Region:
id = 3482
start_va = 0x5300000
end_va = 0x537ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005300000"
filename = ""
Region:
id = 3483
start_va = 0x7fffff62000
end_va = 0x7fffff63fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff62000"
filename = ""
Region:
id = 3594
start_va = 0x53e0000
end_va = 0x545ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000053e0000"
filename = ""
Region:
id = 3595
start_va = 0x54a0000
end_va = 0x551ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000054a0000"
filename = ""
Region:
id = 3596
start_va = 0x5580000
end_va = 0x55fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005580000"
filename = ""
Region:
id = 3597
start_va = 0x5700000
end_va = 0x577ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005700000"
filename = ""
Region:
id = 3598
start_va = 0x7fffff5a000
end_va = 0x7fffff5bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff5a000"
filename = ""
Region:
id = 3599
start_va = 0x7fffff5c000
end_va = 0x7fffff5dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff5c000"
filename = ""
Region:
id = 3600
start_va = 0x7fffff5e000
end_va = 0x7fffff5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff5e000"
filename = ""
Region:
id = 3601
start_va = 0x7fffff60000
end_va = 0x7fffff61fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff60000"
filename = ""
Region:
id = 3606
start_va = 0x890000
end_va = 0x8a5fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000890000"
filename = ""
Region:
id = 3633
start_va = 0x890000
end_va = 0x8abfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "firewallapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\FirewallAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\firewallapi.dll.mui")
Region:
id = 3695
start_va = 0x870000
end_va = 0x87ffff
monitored = 0
entry_point = 0x873e64
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 3696
start_va = 0x8b0000
end_va = 0x8b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "stdole2.tlb"
filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb")
Region:
id = 3794
start_va = 0x870000
end_va = 0x87ffff
monitored = 0
entry_point = 0x873e64
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 3795
start_va = 0x8b0000
end_va = 0x8b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "stdole2.tlb"
filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb")
Region:
id = 3796
start_va = 0x870000
end_va = 0x87ffff
monitored = 0
entry_point = 0x873e64
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 3797
start_va = 0x8b0000
end_va = 0x8b3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "stdole2.tlb"
filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb")
Region:
id = 3799
start_va = 0x7fef5910000
end_va = 0x7fef59fdfff
monitored = 0
entry_point = 0x7fef59112a0
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Thread:
id = 122
os_tid = 0x46c
Thread:
id = 123
os_tid = 0x444
Thread:
id = 124
os_tid = 0x440
Thread:
id = 125
os_tid = 0x43c
Thread:
id = 126
os_tid = 0x438
Thread:
id = 127
os_tid = 0x140
Thread:
id = 128
os_tid = 0x340
Thread:
id = 129
os_tid = 0x430
Thread:
id = 130
os_tid = 0x428
Thread:
id = 131
os_tid = 0x134
Thread:
id = 132
os_tid = 0x3fc
Thread:
id = 133
os_tid = 0x3dc
Thread:
id = 134
os_tid = 0x3c0
Thread:
id = 135
os_tid = 0x3bc
Thread:
id = 136
os_tid = 0x364
Thread:
id = 137
os_tid = 0x358
Thread:
id = 138
os_tid = 0x354
Thread:
id = 139
os_tid = 0x350
Thread:
id = 140
os_tid = 0x34c
Thread:
id = 141
os_tid = 0x348
Thread:
id = 142
os_tid = 0x5dc
Thread:
id = 143
os_tid = 0x5fc
Thread:
id = 144
os_tid = 0x614
Thread:
id = 145
os_tid = 0x61c
Thread:
id = 146
os_tid = 0x628
Thread:
id = 147
os_tid = 0x62c
Thread:
id = 148
os_tid = 0x634
Thread:
id = 149
os_tid = 0x638
Thread:
id = 150
os_tid = 0x640
Thread:
id = 151
os_tid = 0x64c
Thread:
id = 152
os_tid = 0x650
Thread:
id = 153
os_tid = 0x654
Thread:
id = 154
os_tid = 0x658
Thread:
id = 155
os_tid = 0x65c
Thread:
id = 156
os_tid = 0x660
Thread:
id = 157
os_tid = 0x664
Thread:
id = 158
os_tid = 0x6c4
Thread:
id = 159
os_tid = 0x6c8
Thread:
id = 160
os_tid = 0x6d0
Thread:
id = 161
os_tid = 0x6d4
Thread:
id = 162
os_tid = 0x6d8
Thread:
id = 163
os_tid = 0x6e4
Thread:
id = 164
os_tid = 0x6e8
Thread:
id = 165
os_tid = 0x70c
Thread:
id = 166
os_tid = 0x71c
Thread:
id = 167
os_tid = 0x720
Thread:
id = 168
os_tid = 0x724
Thread:
id = 169
os_tid = 0x728
Thread:
id = 170
os_tid = 0x72c
Thread:
id = 171
os_tid = 0x730
Thread:
id = 191
os_tid = 0x784
Process:
id = "12"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x287b8000"
os_pid = "0x23c"
os_integrity_level = "0x4000"
os_privileges = "0x60b00080"
monitor_reason = "rpc_server"
parent_id = "11"
os_parent_pid = "0x1bc"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k DcomLaunch"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\DcomLaunch" [0xa], "NT SERVICE\\PlugPlay" [0xe], "NT SERVICE\\Power" [0xa], "NT AUTHORITY\\Logon Session 00000000:00007c36" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 3484
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 3485
start_va = 0x20000
end_va = 0x20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "svchost.exe.mui"
filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui")
Region:
id = 3486
start_va = 0x30000
end_va = 0x33fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 3487
start_va = 0x40000
end_va = 0x40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 3488
start_va = 0x50000
end_va = 0xb6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 3489
start_va = 0xc0000
end_va = 0x1bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 3490
start_va = 0x1c0000
end_va = 0x1c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 3491
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 3492
start_va = 0x1e0000
end_va = 0x1ecfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "setupapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui")
Region:
id = 3493
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 3494
start_va = 0x200000
end_va = 0x200fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000200000"
filename = ""
Region:
id = 3495
start_va = 0x210000
end_va = 0x28ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000210000"
filename = ""
Region:
id = 3496
start_va = 0x290000
end_va = 0x290fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000290000"
filename = ""
Region:
id = 3497
start_va = 0x2a0000
end_va = 0x2a0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002a0000"
filename = ""
Region:
id = 3498
start_va = 0x2b0000
end_va = 0x2b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002b0000"
filename = ""
Region:
id = 3499
start_va = 0x300000
end_va = 0x30ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000300000"
filename = ""
Region:
id = 3500
start_va = 0x310000
end_va = 0x40ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000310000"
filename = ""
Region:
id = 3501
start_va = 0x490000
end_va = 0x50ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000490000"
filename = ""
Region:
id = 3502
start_va = 0x510000
end_va = 0x5cffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000510000"
filename = ""
Region:
id = 3503
start_va = 0x620000
end_va = 0x69ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000620000"
filename = ""
Region:
id = 3504
start_va = 0x730000
end_va = 0x9fefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 3505
start_va = 0xa00000
end_va = 0xb87fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a00000"
filename = ""
Region:
id = 3506
start_va = 0xb90000
end_va = 0xd10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000b90000"
filename = ""
Region:
id = 3507
start_va = 0xd60000
end_va = 0xddffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d60000"
filename = ""
Region:
id = 3508
start_va = 0xdf0000
end_va = 0xdfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000df0000"
filename = ""
Region:
id = 3509
start_va = 0xe50000
end_va = 0xecffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3510
start_va = 0xef0000
end_va = 0xf6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ef0000"
filename = ""
Region:
id = 3511
start_va = 0xf90000
end_va = 0x100ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f90000"
filename = ""
Region:
id = 3512
start_va = 0x10b0000
end_va = 0x11affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010b0000"
filename = ""
Region:
id = 3513
start_va = 0x1240000
end_va = 0x12bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001240000"
filename = ""
Region:
id = 3514
start_va = 0x1310000
end_va = 0x138ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001310000"
filename = ""
Region:
id = 3515
start_va = 0x1390000
end_va = 0x140ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001390000"
filename = ""
Region:
id = 3516
start_va = 0x14a0000
end_va = 0x151ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000014a0000"
filename = ""
Region:
id = 3517
start_va = 0x1520000
end_va = 0x161ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001520000"
filename = ""
Region:
id = 3518
start_va = 0x1670000
end_va = 0x16effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001670000"
filename = ""
Region:
id = 3519
start_va = 0x1730000
end_va = 0x17affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001730000"
filename = ""
Region:
id = 3520
start_va = 0x17c0000
end_va = 0x183ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000017c0000"
filename = ""
Region:
id = 3521
start_va = 0x1850000
end_va = 0x18cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001850000"
filename = ""
Region:
id = 3522
start_va = 0x18d0000
end_va = 0x19cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000018d0000"
filename = ""
Region:
id = 3523
start_va = 0x1a20000
end_va = 0x1a9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001a20000"
filename = ""
Region:
id = 3524
start_va = 0x77740000
end_va = 0x77839fff
monitored = 0
entry_point = 0x7775a2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 3525
start_va = 0x77840000
end_va = 0x7795efff
monitored = 0
entry_point = 0x77855340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 3526
start_va = 0x77960000
end_va = 0x77b08fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 3527
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 3528
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 3529
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 3530
start_va = 0xff7c0000
end_va = 0xff7cafff
monitored = 0
entry_point = 0xff7c246c
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 3531
start_va = 0x7fef7f20000
end_va = 0x7fef7f40fff
monitored = 0
entry_point = 0x7fef7f303b0
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 3532
start_va = 0x7fef7f50000
end_va = 0x7fef7f62fff
monitored = 0
entry_point = 0x7fef7f51d80
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 3533
start_va = 0x7fef81e0000
end_va = 0x7fef8206fff
monitored = 0
entry_point = 0x7fef81e11a0
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")
Region:
id = 3534
start_va = 0x7fef8210000
end_va = 0x7fef82e2fff
monitored = 0
entry_point = 0x7fef8288b00
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 3535
start_va = 0x7fef8340000
end_va = 0x7fef8371fff
monitored = 0
entry_point = 0x7fef835ca90
region_type = mapped_file
name = "wmidcprv.dll"
filename = "\\Windows\\System32\\wbem\\WmiDcPrv.dll" (normalized: "c:\\windows\\system32\\wbem\\wmidcprv.dll")
Region:
id = 3536
start_va = 0x7fef8820000
end_va = 0x7fef8896fff
monitored = 0
entry_point = 0x7fef885e7f0
region_type = mapped_file
name = "wbemcomn2.dll"
filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll")
Region:
id = 3537
start_va = 0x7fefa8a0000
end_va = 0x7fefa8adfff
monitored = 0
entry_point = 0x7fefa8a5500
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 3538
start_va = 0x7fefb820000
end_va = 0x7fefb84cfff
monitored = 0
entry_point = 0x7fefb821010
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 3539
start_va = 0x7fefcb70000
end_va = 0x7fefcbf0fff
monitored = 0
entry_point = 0x7fefcb7cec8
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 3540
start_va = 0x7fefcc00000
end_va = 0x7fefcc0cfff
monitored = 0
entry_point = 0x7fefcc01348
region_type = mapped_file
name = "pcwum.dll"
filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll")
Region:
id = 3541
start_va = 0x7fefcc10000
end_va = 0x7fefcc3bfff
monitored = 0
entry_point = 0x7fefcc11860
region_type = mapped_file
name = "umpo.dll"
filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll")
Region:
id = 3542
start_va = 0x7fefcc40000
end_va = 0x7fefcc5afff
monitored = 0
entry_point = 0x7fefcc42068
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 3543
start_va = 0x7fefcc60000
end_va = 0x7fefcc7dfff
monitored = 0
entry_point = 0x7fefcc613b8
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 3544
start_va = 0x7fefcc80000
end_va = 0x7fefcc91fff
monitored = 0
entry_point = 0x7fefcc81060
region_type = mapped_file
name = "devrtl.dll"
filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll")
Region:
id = 3545
start_va = 0x7fefcca0000
end_va = 0x7fefccbefff
monitored = 0
entry_point = 0x7fefcca5c68
region_type = mapped_file
name = "spinf.dll"
filename = "\\Windows\\System32\\SPInf.dll" (normalized: "c:\\windows\\system32\\spinf.dll")
Region:
id = 3546
start_va = 0x7fefccc0000
end_va = 0x7fefcd26fff
monitored = 0
entry_point = 0x7fefcccd320
region_type = mapped_file
name = "umpnpmgr.dll"
filename = "\\Windows\\System32\\umpnpmgr.dll" (normalized: "c:\\windows\\system32\\umpnpmgr.dll")
Region:
id = 3547
start_va = 0x7fefcd70000
end_va = 0x7fefcd79fff
monitored = 0
entry_point = 0x7fefcd73cb8
region_type = mapped_file
name = "credssp.dll"
filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")
Region:
id = 3548
start_va = 0x7fefcea0000
end_va = 0x7fefcee6fff
monitored = 0
entry_point = 0x7fefcea1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 3549
start_va = 0x7fefd1a0000
end_va = 0x7fefd1b7fff
monitored = 0
entry_point = 0x7fefd1a3b48
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 3550
start_va = 0x7fefd2f0000
end_va = 0x7fefd311fff
monitored = 0
entry_point = 0x7fefd2f5d30
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 3551
start_va = 0x7fefd770000
end_va = 0x7fefd794fff
monitored = 0
entry_point = 0x7fefd779658
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 3552
start_va = 0x7fefd7a0000
end_va = 0x7fefd7aefff
monitored = 0
entry_point = 0x7fefd7a1010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 3553
start_va = 0x7fefd850000
end_va = 0x7fefd88cfff
monitored = 0
entry_point = 0x7fefd8518f4
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 3554
start_va = 0x7fefd890000
end_va = 0x7fefd8a3fff
monitored = 0
entry_point = 0x7fefd8910e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 3555
start_va = 0x7fefd8b0000
end_va = 0x7fefd8befff
monitored = 0
entry_point = 0x7fefd8b19b0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 3556
start_va = 0x7fefd9a0000
end_va = 0x7fefda0bfff
monitored = 0
entry_point = 0x7fefd9a2780
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 3557
start_va = 0x7fefda10000
end_va = 0x7fefda29fff
monitored = 0
entry_point = 0x7fefda11558
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 3558
start_va = 0x7fefdba0000
end_va = 0x7fefdbd5fff
monitored = 0
entry_point = 0x7fefdba1474
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 3559
start_va = 0x7fefddb0000
end_va = 0x7fefde86fff
monitored = 0
entry_point = 0x7fefddb3274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 3560
start_va = 0x7fefdf10000
end_va = 0x7fefdf1dfff
monitored = 0
entry_point = 0x7fefdf11080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 3561
start_va = 0x7fefdf20000
end_va = 0x7fefdfbefff
monitored = 0
entry_point = 0x7fefdf225a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 3562
start_va = 0x7fefdfc0000
end_va = 0x7fefe0c8fff
monitored = 0
entry_point = 0x7fefdfc1064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 3563
start_va = 0x7fefe0d0000
end_va = 0x7fefe1fcfff
monitored = 0
entry_point = 0x7fefe11ed50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 3564
start_va = 0x7fefe200000
end_va = 0x7fefe298fff
monitored = 0
entry_point = 0x7fefe201c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 3565
start_va = 0x7feff030000
end_va = 0x7feff07cfff
monitored = 0
entry_point = 0x7feff031070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 3566
start_va = 0x7feff100000
end_va = 0x7feff166fff
monitored = 0
entry_point = 0x7feff10b03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 3567
start_va = 0x7feff170000
end_va = 0x7feff24afff
monitored = 0
entry_point = 0x7feff190760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 3568
start_va = 0x7feff630000
end_va = 0x7feff64efff
monitored = 0
entry_point = 0x7feff6360e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 3569
start_va = 0x7feff650000
end_va = 0x7feff657fff
monitored = 0
entry_point = 0x7feff651504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 3570
start_va = 0x7feff660000
end_va = 0x7feff836fff
monitored = 0
entry_point = 0x7feff661010
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 3571
start_va = 0x7feff860000
end_va = 0x7feffa62fff
monitored = 0
entry_point = 0x7feff883330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 3572
start_va = 0x7feffb10000
end_va = 0x7feffb61fff
monitored = 0
entry_point = 0x7feffb110d4
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 3573
start_va = 0x7feffb70000
end_va = 0x7feffc38fff
monitored = 0
entry_point = 0x7feffbea874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 3574
start_va = 0x7feffc40000
end_va = 0x7feffc6dfff
monitored = 0
entry_point = 0x7feffc41010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 3575
start_va = 0x7feffc80000
end_va = 0x7feffc80fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 3576
start_va = 0x7fffff9c000
end_va = 0x7fffff9dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9c000"
filename = ""
Region:
id = 3577
start_va = 0x7fffff9e000
end_va = 0x7fffff9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9e000"
filename = ""
Region:
id = 3578
start_va = 0x7fffffa0000
end_va = 0x7fffffa1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa0000"
filename = ""
Region:
id = 3579
start_va = 0x7fffffa2000
end_va = 0x7fffffa3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa2000"
filename = ""
Region:
id = 3580
start_va = 0x7fffffa4000
end_va = 0x7fffffa5fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa4000"
filename = ""
Region:
id = 3581
start_va = 0x7fffffa6000
end_va = 0x7fffffa7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa6000"
filename = ""
Region:
id = 3582
start_va = 0x7fffffa8000
end_va = 0x7fffffa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa8000"
filename = ""
Region:
id = 3583
start_va = 0x7fffffaa000
end_va = 0x7fffffabfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffaa000"
filename = ""
Region:
id = 3584
start_va = 0x7fffffac000
end_va = 0x7fffffadfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffac000"
filename = ""
Region:
id = 3585
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 3586
start_va = 0x7fffffd3000
end_va = 0x7fffffd4fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd3000"
filename = ""
Region:
id = 3587
start_va = 0x7fffffd5000
end_va = 0x7fffffd6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd5000"
filename = ""
Region:
id = 3588
start_va = 0x7fffffd7000
end_va = 0x7fffffd8fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd7000"
filename = ""
Region:
id = 3589
start_va = 0x7fffffd9000
end_va = 0x7fffffdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd9000"
filename = ""
Region:
id = 3590
start_va = 0x7fffffdb000
end_va = 0x7fffffdcfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdb000"
filename = ""
Region:
id = 3591
start_va = 0x7fffffdd000
end_va = 0x7fffffdefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdd000"
filename = ""
Region:
id = 3592
start_va = 0x7fffffdf000
end_va = 0x7fffffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdf000"
filename = ""
Region:
id = 3593
start_va = 0x2c0000
end_va = 0x2cbfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002c0000"
filename = ""
Region:
id = 3602
start_va = 0x7fefd960000
end_va = 0x7fefd99afff
monitored = 0
entry_point = 0x7fefd961324
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 3603
start_va = 0x7fefda30000
end_va = 0x7fefdb9cfff
monitored = 0
entry_point = 0x7fefda310b4
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 3604
start_va = 0x7fefd950000
end_va = 0x7fefd95efff
monitored = 0
entry_point = 0x7fefd951020
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 3798
start_va = 0x7fefbc30000
end_va = 0x7fefbc40fff
monitored = 0
entry_point = 0x7fefbc31070
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 3800
start_va = 0xff5a0000
end_va = 0xff5a6fff
monitored = 0
entry_point = 0xff5a124c
region_type = mapped_file
name = "dllhost.exe"
filename = "\\Windows\\System32\\dllhost.exe" (normalized: "c:\\windows\\system32\\dllhost.exe")
Region:
id = 3878
start_va = 0x2c0000
end_va = 0x2e9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "hdaudio.pnf"
filename = "\\Windows\\inf\\hdaudio.PNF" (normalized: "c:\\windows\\inf\\hdaudio.pnf")
Region:
id = 3879
start_va = 0x2c0000
end_va = 0x2e9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "hdaudio.pnf"
filename = "\\Windows\\inf\\hdaudio.PNF" (normalized: "c:\\windows\\inf\\hdaudio.pnf")
Region:
id = 3880
start_va = 0x2c0000
end_va = 0x2e9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "hdaudio.pnf"
filename = "\\Windows\\inf\\hdaudio.PNF" (normalized: "c:\\windows\\inf\\hdaudio.pnf")
Region:
id = 3881
start_va = 0x2c0000
end_va = 0x2e9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "hdaudio.pnf"
filename = "\\Windows\\inf\\hdaudio.PNF" (normalized: "c:\\windows\\inf\\hdaudio.pnf")
Region:
id = 3882
start_va = 0x2c0000
end_va = 0x2e9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "hdaudio.pnf"
filename = "\\Windows\\inf\\hdaudio.PNF" (normalized: "c:\\windows\\inf\\hdaudio.pnf")
Thread:
id = 172
os_tid = 0x618
Thread:
id = 173
os_tid = 0x608
Thread:
id = 174
os_tid = 0x314
Thread:
id = 175
os_tid = 0x29c
Thread:
id = 176
os_tid = 0x298
Thread:
id = 177
os_tid = 0x294
Thread:
id = 178
os_tid = 0x270
Thread:
id = 179
os_tid = 0x26c
Thread:
id = 180
os_tid = 0x268
Thread:
id = 181
os_tid = 0x264
Thread:
id = 182
os_tid = 0x260
Thread:
id = 183
os_tid = 0x254
Thread:
id = 184
os_tid = 0x24c
Thread:
id = 185
os_tid = 0x248
Thread:
id = 186
os_tid = 0x240
Process:
id = "13"
image_name = "dllhost.exe"
filename = "c:\\windows\\system32\\dllhost.exe"
page_root = "0x182b8000"
os_pid = "0x49c"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "child_process"
parent_id = "12"
os_parent_pid = "0x23c"
cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}"
cur_dir = "C:\\Windows\\system32\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fab9" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 3801
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 3802
start_va = 0x30000
end_va = 0x33fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 3803
start_va = 0x150000
end_va = 0x24ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000150000"
filename = ""
Region:
id = 3804
start_va = 0x77960000
end_va = 0x77b08fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 3805
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 3806
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 3807
start_va = 0xff5a0000
end_va = 0xff5a6fff
monitored = 0
entry_point = 0xff5a124c
region_type = mapped_file
name = "dllhost.exe"
filename = "\\Windows\\System32\\dllhost.exe" (normalized: "c:\\windows\\system32\\dllhost.exe")
Region:
id = 3808
start_va = 0x7feffc80000
end_va = 0x7feffc80fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 3809
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 3810
start_va = 0x7fffffd9000
end_va = 0x7fffffd9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd9000"
filename = ""
Region:
id = 3811
start_va = 0x7fffffde000
end_va = 0x7fffffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Region:
id = 3812
start_va = 0x250000
end_va = 0x36ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000250000"
filename = ""
Region:
id = 3813
start_va = 0x77840000
end_va = 0x7795efff
monitored = 0
entry_point = 0x77855340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 3814
start_va = 0x7fefd9a0000
end_va = 0x7fefda0bfff
monitored = 0
entry_point = 0x7fefd9a2780
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 3815
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 3816
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 3817
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 3818
start_va = 0x40000
end_va = 0xa6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 3819
start_va = 0x7fefdf20000
end_va = 0x7fefdfbefff
monitored = 0
entry_point = 0x7fefdf225a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 3820
start_va = 0x7feff860000
end_va = 0x7feffa62fff
monitored = 0
entry_point = 0x7feff883330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 3821
start_va = 0x7feff100000
end_va = 0x7feff166fff
monitored = 0
entry_point = 0x7feff10b03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 3822
start_va = 0x77740000
end_va = 0x77839fff
monitored = 0
entry_point = 0x7775a2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 3823
start_va = 0x7fefdf10000
end_va = 0x7fefdf1dfff
monitored = 0
entry_point = 0x7fefdf11080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 3824
start_va = 0x7feffb70000
end_va = 0x7feffc38fff
monitored = 0
entry_point = 0x7feffbea874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 3825
start_va = 0x7fefe0d0000
end_va = 0x7fefe1fcfff
monitored = 0
entry_point = 0x7fefe11ed50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 3826
start_va = 0xb0000
end_va = 0xeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000b0000"
filename = ""
Region:
id = 3827
start_va = 0x370000
end_va = 0x46ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000370000"
filename = ""
Region:
id = 3828
start_va = 0x470000
end_va = 0x5f7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000470000"
filename = ""
Region:
id = 3829
start_va = 0xb0000
end_va = 0xd8fff
monitored = 0
entry_point = 0xb1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 3830
start_va = 0xe0000
end_va = 0xeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000e0000"
filename = ""
Region:
id = 3831
start_va = 0xb0000
end_va = 0xd8fff
monitored = 0
entry_point = 0xb1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 3832
start_va = 0x7feffc40000
end_va = 0x7feffc6dfff
monitored = 0
entry_point = 0x7feffc41010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 3833
start_va = 0x7fefdfc0000
end_va = 0x7fefe0c8fff
monitored = 0
entry_point = 0x7fefdfc1064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 3834
start_va = 0x600000
end_va = 0x780fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000600000"
filename = ""
Region:
id = 3835
start_va = 0x790000
end_va = 0x1b8ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000790000"
filename = ""
Region:
id = 3836
start_va = 0x20000
end_va = 0x20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 3837
start_va = 0xb0000
end_va = 0xb0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000b0000"
filename = ""
Region:
id = 3838
start_va = 0x1b90000
end_va = 0x1c0cfff
monitored = 0
entry_point = 0x1b9cec8
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 3839
start_va = 0x1b90000
end_va = 0x1c0cfff
monitored = 0
entry_point = 0x1b9cec8
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 3840
start_va = 0x7fefd7a0000
end_va = 0x7fefd7aefff
monitored = 0
entry_point = 0x7fefd7a1010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 3841
start_va = 0xc0000
end_va = 0xc0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 3842
start_va = 0x7fefe200000
end_va = 0x7fefe298fff
monitored = 0
entry_point = 0x7fefe201c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 3843
start_va = 0x7feff170000
end_va = 0x7feff24afff
monitored = 0
entry_point = 0x7feff190760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 3844
start_va = 0x7feff630000
end_va = 0x7feff64efff
monitored = 0
entry_point = 0x7feff6360e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 3845
start_va = 0x7fefddb0000
end_va = 0x7fefde86fff
monitored = 0
entry_point = 0x7fefddb3274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 3846
start_va = 0xd0000
end_va = 0xd0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 3847
start_va = 0x1c70000
end_va = 0x1d6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001c70000"
filename = ""
Region:
id = 3848
start_va = 0x7fffffdc000
end_va = 0x7fffffddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdc000"
filename = ""
Region:
id = 3849
start_va = 0x1d90000
end_va = 0x1e8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001d90000"
filename = ""
Region:
id = 3850
start_va = 0x7fffffda000
end_va = 0x7fffffdbfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffda000"
filename = ""
Region:
id = 3851
start_va = 0x7fefd1a0000
end_va = 0x7fefd1b7fff
monitored = 0
entry_point = 0x7fefd1a3b48
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 3852
start_va = 0xf0000
end_va = 0x134fff
monitored = 0
entry_point = 0xf1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 3853
start_va = 0xf0000
end_va = 0x134fff
monitored = 0
entry_point = 0xf1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 3854
start_va = 0xf0000
end_va = 0x134fff
monitored = 0
entry_point = 0xf1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 3855
start_va = 0xf0000
end_va = 0x134fff
monitored = 0
entry_point = 0xf1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 3856
start_va = 0xf0000
end_va = 0x134fff
monitored = 0
entry_point = 0xf1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 3857
start_va = 0x7fefcea0000
end_va = 0x7fefcee6fff
monitored = 0
entry_point = 0x7fefcea1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 3858
start_va = 0x1e90000
end_va = 0x215efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 3859
start_va = 0x7fefd890000
end_va = 0x7fefd8a3fff
monitored = 0
entry_point = 0x7fefd8910e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 3860
start_va = 0x21c0000
end_va = 0x22bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021c0000"
filename = ""
Region:
id = 3861
start_va = 0x7fffffd7000
end_va = 0x7fffffd8fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd7000"
filename = ""
Region:
id = 3862
start_va = 0x2320000
end_va = 0x241ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002320000"
filename = ""
Region:
id = 3863
start_va = 0x25e0000
end_va = 0x26dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000025e0000"
filename = ""
Region:
id = 3864
start_va = 0x7fffffd3000
end_va = 0x7fffffd4fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd3000"
filename = ""
Region:
id = 3865
start_va = 0x7fffffd5000
end_va = 0x7fffffd6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd5000"
filename = ""
Region:
id = 3866
start_va = 0x7fefc200000
end_va = 0x7fefc255fff
monitored = 0
entry_point = 0x7fefc20bbc0
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 3867
start_va = 0x1b90000
end_va = 0x1c0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001b90000"
filename = ""
Region:
id = 3868
start_va = 0x2420000
end_va = 0x24fefff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002420000"
filename = ""
Region:
id = 3869
start_va = 0x7fef5140000
end_va = 0x7fef515efff
monitored = 0
entry_point = 0x7fef51457b8
region_type = mapped_file
name = "thumbcache.dll"
filename = "\\Windows\\System32\\thumbcache.dll" (normalized: "c:\\windows\\system32\\thumbcache.dll")
Region:
id = 3870
start_va = 0x7fefe2a0000
end_va = 0x7feff027fff
monitored = 0
entry_point = 0x7fefe31cebc
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 3871
start_va = 0x7feff080000
end_va = 0x7feff0f0fff
monitored = 0
entry_point = 0x7feff091e20
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 3872
start_va = 0x7fef4ec0000
end_va = 0x7fef4f5ffff
monitored = 0
entry_point = 0x7fef4f3eb20
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll")
Region:
id = 3873
start_va = 0x77b30000
end_va = 0x77b36fff
monitored = 0
entry_point = 0x77b3106c
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")
Region:
id = 3874
start_va = 0x7fefc260000
end_va = 0x7fefc38bfff
monitored = 0
entry_point = 0x7fefc2694bc
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 3875
start_va = 0x26e0000
end_va = 0x286ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000026e0000"
filename = ""
Region:
id = 3876
start_va = 0x26e0000
end_va = 0x27dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000026e0000"
filename = ""
Region:
id = 3877
start_va = 0x2860000
end_va = 0x286ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002860000"
filename = ""
Region:
id = 3883
start_va = 0x7fef5910000
end_va = 0x7fef59fdfff
monitored = 0
entry_point = 0x7fef59112a0
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 3884
start_va = 0xf0000
end_va = 0xf0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000f0000"
filename = ""
Region:
id = 3885
start_va = 0x100000
end_va = 0x101fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000100000"
filename = ""
Region:
id = 3886
start_va = 0x7fefc3e0000
end_va = 0x7fefc5d3fff
monitored = 0
entry_point = 0x7fefc56c924
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll")
Region:
id = 3887
start_va = 0x110000
end_va = 0x110fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 3888
start_va = 0x120000
end_va = 0x121fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000120000"
filename = ""
Region:
id = 3889
start_va = 0x7fefb820000
end_va = 0x7fefb84cfff
monitored = 0
entry_point = 0x7fefb821010
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 3890
start_va = 0x7feffb10000
end_va = 0x7feffb61fff
monitored = 0
entry_point = 0x7feffb110d4
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 3891
start_va = 0x110000
end_va = 0x113fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.1.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db")
Region:
id = 3892
start_va = 0x130000
end_va = 0x146fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db")
Region:
id = 3893
start_va = 0x250000
end_va = 0x250fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000250000"
filename = ""
Region:
id = 3894
start_va = 0x270000
end_va = 0x36ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 3895
start_va = 0x7feff660000
end_va = 0x7feff836fff
monitored = 0
entry_point = 0x7feff661010
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 3896
start_va = 0x7fefdba0000
end_va = 0x7fefdbd5fff
monitored = 0
entry_point = 0x7fefdba1474
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 3897
start_va = 0x7fefda10000
end_va = 0x7fefda29fff
monitored = 0
entry_point = 0x7fefda11558
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 3898
start_va = 0x260000
end_va = 0x26cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "setupapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui")
Region:
id = 3899
start_va = 0x2870000
end_va = 0x2970fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002870000"
filename = ""
Region:
id = 3900
start_va = 0x2870000
end_va = 0x2970fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002870000"
filename = ""
Region:
id = 3901
start_va = 0x2870000
end_va = 0x2970fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002870000"
filename = ""
Region:
id = 3902
start_va = 0x2870000
end_va = 0x2970fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002870000"
filename = ""
Region:
id = 3903
start_va = 0x2870000
end_va = 0x2970fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002870000"
filename = ""
Region:
id = 3904
start_va = 0x2870000
end_va = 0x2970fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002870000"
filename = ""
Region:
id = 3905
start_va = 0x2870000
end_va = 0x2970fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002870000"
filename = ""
Region:
id = 3906
start_va = 0x2870000
end_va = 0x2970fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002870000"
filename = ""
Region:
id = 3907
start_va = 0x2870000
end_va = 0x2970fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002870000"
filename = ""
Region:
id = 3908
start_va = 0x2870000
end_va = 0x2970fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002870000"
filename = ""
Region:
id = 3909
start_va = 0x2870000
end_va = 0x2970fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002870000"
filename = ""
Region:
id = 3910
start_va = 0x2870000
end_va = 0x2970fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002870000"
filename = ""
Region:
id = 3911
start_va = 0x2870000
end_va = 0x2970fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002870000"
filename = ""
Region:
id = 3912
start_va = 0x2870000
end_va = 0x2970fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002870000"
filename = ""
Region:
id = 3913
start_va = 0x2870000
end_va = 0x2970fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002870000"
filename = ""
Region:
id = 3914
start_va = 0x2890000
end_va = 0x298ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002890000"
filename = ""
Region:
id = 3915
start_va = 0x7fef8bc0000
end_va = 0x7fef8c16fff
monitored = 0
entry_point = 0x7fef8bc1118
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")
Region:
id = 3916
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Region:
id = 3917
start_va = 0x7fef4930000
end_va = 0x7fef4d20fff
monitored = 0
entry_point = 0x7fef4abd21c
region_type = mapped_file
name = "mf.dll"
filename = "\\Windows\\System32\\mf.dll" (normalized: "c:\\windows\\system32\\mf.dll")
Thread:
id = 192
os_tid = 0x4bc
Thread:
id = 193
os_tid = 0x4ac
Thread:
id = 194
os_tid = 0x488
Thread:
id = 195
os_tid = 0x484
Thread:
id = 196
os_tid = 0x4a4
Thread:
id = 197
os_tid = 0x360
Thread:
id = 198
os_tid = 0x4e8
Thread:
id = 199
os_tid = 0x4f4